School of Cybersecurity

This course focuses on cybersecurity theory, information protection and assurance, and computer systems and networks security. The objectives are to understand the basic security models and concepts, learn fundamental knowledge and tools for building, analyzing, and attacking modern security systems, and gain hands-on experience in cryptographic algorithms, security fundamental principles, and Internet security protocol and standards. (Offered fall)

Cyber Physical Systems (CPS) integrate computing, networking, and physical processes. The objectives of this course are to learn the basic concepts, technologies and applications of CPS, understand the fundamental CPS security challenges and national security impact, and gain hands-on experience in CPS infrastructures, critical vulnerabilities, and practical countermeasures.

This course introduces the concepts and technologies of machine learning with a focus on applications related to cybersecurity. The objectives are to learn fundamental knowledge and practical experience and identify the use case of machine learning techniques in cybersecurity. The course will discuss traditional and advanced machine learning techniques, e.g., neural network, deep convolutional neural network, generative adversarial network, and transfer learning algorithms. Students will engage in oral and written communication by reporting and presenting the materials of the course project.

This course explores cybersecurity policy and strategy and introduces students to the essentials of strategy development and policy making in cybersecurity. Topics considered include planning principles in cyber strategy; risk management and cybersecurity policy; the connections between cybersecurity policies, businesses, and governmental institutions; the knowledge, skills, and abilities needed to develop and implement cybersecurity policy; the social, political and ethical implications that arise in cybersecurity policies and strategies; strategies to assess cybersecurity policy; and the ties between national security and cybersecurity policy.

This course explores the national security dimensions of cybersecurity and examines cyber war in international relations. Exploration of cyber war begins with an examination of cybersecurity as a component of national security and investigates the topics of U.S National Cybersecurity and other national approaches to cyber war. The topics of cyber deterrence, cyber as a military domain, the roles of international organizations in cyber war, cyber terrorism, the role of social media, and information warfare will be discussed. The international dimension of cybersecurity is also discussed.

This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis (BIA), business continuity plan (BCP), disaster recovery plan (DRP), and computer incident response team (CIRT) plan will also be discussed.

Expert-level approach on the Risk Management Framework (RMF) system Authorization to Operation (ATO), including Continuous cATO. Curriculum that is aligned to the NIST SP 800-53, Revision 5. Advanced topics include Assess and Authorize, System Categorization, Security Control Assessment, System Test Results, Plan of Action and Milestones (POA&M), and Continuous Monitoring (CONMON).

This course introduces cybersecurity, the NIST Cybersecurity Framework (CSF), and the Cybersecurity Maturity Model Certification (CMMC) program. Topics to be addressed include the risk management fundamentals, IT risk management, and cyber risk controls; cyber threats and vulnerabilities; data security and sanitization; the NIST CSF, including its core functions, categories, and subcategories; and the CMMC comprising its levels, domains, and implementation guidelines.

This course explores the Federal Risk and Authorization Management Program (FedRAMP) and Auditing. Topics to be addressed include an overview of the FedRAMP framework, including its objectives, components, and stages; the needed documents and guidelines to develop system security plans and security assessment reports; the NIST Risk Management Framework (RMF) comprising its different stages and the adoption mechanism; FISMA compliance and auditing assessment; and real-world case studies and future challenges.

The advanced study of selected cybersecurity topics designed to permit small groups of qualified students to work on subjects of mutual interest. These courses will appear in the course schedule, and will be more fully described in information distributed to academic advisors.

The advanced study of selected cybersecurity topics designed to permit small groups of qualified students to work on subjects of mutual interest. These courses will appear in the course schedule, and will be more fully described in information distributed to academic advisors.

Independent reading and study on a topic to be selected under the direction of an instructor. Conferences and papers as appropriate.

Independent reading and study on a topic to be selected under the direction of an instructor. Conferences and papers as appropriate.

This course provides an overview of the field of cybersecurity. It covers core cybersecurity topics including computer system architectures, critical infrastructures, cyber threats and vulnerabilities, cryptography, cryptographic protocol design, information assurance, network security, and risk assessment and management. Students are expected to become familiar with fundamental security concepts, technologies and practices, and develop a foundation for further study in cybersecurity.

This course introduces tools and techniques used to secure and analyze large computer networks and systems. It will include significant hands-on lab work. Students will explore and map networks using a variety of diagnostic software tools, learn advanced packet analysis, configure firewalls, write intrusion detection rules, perform malware detection, forensic investigation, and practice techniques for penetration testing.

This course offers a deep dive into advanced cybersecurity techniques and operations, aiming to bolster cyber defense strategies. Participants will explore state-of-the-art methodologies encompassing threat analysis, incident response, ethical hacking, secure network architecture, and proactive mitigation strategies. Through immersive, hands-on experiences and real-world simulations, learners will develop the expertise required to adeptly secure digital environments against ever-evolving cyber threats. This course may be used as a leveling course.

This course addresses two major cyber law subject matters. The first part of the course examines various U.S. laws and legal considerations that impact the digital and cyberspace worlds from civil and criminal perspectives. The second part, which builds upon the first, will familiarize cyber operations professionals about the extent of and limitations on their authorities to ensure operations in cyberspace are in compliance with U.S. law, regulations, directives and policies.

This course introduces skills to manage technical professionals and lead strategic change in their organization. Based on the basic operations and functionality of cybersecurity systems, students will learn the management of cybersecurity technical professionals, including how to effectively lead and manage teams, how to launch and assess organizational change initiatives, and how to work effectively within an interdependent group to achieve common goals.

This course introduces the concepts and technologies of digital forensics. Students will learn the advanced techniques and tools utilized for collecting, processing, and preserving digital evidence on computers, mobile devices, networks, and cloud computing environments. Students will also engage in oral and written communication to report digital forensic findings and prepare court presentation materials.

This course teaches the basic fundamentals of using and creating Windows Server domains using PowerShell. It also covers topics like active directory, server administration, and technologies such as Group Policy, Network Policy Server (NPS), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP). Additionally, it includes lessons on disk management, firewall administration, and Windows Server Networking Services like IPv4, IPv6, and more. This course may be used as a leveling course.

This course introduces the basic operations in major Linux distros for cybersecurity using both graphical interface and command-line interface. Students will learn about the basic installation and configuration, file systems management, shell scripts, and user authentication in Linux systems. This course may be used as a leveling course.

This course studies advanced topics in cryptography. It begins with an overview of necessary background in algebra and number theory, private- and public-key cryptosystems, and basic signature schemes. It then upgrades the design and analysis of modern cryptography, including how the security model is defined, how practical cryptographic algorithms work, and how to exploit flaws in the current models of cryptography.

An overview of wireless and mobile security providing students with practical and theoretical experiences. Topics include smartphone security, mobile Internet security, mobile location privacy, and wireless ad hoc, mesh, and sensor network security.

This course teaches students the underlying principles and many of the techniques associated with the cybersecurity practice known as penetration testing or ethical hacking. The course covers planning, reconnaissance, scanning, exploitation, post-exploitation, and result reporting. Students will discover how system vulnerabilities can be exploited and learns to avoid such problems.

An interdisciplinary introduction to web archiving fundamentals including web crawling, collection development and summarization including planning, analyzing, and sharing collections. Includes a review of ethical and legal issues, trustworthiness, preservation, security, and cultural impact of web archiving.

This course addresses the broad topic of risk management and how risk, threats, and vulnerabilities impact information systems. Areas of instruction include how to assess and manage risk based on defining an acceptable level of risk for information systems. Elements of a business impact analysis (BIA), business continuity plan (BCP), disaster recovery plan (DRP), and computer incident response team (CIRT) plan will also be discussed.

Expert-level approach on the Risk Management Framework (RMF) system Authorization to Operation (ATO), including Continuous cATO. Curriculum that is aligned to the NIST SP 800-53, Revision 5. Advanced topics include Assess and Authorize, System Categorization, Security Control Assessment, System Test Results, Plan of Action and Milestones (POA&M), and Continuous Monitoring (CONMON).

This course introduces cybersecurity, the NIST Cybersecurity Framework (CSF), and the Cybersecurity Maturity Model Certification (CMMC) program. Topics to be addressed include the risk management fundamentals, IT risk management, and cyber risk controls; cyber threats and vulnerabilities; data security and sanitization; the NIST CSF, including its core functions, categories, and subcategories; and the CMMC comprising its levels, domains, and implementation guidelines.

This course explores the Federal Risk and Authorization Management Program (FedRAMP) and Auditing. Topics to be addressed include an overview of the FedRAMP framework, including its objectives, components, and stages; the needed documents and guidelines to develop system security plans and security assessment reports; the NIST Risk Management Framework (RMF) comprising its different stages and the adoption mechanism; FISMA compliance and auditing assessment; and real-world case studies and future challenges.

This course focuses on Machine Learning (ML) security and privacy. Students will understand and explore the vulnerabilities of the ML models, learn how to develop and deploy defenses to mitigate possible attacks, and gain hands-on experience to protect private data during model training and testing.

This course provides a comprehensive introduction to the principles, processes, and best practices of cyber risk management. It delves into how risks, threats, and vulnerabilities influence information systems. Key areas of study include determining and managing acceptable risk levels for these systems. Participants will gain insights into components such as a business impact analysis (BIA), business continuity plan (BCP), disaster recovery plan (DRP), and the structure of a computer incident response team (CIRT) plan. The course also emphasizes compliance laws, standards, best practices, and methods for effective risk assessments.

Expert-level approach on the Risk Management Framework (RMF) system Authorization to Operation (ATO), including Continuous cATO. Curriculum that is aligned to the NIST SP 800-53, Revision 5. Advanced topics include Assess and Authorize, System Categorization, Security Control Assessment, System Test Results, Plan of Action and Milestones (POA&M), and Continuous Monitoring (CONMON).

The advanced study of selected cybersecurity topics designed to permit small groups of qualified students to work on subjects of mutual interest. These courses will appear in the course schedule, and will be more fully described by academic advisors.

This course allows students to develop specialized expertise by independent study (supervised by a faculty member).

This capstone course provides opportunities to synthesize and apply the knowledge and skills to solve real-world cyber security problems.