1. General Course Information

Course: Strateg Thinking for CyberSec

Course Number (section): ISA 797 – Special Topics in Information Security

Location: AB 2003, Fairfax Campus

Time: Wednesdays as schedule (normally 19:20 – 22:00) Sept 2, 2015 through Dec 2, 2015

Course Homepage: Blackboard

Prerequisites: ISA 656, ISA 562

2. Instructor Information

Professor: Richard Guidorizzi, Angelos Stavrou (supervision)

Office: Engineering Building Rm 5332

Tel. 571-225-4983

Email: TBD

Office Hours: Mondays and Wednesdays 17:00 – 18:00 (and by appointment)

3. Course Descriptions and Objectives

· One of the primary concerns today relate to “cyber security challenges and real-world problems” – currently, there is little substantive information on exactly what “cyber security” is about let alone the challenges and problems is that is creating today’s IT breaches.

· The course will delve into the specific aspects of the cybersecurity field and attempt to provide a strategic understanding of the source of the current concerns relating to cyber security and potential directions of how to address the core problems which are deeply rooted in our (mis)understanding of how cybersecurity happens in practical scenarios.

· The course will address the problem at a strategic level, while driving down to specific technical details to ground the strategic understanding in technical reality.

· Core to the course is to provide familiarity and working experience of the more common enterprise tool set, lessons learned in deployment, balancing value with cost, the emerging trends, and when technology may not be the only answer.

· The course will have two components: lectures and advanced labs where students will be exposed to tools and delve into research ideas a practical environment.

· Students will

o Develop an understanding of the cyber security field including current practices and the primary challenges that are bringing focus to the field

o Compare IT management approaches and gain an understanding of their intended and unintended impact on an organization’s security posture

o Learn how to evaluate and balance positive security impact with negative operational impact

o Become familiar with the differences between defensive and offensive cyber

o Learn how an organization’s perspectives and operational choices can have unintended security consequences and how to avoid this.

o Being able toto evaluate cyber security (technology, procedures, and training) in the context of the field and in the context of an organization’s specific needs

o Get hand’s on exposure to new and emerging Cyber-security threats through lecture, discussion, and Lab exercises.

4. Required Course Materials

· Textbook: None

· Readings: Optional Readings and discussion board topics may be used during the duration of the class. Those will be posted to Blackboard.

· Surviving on a Diet of Poisoned Fruit, Richard Danzig, July 2014, available at:

http://www.cnas.org/sites/default/files/publications-pdf/CNAS_PoisonedFruit_Danzig_0.pdf

· Vasa Case Study

· HBGary Case Study

· Deconstructing The Cyber Kill Chain, Giora Engel, November 2014, available at:

http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542

· 2015 Verizon Data Breach Investigations Report, Verizon (authors not provided), available at:

www.verizonenterprise.com/DBIR/

· Audio Visual Resources

· Speaker: Peiter "Mudge" Zatko, DARPA, the Defense Advance Research Project Agency, directs billions of dollars towards research. One of these research areas is Cyber. This is a keynote delivered at 2011 “ShmooCon” www.youtube.com/watch?v=xo1YUEn49WA. (if this link does not work, then copy and paste the following into your browser:

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CDAQtwIwAw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dxo1YUEn49WA&ei=qZwIVJrVLpOjyASbvoCwDQ&usg=AFQjCNF1vp3h2N5kOiDh5obSH0ClrfAmTA

· Blackboard: This course will use Blackboard to deliver course materials such as lecture notes, announcements, online discussions, and assignments, etc. Additional materials beyond the textbook may also be posted on Blackboard. It is important for you to visit Blackboard (http://mymason.gmu.edu) regularly for course materials and announcements.

5. Tentative Course Schedule

Class 1:

Sept 2, 2015

What is the current Cyber Security State and Challenges

· An overview of the main cyber security field with a discussion on Cyber Security, Information Assurance, and Information Technology, their meaning and their relationships

· Learn what are the current research challenges and the difference is between the goals of IT Operations and Cyber Security, how they relate and how they conflict (from the CIO/CISO perspective). Being secure and being usable/operational has become untenable and students will be exposed to different alternatives to overcome that dilemma.

Asignments:

1) Presentation (Research): Find an article discussing the state of cyber in an industry and present 1 slide describing the relevance of this issue

Due Class 2 (9 Sept)

2) Group Presentation: Develop a method of how to objectively evaluate risk in the field of cyber security and provide an example of the relative risk in two scenarios

Due Class 4 (23 Sept)

3) Reading: Surviving on a Diet of Poisoned Fruit

Complete by Class

Class 2:

Sept 9, 2015

What is the current Cyber Security State in Practice

· Gain an understanding of the current state of cyber within the private and public sectors

· Understand the breakdown and relevance of the 14 competency areas within DHS’s Essential Body of Knowledge for Cyber Security and why it is relevant to you.

Assignments:

1) Homework: Map out how the DHS Essential Body of Knowledge connects to the goals of the CIO/CISO (as defined in class)

Due Class 3 (16 Sept)

2) Reading: White Paper about the VASA

Complete by Class 3 (16 Sept)

Class 3:

Sept 16, 2015

What makes management of IT and IT security (“cyber”) so challenging?

· Discussion of the complicated technologies and processes that make up IT operations and the inherent challenges

· A discussion of the challenges presented to software developers and how their primary incentivizes increases the overall complexity of software and reduces security posture

Assignments:

1) Present: Develop a pitch to take over the cyber security functions for an organization (based on hand out information). Develop a Cyber Security agenda for research and operations for the target company.

Due Class 11 (11 Nov)

Class 4:

Sept 23, 2015

What is “Risk” in the terms of Cyber Security?

· Gain an understanding of why traditional risk evaluation methods fail when applied to Cyber Security

· Discussion of valuable methods of how to evaluate risk in Cyber Security

· Discussion risks, threats, and vulnerabilities

· Understand how to manage risks in an environment where all the necessary information is not available

Assignments:

1) Homework: Define the comparative value of two similar technologies

Due Class 5 (30 Sept)

2) Reading: HBGary and Anonymous

Complete by Class 7 (14 Oct)

Class 5:

Sept 30, 2015

Cost of Security vs the Value of Security

· Discussion of the costs of security technology, the actual and hidden

· Understand how to evaluate TCO and ROI on security improvements

· Discussion of the actual value security provides

Assignments:

1) Presentation: Define the attackers business process (2 slides max)

Due Class 7 (14 Oct)

2) Reading: Deconstructing the Cyber Kill Chain

Complete by Class 7 (14 Oct)

Class 6:

Oct 7, 2015

Mid-Term Exam

1) Lab exercise: Download and use Hacker tools (details provided in Class 6&7)

Complete by end of Class 7 (14 Oct)

Class 7:

Oct 14, 2015

Cyber Defense vs Cyber Offense

· Review the aspects of IT Operations that make up the cyber defensive

· Discussion of the actual mission and activities performed by a cyber-adversary

· Discussion of the different types of adversaries, and what risks and threats they each bring

· Develop an understanding of the interrelationship between offense and defense and the tradeoffs that are made

Assignments:

1) Homework: Understanding the CIO/CISO priorities, define the type of threat vectors that offer the greatest opportunities for the adversary

Due Class 8 (21 Oct)

2) Lab exercise: Download and use Hacker tools (details provided in Class 6&7)

Complete by end of this Class

Class 8:

Oct 21, 2015

Cyber Threats

· Discuss the most significant threat vectors in Cyber

· A detailed discussion of what makes up an “Advanced Persistent Threat”

· An evaluation of potential threat vectors, as compared to the most expeditious threat vectors, and potential new threat vectors

· Detailed discussion of the cyber-attack process, and why the “cyber kill chain” offers a limited understanding on reality

1) Presentation: Explain one of the major threats in Cyber

Due Class 9 (28 Oct)

2) Team Presentation: Define a security protection suite that will provide protection to selected avenues of attack, with a limited budget. This will be your project that you will assumed to have completed by the end of the class.

Due Class 12 (18 Nov)

Class 9:

Oct 28, 2015

What actions can we take to make things better?

· Discussion the steps security professionals can take to improve security

· Comparative evaluation of the value of security technology and processes as compared to organization’s size and scale

· Understand how the security answer for a small organization is not the same as for a large organization

Assignments:

1) Group Presentation: Develop a pitch to get your (fictional) business to purchase and deploy a cyber security tool.

Due Class 10 (4 Nov)

Class 10:

Nov 4, 2015

Why is Communication such a challenge in the field of Cyber?

· Evaluation of the challenges facing communicating technological issues to senior management

· Discussion of how to communicate technical security issues with non-technical people

Assignments:

None

Class 11:

Nov 11, 2015

What is the Security Workforce?

· Be able to understand what a “Hacker” is and why you might want one working for you

· Understand the different levels of skill covered in the term “red team”

· Develop an understanding of the necessary skills required for each of the security roles in the cyber field

· Learn how the development of the most effective security team for an organization is tied to its size and scale

Assignments:

None

Class 12:

Nov 18, 2015

Managing a Cyber Security Team

· Understand how to develop a cyber-security team for an organization

· Discuss how to attract and manage top talent in this field

· Learn the basic functions required to be performed by a cyber security team and how they interact with the operational staff

Assignments:

None

Class 13:

Nov 25, 2015

Final Exam: Team Project Presentation

Class 14:

Dec 2, 2015

Cyber Security from the Strategic Perspective

· Draw conclusions from the subject areas addressed throughout the class to understand the primary issues and concerns presented in the field of cyber security

Assignments:

None

6. Grading and Assessment

Grading for the course will be based on total points earned by the end of the course. Final course letter grade assignments, will be as follows:

· Grade Percentage

A exceptional students that are >98%

A greater than or equal to 93% but less than 98%

A- greater than or equal to 88% but less than 93%

B+ greater than or equal to 83% but less than 88%

B greater than or equal to 78% but less than 83%

B- greater than or equal to 75% but less than 78%

C+ greater than or equal to 70% but less than 75%

C greater than or equal to 65% but less than 70%

C- greater than or equal to 60% but less than 65%

F less than 60%

· Peer evaluation. Team will be required to evaluate the quality of effort, work product and general contribution to group assignments by all team members.

· Graded Assignments

Element	Weight	Individual or Group
Participation	10%	I
Homework	5%
Lab (Class 7)	5%	I
Presentation (Class 2)	5%	I
Presentation (Class 4)	5%	G
Presentation (Class 7)	5%	I
Presentation (Class 9)	5%	I
Presentation (Class 10)	5%	G
Presentation (Class 11)	10%	G
Presentation (Class 12)	10%	G
Mid-Term	15%	G
Final Exam/Project Presentation	20%	G
	100%

Assignments - To be successful in this course, assignments will be an integral part of learning the course material. It is in the best interest of the student and of student teams to complete each and every individual and group assignment.

Homework will only be accepted through Blackboard submission. Scanned, hand written work will not be accepted.

Presentations done in class also must be submitted through Blackboard by the start time of the presentation.

· Late Assignments

Late assignment submissions are subject to penalties:

o 1 day late (within 24 hours) ........................ 30%

o penalty after the 2nd day (24 hours) ...........not accepted

7. Student Responsibilities

Students are expected to attend class each Class and to participate in class discussions and exercises. Students are expected to complete assignments on time. Students are expected to respect their instructor and fellow classmates, both in and out of the classroom environment. Students are expected to turn off or silence their mobile phones during class time.

Attendance Policy:

Attendance in this class is highly recommended in order to be successful in learning the course content. The student is solely responsible for all assignments and material presented in class even if missed due to absence.

8. Email Communication

By policy of the University and to help protect confidentiality, students are must use their official George Mason email accounts for communication with the instructor and other students in the class. All emails from the instructor will be sent to your official George Mason email email addresses.

9. Learning Goals

1. Apply knowledge of information technology and business functions to understand its application in assessing, designing and improving business processes.

2. Use knowledge of computer networks as part of the IT solutions for improving business processes. They will also have option of developing more advanced skills in the areas of network and security.

3. Effectively manage information technology projects.

4. Understand the overall systems development life cycle and be able to recommend IT system solutions accordingly. They will also have option of learning appropriate development tools to develop prototype of IT solutions for business management.

10. George Mason Standards of Behavior:

The mission of the George Mason University is to create and deliver high-quality educational programs and research. Students, faculty, staff, and alumni who participate in these educational programs contribute to the well-being of society. High-quality educational programs require an environment of trust and mutual respect, free expression and inquiry, and a commitment to truth, excellence, and lifelong learning. Students, program participants, faculty, staff, and alumni accept these principles when they join the School of Business community. In doing so, they agree to abide by the following standards of behavior:

o Respect for the rights, differences, and dignity of others

o Honesty and integrity in dealing with all members of the community

o Accountability for personal behavior

Integrity is an essential ingredient of a successful learning community. Ethical standards of behavior help promote a safe and productive community environment, and ensure every member the opportunity to pursue excellence. To this end, community members have a personal responsibility to integrate these standards into every aspect of their experience. Through our personal commitment to these Community Standards of Behavior, we can create an environment in which all can achieve their full potential.

11. Honor Code Statement:

Honor System and Code: The Honor System and Code adopted by George Mason University will be enforced for this class:

http://oai.gmu.edu/the-mason-honor-code/

In your work on all written assignments, keep in mind that you may not present as your own the words, the work, or the opinions of someone else without proper acknowledgement. You also may not borrow the sequence of ideas, the arrangement of material, or the pattern of thought of someone else without proper acknowledgement. Please note: Faculty are obligated to submit any Honor Code violations or suspected violations to the Honor Committee without exception.

The appropriate version of the School of Business “Recommendations for Honor Code Violations” should be attached.

13. Disability: If you have a disability and you need academic accommodations, please see me and contact the Office of Disability Services (ODS) at 703-993-2474. All academic accommodations must be arranged through the ODS. Please take care of this during the first two weeks of the semester. More information about ODS is available at http://www.gmu.edu/student/drc

14. Religion: Students who will miss class for religious reasons should inform me of their anticipated absences as soon as possible.

15. Counseling center: George Mason University has a counseling center that can provide assistance if you find yourself overwhelmed by life, want training in academic or life skills, or the like. More information is available at http://www.gmu.edu/departments/csdc/

16. Writing Guidelines (if relevant for the course): Unless otherwise specified, all writing assignments should be formatted as follows: double-spaced, Times New Roman, 12-point font, and 1-inch margins. To cite and reference professional or academic sources, please use APA style. Specific instructions for in-text citations and referencing are found in the Publication Manual of the American Psychological Association, 6th Edition or at http://owl.english.purdue.edu/owl/resource/560/01/ .

To help manage the citations and seamlessly create reference lists, Mason supports a free software called Zotero. Please go to https://www.zotero.org/

This program offers:

- Centralized bibliography management

- Ability to sync across computers

- Ability for teams to combine contributions to the references

- Word plug-in that allows citation management within MS word

George Mason University has a writing center that can help you improve your English writing skills. More information is available at http://writingcenter.gmu.edu/

17. Inclement weather & campus emergencies: Information regarding weather related changes in the University’s schedule (e.g., closing or late opening) will be provided on the GMU website and via MasonAlert. Students sign up for the Mason Alert system to provide emergency information of various sorts at https://alert.gmu.edu.

18. Emergencies: An emergency poster exists in each classroom explaining what to do in the event of crises and that further information about emergency procedures exists on http://www.gmu.edu/service/cert.