This course provides an overview and foundational understanding of concepts essential to the cybersecurity professional to evaluate best practices in implementing security systems within the enterprise. This course covers key bodies of knowledge in security, privacy, and compliance. Topics include security planning, risk management, security technologies, basic cryptography, digital forensics, application security, intrusion detection and prevention, physical security, and privacy issues.

Upon completion of the course, students are expected to be able to do the following:

• Apply the principles of information technology security
• Analyze situations of computer and network usage from a security perspective to develop a security mindset
• Explain information security’s importance in our increasingly computer-driven world
• Identify appropriate strategies to ensure confidentiality, integrity, and availability of information
• Express management’s role in the development, maintenance, and enforcement of an information security program
• Describe the relationship among laws, regulations, and professional issues in information security
• Articulate how cryptography serves as the central language of information security
• Analyze how physical security fits within an information security program
• Define the roles of computer forensics in information security
• Apply basic software tools for assessing the security posture of a business
• Explain how issues of privacy relate to business information security

This course introduces the domains of cloud security in both theoretical and practical applications. Students are presented with a structured approach to cloud architecture and design requirements along with applications involved in developing layered cloud security strategies. Students evaluate the data organization, data security, cloud applications, operations, and compliance used in deploying cloud-based security architecture that supports the objectives of the enterprise. The course also prepares students for the CompTIA Cloud+ Certification Exam.

Upon completion of the course, students are expected to be able to do the following:

• Create a plan for an organization’s strategic security objectives
• Apply architectural frameworks and design principles
• Identify methods, roles, responsibilities, and accountabilities of personnel governing compliance of security policies
• Evaluate data security strategies and data classification controls
• Differentiate cloud-based security models

Prerequisite: CYBR 600 

This course provides a comprehensive overview of network security and intrusion detection. Students focus on methods for securing networks and utilize these methods in basic architectural design. Students apply these methods into a cohesive network security strategy. Topics include investigation of areas such as data analysis and interpretation, threat/intrusion detection, vulnerability management, incident response, and security architecture. The course also prepares students for the CompTIA CySA+ Certification Exam.

Upon completion of the course, students are expected to be able to do the following:

• Implement security operations and monitoring design principles in network architectures.
• Integrate software and systems security secure network components through knowledge of hardware, transmission media, cryptography, network access, honeypot, endpoint security, and content-distribution networks.
• Implement secure communication channels according to design that involve voice, multimedia collaboration, remote access, data communications, and virtualized networks.
• Specify incident response and forensic procedures to recover from attacks on network systems.
• Conduct logging and monitoring activities to support intrusion detection and prevention, and event management.
• Identify threats and vulnerabilities in networked systems.
• Understand compliance and assessment practices.

This course includes a study of theoretical and practical aspects of network and web application penetration testing. Students are able to evaluate the security of a network or system’s infrastructure and outline how hackers find and attempt to exploit any vulnerabilities. Included in the course are in-depth details on ethical hacking, including reconnaissance, vulnerability assessment, exploitation, maintaining access, and covering tracks. Current tools and methodologies are stressed.

Upon completion of the course, students are expected to be able to do the following:

• Explain the regulatory/legal requirements and rationale for penetration testing.
• Interpret and differentiate cyber threats and exploits in a penetration testing context
• Distinguish key phases of ethical hacking: reconnaissance, scanning, gaining access, maintaining access, and covering the tracks
• Perform protocol analysis using packet captures and analysis data using a network sniffer
• Investigate and uncover network devices, operating systems, and services
• Discover network security issues using an intrusion detection tool
• Leverage penetration testing applications to recognize information targets across operating systems and services
• Implement scripts and tools to assist in penetration testing
• Deploy and test exploits targeting operating systems and services
• Identify and exploit various vulnerabilities in web applications

The course focuses on core programming concepts such as classes and objects, controlling flow, batch processing, and error handling while working in the context of data processing, analysis, and visualization. The course explores a variety of Python packages and integration for project development. Using Python to automate workflows and create custom visualizations is discussed, and students are able to explore tabular data, spatial data, cybersecurity, and data science applications of Python.

Upon completion of the course students are expected to be able to do the following:

• Develop custom visualizations that communicate data and results of an analysis
• Respond to specific scripting requirements to address analytical problems and improve workflows
• Apply the concepts and logic of object-oriented programming