Security and Environment (GLSE1-CE)

The Information Security Management, Ethics, and Privacy course provides an overview of the cybersecurity life cycle in order to provide students with a holistic approach to cybersecurity. The course enables students to understand the business, technical, and human perspective of cybersecurity. The course starts by having students review all the policies related to cybersecurity. From there, the course introduces a number of different technologies and methods to provide security, including but not limited to cryptography, cloud infrastructure, application security, legal requirements, privacy concerns, and human factors. Based on this solid understanding of the landscape of information and cybersecurity, the course introduces frameworks used to provide cyberdefense, such as the CIA Triad, NIST, ITIL, ISO, PCI, and the systems development life cycle. Throughout the course, students will identify privacy issues related to each topic and unique privacy laws and regulations related to data.

The Cybersecurity Threats and Defenses course teaches students how to identify intrusion detection and perform network traffic analysis. Students learn how to identify different attacks through a number of methods and techniques used in the industry. The theory of intrusion detection covers signature-based, behavior-based, and anomaly-based threats. The course covers the network fundamentals, building on that to show how attacks are able to exploit those functions. Additional topics include networking, network forensics, intrusion detection theory, and the attack life cycle. Lastly, the course covers the most commonly used attacks facing organizations: phishing, social engineering, web application and network-based attacks, and ransomware.

The Risk Management and Communication course provides a broader perspective into cybersecurity. Risk management is a focal point for every cybersecurity practitioner. Each change to technology in an organization will create different risks that need to be addressed. Central to risk management are incident response and vulnerability management, which are emphasized throughout the course, providing students with the knowledge and skills needed to identify risks throughout an enterprise. Cybersecurity professionals are responsible for recommending how to address those vulnerabilities and reduce risk. As such, communication becomes an important tool for a cybersecurity practitioner in this process. Each business unit has its own digital requirements, and it is vital for professionals to be able to articulate messages in such a way that all employees can understand.

In cybersecurity, new threats and attacks emerge daily, as hackers are constantly finding new ways to exploit businesses. The Internet of things (IoT) and smart devices are becoming ubiquitous in our daily lives at home as well as at work. These devices range from smart refrigerators to smart thermostats. Businesses and utilities depend upon SCADA (supervisory control and data acquisition) systems. Mobile devices have been used in enterprises for years. Cell phones and tablets are the devices of choice for many users. In this course, students learn how to prevent these devices from being exploited by attackers. Throughout the course, students examine the security of those devices and learn what can be done to ensure that security measures are taken to address the risks. Lastly, the course addresses the latest digital phenomenon in cryptocurrency and its impact on businesses.