Course Description
This course introduces students to the knowledge and skills on identifying, acknowledging, assessing, mitigating, and managing various vulnerabilities that pose a threat to the organization’s network and data in general. Topics include various types of vulnerabilities – injection, broken authentication and session management, broken access control, cross-site scripting (XSS), security misconfiguration, sensitive data exposure, insufficient attack, site request forgery (CSRF), using components with known vulnerabilities, and unprotected APIs, to name a few. Students will gain theoretical and hands-on experience in identifying and mitigating vulnerabilities, develop recovery policies and procedures to guide safe return to normal state, define accountability and responsibility, and work with security auditing processes to protect the data and network of the organization. This course is suitable for students who would like to gain overall knowledge on identifying and managing vulnerabilities and exploits associated with computer networks.
Course Content
- Cybersecurity threats and attack vectors
- Existing cybersecurity security protocols
- Security Posture Analysis
- Vulnerability Assessment
- Cybersecurity controls
- Cybersecurity attacks detection
- Cybersecurity attacks prevention
- Tools and systems that are used to strengthen and improve cybersecurity
- Cybersecurity policy development
Learning Activities
The methods of instruction for this course will include lectures, seminars, demonstrations, and hands-on assignments/projects.
Means of Assessment
Assesment will be in accordance with the ÁñÁ«ÊÓƵ Evaluation Policy.
|
Assignments and labs
|
15% - 20%
|
|
Quizzes
|
15% - 20%
|
|
Midterm exam *
|
25% - 30%
|
|
Final Exam *
|
25% - 30%
|
|
Total
|
100%
|
* Practical hands-on computer exam
In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).
Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the ÁñÁ«ÊÓƵ Research Ethics Board prior to conducting the research.
Learning Outcomes
At the end of this course, the successful student will be able to:
- Identify the current vulnerabilities and threats in the cyberworld.
- Demonstrate the knowledge on the current exploits and their impact to confidentiality, integrity, and availability of data.
- Conduct a security posture analysis that includes a vulnerability assessment of current systems or organizations.
- Apply the risk management framework in securing computer systems.
- Use latest techniques and tools in securing computer systems.
- Design policies and standard operating procedures that will help prevent and/or mitigate vulnerabilities and exploits to the computer systems.
- Analyze ways to safely return to a normal state after an exploit.
- Define accountability and responsibility to protect the computer system.
Textbook Materials
The course will utilize various resources that discuss cybersecurity vulnerabilities such as the Open Web Application Security Project (OWASP), Information Security Management Controls, Certified Ethical Hacking and other relevant sources. Materials may also include instructor provided notes and resources and/or any textbook approved by the department.