M.S. in Cybersecurity Program Information

This course covers the fundamentals of security in the enterprise environment. Included are coverage of risks and vulnerabilities, threat modeling, policy formation, controls and protection methods, encryption and authentication technologies, network security, cryptography, personnel and physical security issues, as well as ethical and legal issues. This foundational course serves as an introduction to many of the subsequent topics discussed in depth in later security courses. Note, this course has proctored exam(s). This exam requires additional technology, if student uses online proctoring.

Today, software is at the heart of the business processes of nearly every business from finance to manufacturing. Software pervades everyday life in expected places like phones and computers but also in places that you may not consider such as toasters, thermostats, automobiles, and even light bulbs. Security flaws in software can have impacts ranging from inconvenient to damaging and even catastrophic when it involves life-critical systems. How can software be designed and built to minimize the presence of flaws or mitigate their impacts? This course focuses on software development processes that identify, model, and mitigate threats to all kinds of software. Topics include threat modeling frameworks, attack trees, attack libraries, defensive tactics, secure software development lifecycle, web, cloud, and human factors.

When audits, technology, or compliance become the driver for security initiatives the resulting program is strategically fragmented, reactive, and rigid. Moreover, there are few, if any, assurances that the biggest threats are being addressed. On the other hand, risk assessment places values on assets, evaluates the current controls, and provides data to improve the protection in a controlled, proactive, and flexible manner. This course teaches an approach to security that combines operational security, risk assessment, test and review and mitigation such that value can be demonstrated. A project-based approach to risk assessment is followed including, project definition and preparation, data gathering, technical information, physical data gathering, analysis, mitigation, recommendations, and reporting. Note, this course has proctored exam(s).

The cryptographic primitives of enciphering/deciphering and hashing are the two main methods of preserving confidentiality and integrity of data at rest and in transit. As such, the study of cryptographic techniques is of primary interest to security practitioners. This course will cover the important principles in historical and modern cryptography including the underlying information theory, mathematics, and randomness. Important technologies such as stream and block ciphers, symmetric and asymmetric cryptography, public key infrastructure, and key exchange will be explored. Finally, hashing and message authentication codes will be examined as a way of preserving data integrity.

Networks connecting disparate devices, services, and users have been among the most ubiquitous technologies that have led to the spectacular economic and technical success of the Internet. Today, networks seem to disappear, only to receive attention when they fail or are breached by attackers. While firewalls and virtual private networks are mainstays of network security, a strategy built on these alone is insufficient. This course covers a more comprehensive and systematic approach to network security including monitoring, incident response, forensics, virtualization and cloud, secure protocols, cryptography, and web services

The prevalence of data breaches, identity theft, and the dark net today makes the study of digital cybercrime, ethics, and compliance highly relevant to information security. Laws related to intellectual property, privacy, and criminal and civil proceedings will be discussed. Ethical behavior and frameworks for navigating between customer and business concerns in the workplace are also emphasized.

When most people think of information security the images that come to mind are those of hackers: secretive people who, for political or profit motives, illegally break into computer systems to steal data or cause mayhem. While that kind of criminal element does exist, ethical hackers provide a needed service to organizations seeking to test and refine their security plans and technologies. This course takes an in-depth approach to ethical hacking including reconnaissance, scanning, vulnerability analysis, exploitation, and reporting. Students will employ current tools and methods in a hands-on approach that also prepares them for the Certified Ethical Hacker (CEH) exam. Note, this course has proctored exam(s).

As organizations have fallen victim to the proliferation of cyberattacks in recent years, many have responded reactively, thereby developing a posture that "wins the previous war." However, regulations and laws are now necessitating a more proactive stance. Organizations that can develop an effective security strategy stand to gain as they balance business with security. This course is about leading organizations in developing an effective information security program via policies, frameworks, architecture, standards, organizational hierarchies, controls and metrics with the end goal being a proactive security posture tailored to the specific business needs.

This course, the final one in the program, challenges students to research a current topic of interest in information security and produce an original paper and presentation on the topic. Alternately, students may complete a capstone project in which they engage a real-world client for the purpose of security assessment, governance, audit, testing, risk analysis, or remediation. The course will also cover current and emerging issues in information security and privacy. Complete course in final term of program.

This course covers fundamental programming principles. Students will learn about the basic elements of a computer program, such as data types, assignments, conditional branching, loops, functions, recursion, basic data structures, program debugging, and testing.

This course introduces programming to individuals with little or no programming background. The goal of this course is to introduce the fundamentals of structured programming, problem solving, algorithm design, and software lifecycle. Topics will include testing, data types, operations, repetition and selection control structures, functions and procedures, arrays, and top down stepwise refinement. Students will design, code, test, debug, and document programs in a relevant programming language.

This course provides an introduction to software construction using an object-oriented approach. The student learns and reflects on problem analysis, object-oriented design, implementation, and testing. To support the concepts and principles of software construction, the student will design, code, test, debug, and document programs using the Java programming language. Basic data types, control structures, methods, and classes are used as the building blocks for reusable software components. Automated unit testing, programming style, and industrial practice are emphasized in addition to the object-oriented techniques of abstraction, encapsulation, and composition. Note, this course has proctored exam(s).

This course will provide the knowledge and hands-on skills necessary for the function, design, administration, and implementation of computer networks and basic administration of the Linux operating system. The first half of the course covers the fundamentals of computer networks, OSI networking model, TCP/IP protocol suite, fundamental protocols, wireless networks, virtualization, cloud computing, monitoring, and troubleshooting. The second half covers Linux operating system concepts, including installation, package, file, process, disk & user management, logging, and system security.