Computer, Information and Network Security (CNS)

Menu

CNS 228 | LEGAL, ETHICAL AND SOCIAL ISSUES IN INFORMATION SECURITY | 4 quarter hours

(Undergraduate)

This course is designed to acquaint students with electronic privacy, security and ethics. Students will gain an understanding of information ethics, existing and emerging cyber-laws, organizational liability issues, and explore several Codes of Ethics. Students will learn about real and potential security issues, steps that can be taken to create environments of trust, how to evaluate the strengths and weaknesses of a firm's information resource environment, and risk management and operation feasibility issues. Formerly CNS 330.

CNS 320 | COMPUTER FORENSIC AND INCIDENT RESPONSE | 4 quarter hours

(Undergraduate)

Introduction to the topics of computer forensic, computer crimes, response to security incidents, Cybercrime investigation and prosecution. Students will learn how an organization can setup a security response team, prepare for Security incidents and manage these incidents. PREREQUISITE(S): CNS 378 or CSC 374.

CNS 378 or CSC 374 is a prerequisite for this class

CNS 340 | FUNDAMENTALS OF INFORMATION ASSURANCE | 4 quarter hours

(Undergraduate)

This course is a survey of the fundamental elements of computer security and information assurance. Topics may include confidentiality, integrity, and availability; security policies; authentication; access control; risk management; threat and vulnerability assessment; common attack/defense methods; ethical issues. Formerly CSC 390.

CNS 342 | CYBERSECURITY OPERATIONS | 4 quarter hours

(Undergraduate)

The Cybersecurity Operations course presents the knowledge and skills needed for a Security Analyst in a typical Security Operations Center environment. The course covers the core security skills needed for monitoring, detecting, investigating, analyzing and responding to security events. Extensive laboratory exercises are included to apply knowledge learned in the lectures and allow the students to implement typical SOC tools. In addition to technologies, the course will also cover cybersecurity operations network principles, roles and responsibilities as well as the related technologies, tools, regulations and security frameworks.

CNS 345 | HUMAN-CENTERED CYBERSECURITY | 4 quarter hours

(Undergraduate)

A survey of behavioral theories relevant in cybersecurity context. Topics include economic theories of decision making, heuristics, biases, and bounded rationality, signal detection theory, mental models, social engineering, game theory, information search, and cognitive engineering. Students work on term paper describing potential application(s) of a theory of their choice in cybersecurity context. PREREQUISITE(S): IT 263 or CSC 242.

CNS 355 | PHYSICAL AND IT SECURITY CONVERGENCE | 4 quarter hours

(Undergraduate)

This course introduces students to the fundamental processes associated with the Physical Security discipline. This course will present the convergence of IT Security and Corporate Physical Security, focusing on where convergence takes place - at the technology, process and function level. Students will look at real-world illustrations of implementation and analyze perceived efficiencies and cost-savings. This course is designed for students who desire to understand physical and IT security in the framework of Enterprise Risk Management.

CNS 366 | CRITICAL INFRASTRUCTURE AND CONTROL SYSTEMS CYBERSECURITY | 4 quarter hours

(Undergraduate)

This course is an introduction to the cybersecurity challenges for control systems present in industry, homes and traditional businesses such as manufacturing. Topics covered include the design and setup of Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controller (PLC) systems. As these systems are typically designed without any intrinsic security mechanism, we will study the challenges of protecting them and how to employ a defense-in-depth methodology to secure them. This class will focus on the security risks of critical infrastructure systems (such as Electrical, Pipelines, Water/Wastewater and transportation) and methods to protect them. PREREQUISITE(S): CNS 340 or TDC 377 or IT 263.

CNS 378 | HOST BASED SECURITY | 4 quarter hours

(Undergraduate)

Principles of host based security. Review of security methods used to ensure the confidentiality, integrity, and availability of the information stored on a host. The class will cover OS configuration, access control, anti-malware, public facing application security, host-based intrusion detection/prevention, host-based firewalls and audit & compliance. Course includes laboratory work with both the Linux and Windows operating systems. PREREQUISITE(S): CSC 374 or TDC 311 or IT 373.

CSC 374 or TDC 311 or IT 373 is a prerequisite for this class.

CNS 380 | ADVANCED CYBERSECURITY AUTOMATION | 4 quarter hours

(Undergraduate)

This hands-on course will introduce students to real world exercises and scenarios. Students will create tools to perform automation, monitoring, red and blue team operations. Techniques will be applied to topics such as operating systems, infrastructure hardening, virtualization, sandboxing, incident response, and web applications. PREREQUISITE(S): (CSC 242 or CSC 243) and (CNS 378 or CSC 374 or CSC 282)

CNS 388 | SECURITY TESTING AND ASSESSMENT | 4 quarter hours

(Undergraduate)

Vulnerability assessment and ethical security testing; review of ethical concerns and legal issues associated with security testing activities; study and analysis of the defensive mechanisms used to mitigate such threats. There will be extensive hands-on laboratory exercises. PREREQUISITE(S): CSC 374 or TDC 377.

CSC 374 or TDC 377 is a prerequisite for this class

CNS 389 | CYBER DEFENSE EXERCISES AND ATTACK RESPONSES | 4 quarter hours

(Undergraduate)

This is a hands-on, lab based applied security course in which students will work in teams to defend against cyber-attacks and implement services in a hostile cyber environment. Most activities will be derived from Cyber Dense and Cyber League competitions and will prepare students to participate and excel in these competitions. This course is open to all students, including students inexperienced in Cyber Defense competitions. Repeat enrollment is encouraged. PREREQUISITE(S) CNS 378 or CSC 374.

CNS 378 or CSC 374 is a prerequisite for this class

CNS 390 | VULNERABILITY ASSESSMENT FOR COMMUNITY-BASED ORGANIZATIONS | 4 quarter hours

(Undergraduate)

This service learning course prepares students with real-world experience by partnering with a non-profit, community-based organization to identify information security vulnerabilities and propose recommendations that improve the organization's security and privacy practices. Within the context of an assigned community-based organization, students will work in teams to conduct a vulnerability assessment; identify and propose cost-effective safeguards that may be administrative, technical, or physical; define a plan to test, monitor, and train system users on recommended security safeguards, and; document project deliverables for the organization's management. The course emphasizes hands-on exercises and student reflection on a community-based term project. PREREQUISITIE(S): CNS 340.

CNS 394 | INFORMATION SYSTEMS SECURITY ENGINEERING I | 4 quarter hours

(Undergraduate)

This course requires students to apply Information System Security Engineering methods and processes to design, document and implement comprehensive security infrastructures in realistic scenarios. Students will work in teams through the entire life cycle of a Security infrastructure project from needs discovery, threat assessment, architecture design, implementation, effectiveness assessment and auditing. The course is designed to span two quarters. In this first quarter, students will learn the Information Systems Security Engineering process and perform asset identification, threat assessment and system requirement specification. PREREQUISITE(S): CNS 378 (formerly IT 378) and TDC 377 and TDC 379.

CNS 378 and TDC 377 and TDC 379 are prerequisites for this course.

CNS 395 | INFORMATION SYSTEMS SECURITY ENGINEERING II | 4 quarter hours

(Undergraduate)

This senior project capstone course requires students to apply Information System Security Engineering methods and processes to perform the design and implementation of Information Systems Security infrastructures. The human and sociological impacts of Information Security will be studied with a particular focus on privacy issues, ethical use of Security tools and cultural and legal difference that exist in a globally connected but diverse world. PREREQUISITE(S): CNS 394.

CNS 394 is a prerequisite for this class.

CNS 397 | TOPICS IN COMPUTER, INFORMATION AND NETWORK SECURITY | 1-4 quarter hours

(Undergraduate)

May be repeated for credit. (1 quarter hour)

CNS 399 | INDEPENDENT STUDY | 1-8 quarter hours

(Undergraduate)

Variable credit. PREREQUISITE(S): Consent of dean. (variable credit)

CNS 418 | INTRODUCTION TO HOST SECURITY | 4 quarter hours

(Graduate)

Principles of host based security. Review of security methods used to ensure the confidentiality, integrity, and availability of the information stored on a host. The class will cover OS configuration, access control, anti-malware, public facing application security, host-based intrusion detection/prevention, host-based firewalls and audit & compliance. Course includes laboratory work with both the Linux and Windows operating systems. PREREQUISITE(S): TDC 411.

TDC 411 is a prerequisite for this class.

CNS 440 | INFORMATION SECURITY MANAGEMENT | 4 quarter hours

(Graduate)

Survey of information security management as it applies to information systems analysis, design, and operations. Managing information assets and the security infrastructure. Emphasis on managing security-related risk, as well as the process of developing, implementing, and maintaining organizational policies, standards, procedures, and guidelines. Identifying and evaluating information assets, threats, and vulnerabilities. Quantitative and qualitative risk analysis, risk mitigation, residual risk, and risk treatment as they relate to information security. Topics include information security vulnerabilities, threats, and risk management; security policies and standards; security audits; access controls; network perimeter protection, data protection; physical security; security education training and awareness. Introduction to compliance, as well as the CISSP domains. PREREQUISITE(S): None.

CNS 445 | HUMAN-CENTERED CYBERSECURITY | 4 quarter hours

(Graduate)

Application of behavioral theories in cybersecurity context. Topics include economic theories of decision making, heuristics, biases, and bounded rationality, signal detection theory, mental models, social engineering, game theory, information search, and cognitive engineering. Students work on an individual project applying one of these theories to a practical cybersecurity scenario of their choice. PREREQUISITE(S): CNS 440.

CNS 446 | SECURE DESIGN | 4 quarter hours

(Graduate)

Secure design is a cross-disciplinary approach to cybersecurity and user-centered design. The course includes hands-on, interactive activities focused on secure designs for Internet-of-Things (IoT) technologies. Topics include: principles of visual design, user-centered design, mental models, heuristics, bounded rationality, applied cybersecurity, prototyping, and usability testing. Students will work on a class long project that will employ the principles of secure design to develop a secure yet usable prototype of an IoT device.

CNS 450 | DIGITAL FORENSIC TECHNIQUES | 4 quarter hours

(Graduate)

This course focuses on the forensic acquisition, analysis and presentation of data from computer systems. This course covers: preservation and interpretation of evidence; forensic imaging; file systems and data recovery; Windows registry forensics; internet history and social media analysis; mobile device forensics; timeline analysis; incident response and writing expert reports and testimony. PREREQUISITE(S): CSC 407 or CNS 418.

CSC 407 or CNS 418 is a prerequisite for this class.

CNS 455 | PHYSICAL AND IT SECURITY CONVERGENCE | 4 quarter hours

(Graduate)

This course introduces students to the fundamental processes associated with the Physical Security discipline. This course will present the convergence of IT Security and Corporate Physical Security, focusing on where convergence takes place - at the technology, process and function level. Students will look at real-world illustrations of implementation and analyze perceived efficiencies and cost-savings. This course is designed for students who desire to understand physical and IT security in the framework of Enterprise Risk Management. PREREQUISITE(S): None.

CNS 466 | CRITICAL INFRASTRUCTURE AND CONTROL SYSTEMS CYBERSECURITY | 4 quarter hours

(Graduate)

This course is an introduction to the cybersecurity challenges for control systems present in industry, homes and traditional businesses such as manufacturing. Topics covered include the design and setup of Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controller (PLC) systems. As these systems are typically designed without any intrinsic security mechanism, we will study the challenges of protecting them and how to employ a defense-in-depth methodology to secure them. This class will focus on the security risks of critical infrastructure systems (such as Electrical, Pipelines, Water/Wastewater and transportation) and methods to protect them. PREREQUISITE(S): CNS 440 or TDC 477.

CNS 440 or TDC 477 is a prerequisite for this class.

CNS 477 | GOVERNANCE POLICIES IN INFORMATION ASSURANCE | 4 quarter hours

(Graduate)

This course focuses on assessment of business risks arising from information security and privacy issues, as well as the creation and implementation of policies that ensure compliance with laws and industry standards. It is a complement to IS 482, which focuses on the legal standards to which people and organizations are held under laws and regulations that concern computing and information technology. Legal issues arising under information security and control frameworks, such as COBIT and IS017799, are considered. Topics include privacy laws, payment card industry standards, information security measures mandated by select federal statues (e.g., HIPAA, Gramm-Leach-Bliley and Sarbanes-Oxley), data breach notification, governance and policy development, e-discovery, contracts, intellectual property, and security risk assessments. PREREQUISITE(S): CNS 440.

CNS 440 is a prerequisite for this class.

CNS 488 | SECURITY TESTING AND ASSESSMENT | 4 quarter hours

(Graduate)

Methodologies and tools for performing vulnerability testing; management of security testing initiatives and activities; review of the different types of assessments, legal issues, ethical concerns. Defensive mechanisms to mitigate the risks illustrated by the assessment using Defense-In-Depth architectures. Concepts illustrated using hands-on lab exercises. PREREQUISITE(S): CSC 407 or TDC 477.

CSC 407 or TDC 477 is a prerequisite for this class

CNS 489 | ADVANCED CYBER ATTACK RESPONSES AND DEFENSES | 4 quarter hours

(Graduate)

This lab-based applied security course introduces students to advanced cyber defense and cyber-attack response. Students manage an organize teams to defend against cyber-attacks and implement services in a hostile cyber environment. Most activities will be derived from Cyber Defense and Cyber League competitions and will prepare students to participate and excel in these competitions. This course is open to all students, including students inexperienced in Cyber Defense competitions. Repeat enrollment is encouraged. PREREQUISITE(S): CSC 407 or CNS 418.

CSC 407 or CNS 418 is a prerequisite for this class.

CNS 490 | INFORMATION SECURITY RISK ASSESSMENT FOR NON-PROFIT ORGANIZATIONS | 4 quarter hours

(Graduate)

Students taking this course will gain real-world experience by partnering with a non-profit, community-based organization to assess information security needs and propose recommendations that improve the organization's security and privacy practices. Within the context of an assigned non-profit organization, students will work in teams to conduct a security risk assessment using industry standards as guidance; write a formal risk assessment report for the organization's management; identify and propose cost-effective security safeguards that may consist of security policies, technologies, or procedures; define a plan to test, monitor, and train system users on recommended security safeguards. PREREQUISITE(S): CNS 440.

CNS 440 is a prerequisite for this class.

CNS 533 | ENTERPRISE SECURITY INFRASTRUCTURE CONTROLS AND REGULATORY COMPLIANCE | 4 quarter hours

(Graduate)

Design, implementation, support and management of control methods in enterprise environments. Focus is on how these controls can help organizations achieve regulatory compliance. Review of Sarbanes-Oxley and its impact on IT systems. Detailed study of how risk assessment methods, information security program management and ERP systems can be used to fulfill regulatory and legal requirements. Control Objectives for Information and related Technology (COBIT) guidelines and best practices for SOX compliance. Security management standards (ISO 17799, BS 7799 and ISO 27001) . PREREQUISITE(S): CNS 440.

CNS 440 is a prerequisite for this class.

CNS 587 | INFORMATION SECURITY GOVERNANCE | 4 quarter hours

(Graduate)

In this course, students apply their knowledge of information security and regulatory compliance to analysis and evaluation of governance, risk management, and compliance problems. Students will learn the meaning of IT governance by examining the differences between governance and management; gaining hands-on application of industry governance frameworks; evaluating an information security program; defining incidence response policy; assessing risk; and defining regulatory compliance strategy. Students will discover how good information security governance adds value to an organization. PREREQUISITE(S): CNS 477 and (IS 444 or CNS 490 or CNS 533 or CSC 439 or TDC 577)

CNS 477 and (IS 444 or CNS 490 or CNS 533 or CSC 439 or TDC 577) are prerequisites for this class.

CNS 594 | COMPUTER INFORMATION AND NETWORK SECURITY CAPSTONE | 4 quarter hours

(Graduate)

Design, setup and configuration of realistic enterprise computing and networking environments. Securing the infrastructure and integration of different services and technology in efficient, secured and redundant manners. Technologies will include: open-source and commercial products, firewalls, Virtual Private Networks (VPNs), authentication systems, Intrusion Detection Systems (IDS), advanced routing mechanisms (OSPF, BGP, IS-IS), highly redundant and robust networking. PREREQUISITE(S): TDC 477 or CNS 533.

TDC 477 or CNS 533 is a prerequisite for this class.

CNS 597 | TOPICS IN COMPUTER INFORMATION AND NETWORK SECURITY | 1-4 quarter hours

(Graduate)

Specific topics will be selected by the instructor and may vary with each quarter. Can be repeated for credit. Variable credit. PREREQUISITE(S): For specific prerequisites, see syllabus or consult course instructor. (variable credit)

CNS 599 | INDEPENDENT STUDY | 1-4 quarter hours

(Graduate)

Independent study supervised by an instructor. Independent study form required. Can be repeated for credit. Variable Credit. PREREQUISITE(S): None. (variable credit)