Cybersecurity: An Overview

This is an overview course on modern cybersecurity aimed at general computer science graduate students. Due to most text books being out of date or too specific we will be using a variety of freely available online resources these include:

  1. The Cyber Security Body Of Knowledge This comprises approximately 20 recent documents on many important topics in cybersecurity. We will cover a portion of these.
  2. National Cybersecurity Training & Education (NCyTE) Center Has resources on many important cybersecurity topics aimed at all levels of education.
  3. NIST: Computer Security Resource Center The (US) National Institute of Standards and Technology publishes many standards, guides, etc. in the area of cybersecurity we will get "hands on" with some of these.
  4. CIS Controls The Center for Internet Security (CIS) publishes a very good prioritized list and document of security controls with explanations appropriate to different types of enterprises.

Supplemental Readings and Podcasts may be assigned throughout the course. In particular we will get many of our case studies from the Darknet Diaries podcast. We will also use various rigorous security blogs for our case studies.

Assignments (Spring 2022)

Working Schedule and Lectures (Spring 2022)

This schedule will be updated as the course progresses. Case studies are from the Darknet Diaries podcast and Mandiant Podcast: State of the Hack.

Date Week Topic(s)
01/17 1

No Monday class, Intro, personalGit, GitClass, Markdown, Overview, CyBOK, Case study EP 79: Dark Basin

01/24 2

Risk, What are we protecting: Data and Systems, CIA, Case study EP 76: Knaves Out

01/31 3

Access Control, Law, Case StudyEP 53: Shadow Brokers

02/07 4

NetworkIntro, Networking from the security point of view, EP 72: Bangladeshi Bank heist

02/14 5

Physical Layer, HTTPIntro, More DNS, Case study EP 54: NotPetya

02/21 6

DoS Attacks and Botnets, Midterm #1, Case Study EP 94: Mariposa Botnet

02/28 7

Email Systems, Phishing, Social Engineering, and Fraud, Case study EP 86: The LinkedIn Incident

03/07 8

Cryptography Basics, AES, Case study EP 80: The Whistle blower

03/14 9

Public Key Crypto, Hashes, Case study Ep 85: Cam the Carder

03/21 10

Signatures and TLS, Malware, Malware Analysis, Case study EP 73: WannaCry

03/28 11

Spring recess (no classes)

04/04 12

Malware Detection, Midterm #2, Case study Ep 68: Triton

04/11 13

Tactics, Techniques, and Procedures (TTPs), Case study EP 82: Master of Pwn

04/18 14

Vulnerabilities, Recon, Case study EP 98: Zero Day Brokers

04/25 15

Security principles, Security controls, Case study EP 103: Cloud Hopper

05/02 16

Intrusion Detection, Architectures For Security, VPN and Tor

05/09 17

Final Exam Week

Code Examples

These are simple examples to illustrate various security concepts and not to be taken as good programming practice, secure coding practice, or (especially) proper use of cryptographic primitives. In fact one is an example of completely incorrect use of AES!