Mar 28, 2024  
2021-2022 College Catalog 
    
2021-2022 College Catalog [ARCHIVED CATALOG]

CIS 288 - Fundamentals of Cybersecurity

4 Credits, 4 Contact Hours
4 lecture periods 0 lab periods

Introduction to cyber security policy, doctrine, and operational constraints. Includes a broad survey of networking principles, cybersecurity concepts, tools, technologies, and best practices. Also includes hands-on activities to enhance familiarity with networking concepts and practice cybersecurity techniques and procedures.

Information: This course is designed to meet the University of Arizona South CYBV 301 requirement and is preparatory coursework for the UA South Cyber Operations program. Please see a financial aid or Veteran’s Affairs advisor to determine funding eligibility as appropriate.


Course Learning Outcomes
  1. Compare the different types of cyberattacks.
  2. Explain the major U.S, and International laws governing cyberspace, the restrictions they place on cyber operations, and how they impact an organization’s overall cyber defensive strategy.
  3. Describe the concepts and best practices of a Defense in Depth strategy.
  4. Explain the Vulnerability-Threat-Control Paradigm.
  5. Describe Confidentiality-Integrity-Availability (C-I-A) security triad.
  6. Explain the similarities and differences between OSI and TCP/IP Model.
  7. Explain security shortcomings and flaws in networking hardware and devices.
  8. Demonstrate methods to secure infrastructure, hosts, networks, and the perimeter.

Performance Objectives:
  1. Define and explain the Vulnerability-Threat-Control Paradigm.
  2. Identify and describe the trade-offs in the (CIA) Confidentiality-Integrity-Availability security triad.
  3. Identify and describe the concepts and best practices of a Defense in Depth strategy.
  4. Identify and describe the types of malware, how malware spreads, and how to mitigate its effects.
  5. Identify and describe the types of networks to include LAN, WAN, MAN, PAN, NAN, WLAN, and the internet. 
  6. Describe and explain the capabilities, characteristics and security flaws of network hardware devices and their operating systems.
  7. Identify and explain how to design basic network architectures.
  8. Identify and explain the similarities and differences between the OSI & the TCP/IP Model.
  9. Identify and describe the basic functions, uses, and characteristics of network protocols.
  10. Identify and describe the history and fundamentals of cryptography.
  11. Identify and describe the different types of cyberattacks.
  12. Describe and explain the active cyber defense cycle’s techniques and mitigation strategies.
  13. Identify and explain the major U.S, and International laws governing cyberspace, the restrictions they place on cyber operations, and how they can impact an organizations overall defensive strategy.

Outline:
  1. Vulnerability-Threat-Control Paradigm
    1. Vulnerability-Threat-Control Paradigm
    2. CIA triad
    3. Types of threats and threat actors
    4. Threat Method-Opportunity-Motive
    5. Identify and mitigate harm through risk management
    6. Concepts and best practices of a Defense in Depth strategy
      1. Uniform Protection
      2. Protected Enclaves
      3. Information Centric
      4. Threat Vector Analysis
  2. Viruses, Worms, Trojans & other Malware
    1. Types of malware, how it spreads
      1. Viruses
      2. Worms
      3. Trojans
      4. Ransomware
    2. Capabilities and goals of different types of malware
      1. Data harvesting
      2. Unauthorized system access
      3. Denial of Service, Distributed Denial of Service (DOS, DDOS) and its effects on availability
      4. Data destruction
    3. Malware mitigation and prevention strategies
      1. System scanning and monitoring
      2. Data integrity checks
      3. Program execution blocking
      4. System patching & hardening
      5. User education and security culture (e.g., social engineering techniques)
  3. Network Fundamentals
    1. Types of networks to include LAN, WAN, MAN, PAN, NAN, WLAN, and the Internet
    2. Capabilities, characteristics and security limitations of network hardware devices and their operating systems
      1. Hubs
      2. Bridges
      3. Switches
      4. Routers
      5. Firewalls
    3. Techniques, methods, and systems for fighting malware
      1. Intrusion Detection Systems (IDS)
      2. Intrusion Prevention Systems (IPS)
      3. Honeypots
    4. Designing basic network architectures

a.   Identifying functionality

b.   modularity of design

c.   hierarchical design principles in network architectures

d.   using VLANs (virtual local area networks) to limit broadcasts

  1. Protocol Stacks and IP Concepts  
    1. Introduction and Use of the 7-layered Open Systems Interconnect (OSI) model for Networking
      1. Physical Layer
      2. Data Link Layer
      3. Network Layer
      4. Transport Layer
      5. Session Layer
      6. Presentation Layer
      7. Application Layer
    2. Relation of the 7-layered OSI Model to the four layers of the TCP/IP (Transmission Control Protocol/Internet Protocol) Model
    3. Protocol functions, uses, and their operation in the OSI Model
      1. Media Access Control (MAC) Addressing in local area networks
      2. ARP (Address Resolution Protocol)
      3. Internet Protocol (IP)
      4. Transmission Control Protocol (TCP)
      5. User Datagram Protocol (UDP)
      6. Internet Control Message Protocol (ICMP)
      7. Simple Network Management Protocol (SNMP)
      8. Border Gateway Protocol (BGP)
    4. Similarities and differences between the IPv4 vs. IPv6 standards.
    5. Function of the Domain Name System (DNS) and its support of network communications.
  2. Cryptography & Securing data at rest and on the move
    1. History and fundamentals of cryptography
      1. Communications challenges and cryptographic goals
      2. Plain text vs. Cipher text
      3. History
      4. Ciphers and Cryptanalysis systems
      5. One-Time Pads
      6. Cryptography vs. Cryptology
      7. Cryptosystems
      8. Keys
      9. Key Exchange and Protection
    2. Define and explain the types of Cryptographic Systems
      1. Symmetric Encryption (Private Key Encryption)
      2. Asymmetric Encryption (Public Key Encryption)
      3. Diffie-Hellman Key Exchange
      4. Hash Functions
      5. Digital Signatures
    3. Major capabilities, limitations, characteristics, and usages of the Data Encryption Standard (DES), Advanced Encryption Standard (AES), RSA, Elliptic Curve, MD5, and SHA-1/2/256/512 crypto algorithms.
    4. Capabilities, characteristics, and security vulnerabilities presented by Steganography techniques and tools.
      1. History of steganography
      2. Steganography techniques
      3. Open-Source tools for studying steganography
  1. S-Tools
  2. OpenPuff
  1. Cyber Attacks, Defenses, and Law
    1. Classification of Cyber Attacks
      1. Network based attacks
      2. Client side attacks
      3. Social Engineering attacks
  2. Active cyber defense cycle’s techniques and mitigation strategies
    1. Proper network architectures
    2. Implementation of passive defenses
    3. Cyber Threat Intelligence (CTI)
    4. Network Security Monitoring (NSM)
    5. Incident Response (IR)
    6. Threat and Environment Manipulation (TEM)
  3. Introduction to U.S. Federal/State laws governing cyberspace, and relating these laws to international laws.
    1. Restrictions on cyber operations
    2. Organizational impact
    3. Organizational defensive strategies


Effective Term:
Full Academic Year 2020/21