1. General
Course Information
Course: Strateg
Thinking for CyberSec
Course Number (section): ISA 797 –
Special Topics in Information Security
Location: AB 2003, Fairfax Campus
Time: Wednesdays as schedule (normally 19:20 –
22:00) Sept 2, 2015 through Dec 2, 2015
Course Homepage: Blackboard
Prerequisites: ISA 656, ISA 562
2. Instructor Information
Professor: Richard Guidorizzi, Angelos
Stavrou (supervision)
Office: Engineering Building Rm 5332
Tel. 571-225-4983
Email: TBD
Office Hours: Mondays and Wednesdays 17:00
– 18:00 (and by appointment)
3. Course Descriptions and Objectives
á
One of the
primary concerns today relate to Òcyber security challenges and real-world
problemsÓ – currently, there is little substantive information on exactly
what Òcyber securityÓ is about let alone the challenges and problems is that is
creating todayÕs IT breaches.
á
The course will delve into the specific
aspects of the cybersecurity field and attempt to provide a strategic
understanding of the source of the current concerns relating to cyber security
and potential directions of how to address the core problems which are deeply
rooted in our (mis)understanding of how cybersecurity happens in practical
scenarios.
á
The course
will address the problem at a strategic level, while driving down to specific
technical details to ground the strategic understanding in technical reality.
á
Core to the
course is to provide familiarity and working experience of the more common
enterprise tool set, lessons learned in deployment, balancing value with cost,
the emerging trends, and when technology may not be the only answer.
á
The course
will have two components: lectures and advanced labs where students will be
exposed to tools and delve into research ideas a practical environment.
á
Students will
o Develop an understanding of the cyber
security field including current practices and the primary challenges that are bringing
focus to the field
o Compare IT management approaches and
gain an understanding of their intended and unintended impact on an
organizationÕs security posture
o Learn how to evaluate and balance
positive security impact with negative operational impact
o Become familiar with the differences
between defensive and offensive cyber
o Learn how an organizationÕs
perspectives and operational choices can have unintended security consequences
and how to avoid this.
o Being able toto
evaluate cyber security (technology, procedures, and training) in the context
of the field and in the context of an organizationÕs specific needs
o Get handÕs on exposure
to new and emerging Cyber-security threats through lecture, discussion, and Lab
exercises.
4. Required Course Materials
á
Textbook: None
á
Readings: Optional Readings and discussion board topics may be used during
the duration of the class. Those
will be posted to Blackboard.
á Surviving on a Diet of Poisoned Fruit, Richard Danzig, July 2014,
available at:
http://www.cnas.org/sites/default/files/publications-pdf/CNAS_PoisonedFruit_Danzig_0.pdf
á Vasa Case Study
á HBGary Case Study
á Deconstructing The Cyber Kill Chain, Giora Engel, November 2014,
available at:
http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542
á 2015 Verizon Data Breach Investigations Report, Verizon (authors not provided),
available at:
www.verizonenterprise.com/DBIR/
á
Audio Visual
Resources
á
Speaker:
Peiter "Mudge" Zatko, DARPA, the Defense Advance Research Project
Agency, directs billions of dollars towards research. One of these research
areas is Cyber. This is a keynote
delivered at 2011 ÒShmooConÓ www.youtube.com/watch?v=xo1YUEn49WA. (if this link does not work, then
copy and paste the following into your browser:
á Blackboard: This course will use Blackboard to deliver course materials such as lecture notes, announcements, online discussions, and assignments, etc. Additional materials beyond the textbook may also be posted on Blackboard. It is important for you to visit Blackboard (http://mymason.gmu.edu) regularly for course materials and announcements.
5.
Tentative Course Schedule
Class 1: Sept 2, 2015 |
What
is the current Cyber Security State and Challenges á
An
overview of the main cyber security field with a discussion on Cyber Security,
Information Assurance, and Information Technology, their meaning and their
relationships á
Learn
what are the current research challenges and the difference is between the
goals of IT Operations and Cyber Security, how they relate and how they conflict
(from the CIO/CISO perspective). Being secure and being usable/operational
has become untenable and students will be exposed to different alternatives
to overcome that dilemma. |
Asignments: |
1)
Presentation (Research):
Find an article discussing the state of cyber in an industry and
present 1 slide describing the relevance of this issue Due Class 2 (9 Sept) 2)
Group Presentation: Develop a method of how to objectively evaluate
risk in the field of cyber security and provide an example of the relative
risk in two scenarios Due Class 4 (23 Sept) 3)
Reading: Surviving on a
Diet of Poisoned Fruit Complete by Class |
Class 2: Sept 9, 2015 |
What
is the current Cyber Security State in Practice á
Gain an
understanding of the current state of cyber within the private and public
sectors á
Understand
the breakdown and relevance of the 14 competency areas within DHSÕs Essential
Body of Knowledge for Cyber Security and why it is relevant to you. |
Assignments: |
1)
Homework: Map out how the
DHS Essential Body of Knowledge connects to the goals of the CIO/CISO (as
defined in class) Due Class 3 (16 Sept) 2)
Reading: White Paper about
the VASA Complete by Class 3 (16 Sept) |
Class 3: Sept 16, 2015 |
What
makes management of IT and IT security (ÒcyberÓ) so challenging? á
Discussion of the complicated technologies and processes that make up
IT operations and the inherent challenges á
A discussion of the challenges presented to software developers and how
their primary incentivizes increases the overall complexity of software and
reduces security posture |
Assignments: |
1)
Present: Develop a pitch to
take over the cyber security functions for an organization (based on hand out
information). Develop a Cyber Security agenda for research and operations for
the target company. Due Class 11 (11 Nov) |
Class
4: Sept
23, 2015 |
What
is ÒRiskÓ in the terms of Cyber Security? á
Gain an understanding of why traditional risk evaluation methods fail
when applied to Cyber Security á
Discussion of valuable methods of how to evaluate risk in Cyber
Security á
Discussion risks, threats, and vulnerabilities á
Understand how to manage risks in an environment where all the
necessary information is not available |
Assignments: |
1)
Homework: Define the
comparative value of two similar technologies Due Class 5 (30 Sept) 2)
Reading: HBGary and Anonymous Complete by Class 7 (14 Oct) |
Class
5: Sept
30, 2015 |
Cost
of Security vs the Value of Security á
Discussion of the costs of security technology, the actual and hidden á
Understand how to evaluate TCO and ROI on security improvements á
Discussion of the actual value security provides |
Assignments: |
1)
Presentation: Define the attackers business process (2 slides max) Due Class 7 (14 Oct) 2)
Reading: Deconstructing the Cyber Kill Chain Complete by Class 7 (14 Oct) |
Class
6: Oct
7, 2015 |
Mid-Term
Exam |
|
1)
Lab exercise: Download and use Hacker tools (details provided in Class
6&7) Complete by end of Class 7 (14 Oct) |
Class
7: Oct
14, 2015 |
Cyber
Defense vs Cyber Offense á
Review the aspects of IT Operations that make up the cyber defensive á
Discussion of the actual mission and activities performed by a
cyber-adversary á
Discussion of the different types of adversaries, and what risks and
threats they each bring á
Develop an understanding of the interrelationship between offense and
defense and the tradeoffs that are made |
Assignments: |
1)
Homework: Understanding the
CIO/CISO priorities, define the type of threat vectors that offer the
greatest opportunities for the adversary Due Class 8 (21 Oct) 2)
Lab exercise: Download and use Hacker tools (details provided in Class
6&7) Complete by end of this Class |
Class
8: Oct
21, 2015 |
Cyber
Threats á
Discuss the most significant threat vectors in Cyber á
A detailed discussion of what makes up an ÒAdvanced Persistent ThreatÓ á
An evaluation of potential threat vectors, as compared to the most
expeditious threat vectors, and potential new threat vectors á
Detailed discussion of the cyber-attack process, and why the Òcyber
kill chainÓ offers a limited understanding on reality |
|
1)
Presentation: Explain one of the major threats in Cyber Due Class 9 (28 Oct) 2)
Team Presentation: Define a security protection suite that will provide
protection to selected avenues of attack, with a limited budget. This will be
your project that you will assumed to have completed by the end of the class. Due Class 12 (18 Nov) |
Class
9: Oct
28, 2015 |
What
actions can we take to make things better? á
Discussion the steps security professionals can take to improve
security á
Comparative evaluation of the value of security technology and
processes as compared to organizationÕs size and scale á
Understand how the security answer for a small organization is not the
same as for a large organization |
Assignments: |
1)
Group Presentation: Develop
a pitch to get your (fictional) business to purchase and deploy a cyber
security tool. Due Class 10 (4 Nov) |
Class
10: Nov
4, 2015 |
Why
is Communication such a challenge in the field of Cyber? á
Evaluation of the challenges facing communicating technological issues
to senior management á
Discussion of how to communicate technical security issues with
non-technical people |
Assignments: |
None |
Class
11: Nov
11, 2015 |
What
is the Security Workforce? á
Be able to understand what a ÒHackerÓ is and why you might want one
working for you á
Understand the different levels of skill covered in the term Òred teamÓ á
Develop an understanding of the necessary skills required for each of
the security roles in the cyber field á
Learn how the development of the most effective security team for an
organization is tied to its size and scale |
Assignments: |
None |
Class
12: Nov
18, 2015 |
Managing
a Cyber Security Team á
Understand how to develop a cyber-security team for an organization á
Discuss how to attract and manage top talent in this field á
Learn the basic functions required to be performed by a cyber security
team and how they interact with the operational staff |
Assignments: |
None |
Class
13: Nov
25, 2015 |
Final
Exam: Team Project Presentation |
Class
14: Dec
2, 2015 |
Cyber
Security from the Strategic Perspective á
Draw conclusions from the subject areas addressed throughout the class
to understand the primary issues and concerns presented in the field of cyber
security |
Assignments: |
None |
6. Grading and Assessment
Grading for the course will be based on total points earned
by the end of the course. Final course letter grade assignments, will be as
follows:
á Grade
Percentage
A exceptional
students that are >98%
A greater
than or equal to 93% but less than 98%
A- greater
than or equal to 88% but less than 93%
B+ greater
than or equal to 83% but less than 88%
B greater
than or equal to 78% but less than 83%
B- greater
than or equal to 75% but less than 78%
C+ greater
than or equal to 70% but less than 75%
C greater
than or equal to 65% but less than 70%
C- greater than or equal to 60% but less than 65%
F less
than 60%
á Peer
evaluation. Team will be required
to evaluate the quality of effort, work product and general contribution to
group assignments by all team members.
á Graded
Assignments
Element |
Weight |
Individual or Group |
Participation |
10% |
I |
Homework |
5% |
|
Lab
(Class 7) |
5% |
I |
Presentation
(Class 2) |
5% |
I |
Presentation
(Class 4) |
5% |
G |
Presentation
(Class 7) |
5% |
I |
Presentation
(Class 9) |
5% |
I |
Presentation
(Class 10) |
5% |
G |
Presentation
(Class 11) |
10% |
G |
Presentation
(Class 12) |
10% |
G |
Mid-Term |
15% |
G |
Final
Exam/Project Presentation |
20% |
G |
|
100% |
Assignments - To be successful in this course, assignments
will be an integral part of learning the course material. It is in the best
interest of the student and of student teams to complete each and every individual
and group assignment.
Homework
will only be accepted through Blackboard submission. Scanned, hand written work
will not be accepted.
Presentations
done in class also must be submitted through Blackboard by the start time of
the presentation.
á Late Assignments
Late assignment submissions are subject to penalties:
o 1 day late (within
24 hours) ........................ 30%
o penalty after the
2nd day (24 hours) ...........not accepted
7. Student Responsibilities
Students are expected to attend class each Class and to
participate in class discussions and exercises. Students are expected to
complete assignments on time. Students are expected to respect their instructor
and fellow classmates, both in and out of the classroom environment. Students
are expected to turn off or silence their mobile phones during class time.
Attendance Policy:
Attendance in this class is highly
recommended in order to be successful in learning the course content. The
student is solely responsible for all assignments and material presented in
class even if missed due to absence.
8. Email Communication
By policy of the University and to help protect confidentiality,
students are must use their official George Mason email accounts for
communication with the instructor and other students in the class. All emails
from the instructor will be sent to your official George Mason email email
addresses.
9. Learning Goals
1.
Apply knowledge of information technology and
business functions to understand its application in assessing, designing and
improving business processes.
2.
Use knowledge of computer networks as part of
the IT solutions for improving business processes. They will also have option
of developing more advanced skills in the areas of network and security.
3.
Effectively manage information technology
projects.
4.
Understand the overall systems development
life cycle and be able to recommend IT system solutions accordingly. They will
also have option of learning appropriate development tools to develop prototype
of IT solutions for business management.
10. George Mason Standards of Behavior:
The mission of the George Mason University is
to create and deliver high-quality educational programs and research. Students,
faculty, staff, and alumni who participate in these educational programs
contribute to the well-being of society. High-quality educational programs
require an environment of trust and mutual respect, free expression and
inquiry, and a commitment to truth, excellence, and lifelong learning.
Students, program participants, faculty, staff, and alumni accept these
principles when they join the School of Business community. In doing so, they
agree to abide by the following standards of behavior:
o
Respect for the rights,
differences, and dignity of others
o
Honesty and integrity in dealing with
all members of the community
o
Accountability for personal
behavior
Integrity is an essential ingredient of a successful learning
community. Ethical standards of behavior help promote a safe and productive
community environment, and ensure every member the opportunity to pursue
excellence. To this end, community members have a personal responsibility to
integrate these standards into every aspect of their experience. Through our
personal commitment to these Community Standards of Behavior, we can create an
environment in which all can achieve their full potential.
11. Honor Code Statement:
Honor
System and Code: The Honor System and Code
adopted by George Mason University will be enforced for this class:
http://oai.gmu.edu/the-mason-honor-code/
In your work on all written assignments, keep
in mind that you may not present as your own the words, the work, or the
opinions of someone else without proper acknowledgement. You also may not
borrow the sequence of ideas, the arrangement of material, or the pattern of
thought of someone else without proper acknowledgement. Please note: Faculty
are obligated to submit any Honor Code violations or suspected violations to
the Honor Committee without exception.
The appropriate version of the School of
Business ÒRecommendations for Honor Code ViolationsÓ should be attached.
13. Disability: If you have a disability and you need academic accommodations,
please see me and contact the Office of Disability Services (ODS) at
703-993-2474. All academic accommodations must be arranged through the ODS.
Please take care of this during the first two weeks of the semester. More
information about ODS is available at http://www.gmu.edu/student/drc
14. Religion: Students who will miss class for religious reasons should inform
me of their anticipated absences as soon as possible.
15. Counseling center: George Mason University has a counseling center that can provide
assistance if you find yourself overwhelmed by life, want training in academic
or life skills, or the like. More information is available at http://www.gmu.edu/departments/csdc/
16. Writing Guidelines (if relevant
for the course): Unless otherwise specified, all
writing assignments should be formatted as follows: double-spaced, Times New
Roman, 12-point font, and 1-inch margins. To cite and reference professional or
academic sources, please use APA style.
Specific instructions for in-text citations and referencing are found in
the Publication Manual of the American
Psychological Association, 6th Edition or at http://owl.english.purdue.edu/owl/resource/560/01/ .
To help manage the citations and seamlessly create reference
lists, Mason supports a free software called Zotero. Please go to https://www.zotero.org/
This program offers:
- Centralized
bibliography management
- Ability
to sync across computers
- Ability
for teams to combine contributions to the references
- Word
plug-in that allows citation management within MS word
George Mason University has a writing center that can help you
improve your English writing skills. More information is available at http://writingcenter.gmu.edu/
17. Inclement weather
& campus emergencies: Information
regarding weather related changes in the UniversityÕs schedule (e.g., closing
or late opening) will be provided on the GMU website and via MasonAlert. Students sign up for the Mason Alert system to
provide emergency information of various sorts at https://alert.gmu.edu.
18. Emergencies: An
emergency poster exists in each classroom explaining what to do in the event of
crises and that further information about emergency procedures exists on http://www.gmu.edu/service/cert.