CISC447/CISC866 Cybersecurity: Fall 2020

Course content

An introduction to cybersecurity covering a wide range of vulnerabilities, attacks, and defence mechanisms in individual computers, networks, the Internet and the Web and applications that use them, and storage and computational clouds. The human side of cybersecurity, and the legal and ethical constraints on both attack and defence.

Topics: Authentication (passwords, tokens), Cryptography (encryption, public key, certificates), Malware and software security (worms, viruses), Web attack and defence (browsers, phishing, drive-by downloads), Operating system attack and defence (secure design, rootkits), Network attack and defence (interception, denial of service, encryption, VPNs, firewalls, IDSs), Cloud attack and defence, Privacy, Human factors and social engineering, Ethics and legal issues.

This is both an undergraduate and graduate course. Grad students will face a more demanding assessment process.

Classes

The course will be offered in flipped mode, with a substantial online component and 1 contact hour per week which will be used for enhanced learning and interaction.

Learning Outcomes

Upon successful completion of the course a student will be able to:

• LO1: Design cybersecurity attacks and defences for systems and networks;
• LO2: Analyse the threat surface of a computer system or network, and design remediation mechanisms that will be effective;
• LO3: Discuss the relationship between cybersecurity issues and wider human factors, social, political and legal frameworks.

Course material

The lecture material and audio will be available through OnQ.

Assessment

The course is hands-on, and you will be experimenting with both attack and defence in a virtual machine setting. You may want to review what you learned in CISC324 (Operating Systems) and CISC335 (Networks). You might also want to brush up on your grasp of C and Unix.

There will be assignments that require programming, and a final exam.