Cybersecurity

Radford University recently launched a degree program in Cybersecurity, designed to prepare students to meet the anticipated demand for 3.5 million cybersecurity professionals by 2023. The bachelor of science in computer and information systems security is the first at a four year public institution in the Commonwealth of Virginia.

BE A CYBER WARRIOR

Cyber-attacks are one of the most critical threats facing the nation and the Commonwealth of Virginia. These attacks cost organizations an average of $11.7 million dollars every year and threaten national security.[1] According to the Department of Homeland Security, “Our daily life, economic vitality and national security depend on a stable, safe and resilient cyberspace.”[2]

Recent prominent attacks, including the attack on Target’s systems,[3] identity theft from the Office of Personal Management (OPM),[4] and the Dyn webcam attacks,[5] demonstrate that all computing devices are vulnerable to attacks including:

·         Traditional PCs and workstations

·         Voting machines and baby monitors

·         Corporate and home networks

Security professionals need a wide range of knowledge and skills encompassing:

·         Programming, networking, and operating systems

·         Complex applications including database management systems

·         Distributed computing infrastructure, cloud computing, and embedded computing devices that drive Internet of Things (IoT)

Graduates are well prepared to design, implement, deploy and administer technological solutions to prevent and defend against cyber-attacks. Students learn to:

·         Think creatively and critically in performing risk assessment, analyzing the security of computer infrastructure and implementing solutions

·         Master the tools to handle cyber-attacks and develop a business case for security

Bachelor of Science in Computer and Cyber Science

Radford’s curriculum develops the depth and breadth necessary for security professionals to design and develop comprehensive security solutions.

 

[1] https://www.accenture.com/us-en/insight-cost-of-cybercrime-2017

[2] https://www.dhs.gov/topic/cybersecurity

[3] https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

[4] https://www.opm.gov/cybersecurity/

[5] http://time.com/4542600/internet-outage-web-cams-hackers/

 

Degree Core Courses Required

Introduction to Information Security (ITEC 345)

Learn more about ITEC 345

Detailed Description of Content of Course

Topics include:
1. Security Goals and Fundamentals.
2. Personnel and physical security.
3. Administering security.
4. Cryptography fundamentals.
5. Fundamentals of Application security.
6. Fundamentals of Network security.
7. Privacy and legal issues.
8. Ethics.
9. Introduction to Digital Forensics.


Detailed Description of Conduct of Course

Students may be given programming projects and problems which will allow them to analyze vulnerabilities and determine policies and principles to prevent the exploitation of those vulnerabilities. Homework problems that require surveying existing network and OS security threats may also be given.  Assessment may include at least two exams.


Goals and Objectives of the Course

Students who complete the course will be able to:
1. Describe the common goals of security (confidentiality, integrity, availability, authentication and non-repudiation).
2. Enumerate the different types of vulnerabilities, threats and exploits to computing and networking infrastructure.
3. Describe some common administrative, physical and technological security controls.
4. Develop security plans, policies and procedures similar to those used in government and corporations.
5. Define risk management and explain aspects of risk management.
6. Describe privacy and ethical issues.
7. Describe the various laws that protect computer based systems and digital objects.

Covers the fundamentals of information security. Lectures focus on providing a broad overview of principles, policies and procedures in security. ITEC 345 cannot be counted toward technical electives or BS requirements in any concentration. Students cannot earn credit for both ITEC 245 and ITEC 345.

 

Computer System and Database Security (ITEC 445)

Learn more about ITEC 445

Detailed Description of Content of Course

Topics include:
1. Computer application vulnerabilities, threats and attacks
2. Malicious software
3. Physical security of servers
4. Secure software design principles
5. Security analysis (ethical hacking/penetration testing)
6. Operating System  security
7. Evaluating systems for security using standards (e.g., Common Criteria)
8. Database Security and Privacy
9. Host based security controls such as Intrusion detection and prevention mechanisms


Detailed Description of Conduct of Course

Programming projects involving design and development of secure software will be given. Projects will use databases to enforce principles of database security. Homework problems that require analysis of threats and solutions will be given.


Goals and Objectives of the Course

Students who complete the course will be able to:
1. Describe and identify common vulnerabilities and exploits in software applications.
2. Apply well-known secure design principles such as least privilege, separation of privilege, complete mediation, economy of mechanism and least common mechanism.
3. Implement secure code for applications in a high-level language such as Java.
4. Identify and describe the various security controls and secure operations to achieve security and privacy in operating systems and databases.
5. Describe the concepts of assurance and trust.
6. Describe the process of evaluating systems for security using standard criteria such as the Common Criteria.


Assessment Measures

Evaluation may be based on several programming projects, problems, and at least two examinations. The instructor may also use quizzes or other assessment strategies.

Threats and vulnerabilities in software systems, principles to design and implement secure software systems, database and information security.

 

Applied Cryptography and Network Security (ITEC 455)

Learn more about ITEC 455

Detailed Description of Content of Course

Topics include:
1. Security Goals and Fundamentals.
2. Personnel and physical security.
3. Administering security.
4. Cryptography fundamentals.
5. Fundamentals of Application security.
6. Fundamentals of Network security.
7. Privacy and legal issues.
8. Ethics.
9. Introduction to Digital Forensics.


Detailed Description of Conduct of Course

Students may be given programming projects and problems which will allow them to analyze vulnerabilities and determine policies and principles to prevent the exploitation of those vulnerabilities. Homework problems that require surveying existing network and OS security threats may also be given.  Assessment may include at least two exams.


Goals and Objectives of the Course

Students who complete the course will be able to:
1. Describe the common goals of security (confidentiality, integrity, availability, authentication and non-repudiation).
2. Enumerate the different types of vulnerabilities, threats and exploits to computing and networking infrastructure.
3. Describe some common administrative, physical and technological security controls.
4. Develop security plans, policies and procedures similar to those used in government and corporations.
5. Define risk management and explain aspects of risk management.
6. Describe privacy and ethical issues.
7. Describe the various laws that protect computer based systems and digital objects.

Threats and vulnerabilities in computer networks, cryptography and its application to network security mechanisms, secure network protocols and network intrusion detection systems.

 

Computer System Security Analysis and Investigation Techniques (ITEC 465)

Learn more about ITEC 465

Detailed Description of Content of Course

Topics include:
1. Security Goals and Fundamentals.
2. Personnel and physical security.
3. Administering security.
4. Cryptography fundamentals.
5. Fundamentals of Application security.
6. Fundamentals of Network security.
7. Privacy and legal issues.
8. Ethics.
9. Introduction to Digital Forensics.


Detailed Description of Conduct of Course

Students may be given programming projects and problems which will allow them to analyze vulnerabilities and determine policies and principles to prevent the exploitation of those vulnerabilities. Homework problems that require surveying existing network and OS security threats may also be given.  Assessment may include at least two exams.


Goals and Objectives of the Course

Students who complete the course will be able to:
1. Describe the common goals of security (confidentiality, integrity, availability, authentication and non-repudiation).
2. Enumerate the different types of vulnerabilities, threats and exploits to computing and networking infrastructure.
3. Describe some common administrative, physical and technological security controls.
4. Develop security plans, policies and procedures similar to those used in government and corporations.
5. Define risk management and explain aspects of risk management.
6. Describe privacy and ethical issues.
7. Describe the various laws that protect computer based systems and digital objects.

Students will learn ethical hacking, conduct formal security analysis of computing infrastructure; apply investigation techniques to detect vulnerabilities and threats in software and hardware including reverse engineering program binaries for malware analysis, memory and disk analysis; systems analysis of embedded devices.  

 

Information Assurance Management (ITEC 466)

Learn more about ITEC 466

Detailed Description of Course

    1) Cybersecurity Planning and Management
        a. Common Body of Knowledge
        b. Operational, Tactical, Strategic Plan and Management
        c. Incidence Response, Business Continuity/Disaster Recovery
        d. Audit, Report
        e. C-Level Functions
        f. Cybersecurity as a strategy
    2) Security Program Management
        a. Project and Resource Management.
        b. Quality Assurance and Control
        c. Security Awareness, Training, Education and Ethics
        d. Security Baselines
        e. Change and Patch Management.
        f. Roles and Responsibilities of the Security Organization
    3) Threat Model, Security Risk Analysis: Assessment, Measurement, Management, Mitigation, Transference and Communication.
    4) IA compliance: HIPAA, SOX, FERPA, Data Breach Disclosure Laws, FISMA, Gramm Leach Biley and PCI DSS
    5) IA standards: Rainbow series
    6) Systems Certification and Accreditation
        a. DoD Policies and Directives
        b. Roles/Players
        c. Components of the C&A process
        d. Certification Boards and Panels
        e. NIST Risk Framework (SP800-37)

3. Detailed Description of Conduct of Course

The course is a series of lectures that present the theory. Students will work on projects involving case studies and design of security plans and policies.

4. Goals and Objectives of the Course

Students who complete the course will be able to:
    1) Describe how risk relates to a system security policy and the various risk analysis methodologies.
    2) Categorize risk 1) with respect to technology; 2) with respect to individuals, and 3) in the enterprise, and recommend appropriate responses.
    3) Compare the advantages and disadvantages of various risk assessment methodologies and select the optimal methodology.
    4) Describe applicable laws for compliance in a given situation.
    5) Describe what the laws mandate and where they apply.
    6) Conduct audits to determine compliance with laws.
    7) Define certification and accreditation.
    8) Apply their knowledge to effectively manage a security program.
    9) Examine the placement of security functions in a system and describe the strengths and weaknesses
    10)Develop various security plans, policies and procedures such as business continuity, disaster recovery, protection of IP, patch and change
       management

5. Assessment Measures

Assessment of student achievement is measured by written tests and through projects completed outside of class.

The course covers principles, policies, procedures and management in security. It includes information assurance governance, risk, compliance, planning and procedures. 

 

Security and Privacy of Cyber Physical Systems (ITEC 475)

Learn more about ITEC 475

Detailed Description of Content of Course

Topics include:
1) Introduction to Cyber-Physical Systems.
2) Overview of Security and Privacy in Cyber-Physical Systems.
3) Network Related Challenges to Cyber-Physical Systems.
4) Quantifying Privacy in Cyber-Physical Systems.
5) Cyber-Physical Systems and National Security.
6) Legal Issues in Cyber-Physical Systems.
7) Management of Cyber-Physical Systems.
8) Cyber-Physical Systems and Cloud Computing.
9) Cryptography and Security of Cyber-Physical Systems.
10) Vulnerabilities of Wireless Sensor Networks.
11) Attack Detection in Cyber-Physical Systems.
12) Data Security and Privacy in Cyber-Physical Systems.


Detailed Description of Conduct of Course

This course will be taught in a lecture format. Often, the course will employ student presentations.


Goals and Objectives of the Course

Students who complete the course will be able to:  
1) Identify and describe Cyber-Physical Systems and distinguish those systems from other traditional applications.
2) Identify and describe vulnerabilities threats and attacks on Cyber-Physical Systems.
3) Analyze the design of a Cyber-Physical System to identify the explicit vulnerabilities of that system.
4) Apply appropriate security controls to secure a Cyber-Physical System.
5) Identify and describe the management, legal, and privacy concerns related to Cyber-Physical Systems.


Assessment Measures

Evaluation may be based on projects, case studies, and at least two examinations. The instructor may also use quizzes or other assessment strategies.

An introduction to Cyber-Physical Systems focused on the threats, vulnerabilities, and other challenges facing these systems and how those threats impact the capability, adaptability, scalability, resiliency, safety, security, and usability of those systems.

 

Physical Security (CRJU 412)

Learn more about CRJU 412

Detailed Description of Content of Course

1. The nature of private security and crime prevention

            a) what is private security and how is it conducted in the United States today?

            b) what is crime prevention and what are some practical techniques for implementing it?

            c) the interface between crime prevention and the modern practice of private security

2. A detailed description of private security

            a) types of agencies

            b) duties and responsibilities of private security officers

            c) the extent of private security in America

3. Public/Private Interface

            a) legal authority

            b) complementary roles

4. Preventing losses from criminal actions

            a) criminal and civil actions

            b) enforcing proprietary rights

5.Preventing losses from accidents

            a) OSHA

            b) accident prevention

             c) fires

6. Security Approaches and Environmental Design

            a) security levels

            b) maximum security psychology

            c) E/S concepts

            d) defensible space concepts

7. Physical Barriers

            a) doors

            b) roofs and floors

            c) fences

            d) walls and moats

8. Locks

            a) terminology and components

            b) types of locks

            c) attacks and countermeasures

9. Safes and Vaults

            a) types of locking mechanisms

            b) alarms

            c) attacks and countermeasures

10. Lighting

            a) terms and components

            b) types of lighting sources

            c) applications guidelines

11. Alarms

            a) terms and components

            b) transmissions and signalling

            c) attacks and countermeasures

 

Detailed Description of Conduct of Course

This course will consist primarily of class lecture, class discussion and hands-on projects.  Basic concepts, principles and definitions will be presented. Class discussion and projects will expound on the basic concepts. Numerous outside speakers on specific topical areas will address the class during the semester.

 

Goals and Objectives of the Course

After completion of the course, the student should be able to:

1. Describe the basic operations of varied private security agencies in America.

2. Critically evaluate the purposes and goals of those agencies.

3. Describe and apply the principles of environmental design, defensible space and security design to practical situations.

4. Articulate a basic working knowledge of the components and terms in the specific topics of physical barriers, locks, safes, vaults, lighting and alarms.

 

Assessment Measures

Knowledge and understanding of the material covered in this course, as well as the ability to apply it to real life situations, may be measured using an array of assessment tools that can include tests, formal papers, informal writing assignments, written projects, and formal oral presentations. Instructors of this course can choose among these assessment tools and may develop others if they deem it appropriate.

An introduction to private security administration and crime prevention measures utilized by industrial, commercial and community agencies.

 

Computer Organization (ITEC 352)

Learn more about ITEC 352

Detailed Description of Course

Topics include:
    1) Digital Logic
    2) Data Representation and arithmetic
    3) Instruction Set Architecture and assembly programming
    4) Compilation, assembly, and pipelining
    5) Memory and peripherals
    6) System software
    7) Error detection and correction

3. Detailed Description of Conduct of Course

The focus of this course is to understand low-level programming and hardware components.  Students are given an opportunity to perform experiments with hardware kits.

4. Goals and Objectives of the Course

Students who complete the course will be able to:
    1) Perform fixed and floating point arithmetic of positive and negative numbers represented in various standard representations such as the
       IEEE 754 floating point format.
    2) Develop, simplify, and analyze simple digital circuits to develop the ALU and Memory (combinational and sequential circuits) using both the basic
       gates such as AND, OR, NOT, NAND, and NOR as well as other building blocks such as Multiplexers, Decoders, and Flip-flops.
    3) Implement programs in assembly language.  Example programs include computing arithmetic operations and simulating simple control structures
       such as if-else and while and for loops.
    4) Demonstrate an understanding of the relationship between computer languages and the machines they run on, by converting assembly code into
       object (machine) code by following the steps of an assembler.
    5) Explain the working, analyze the pros and cons, and compute the performance of various components: multi-level caches, virtual memory, and
       cpu pipelines.


5. Assessment Measures

Graded assignments typically include at least one in-class exam and a final exam.  Frequent problem sets are also assigned and graded.  A hardware project may also be required.

Covers relationships among computer components, structures and systems, hardware features, costs, and capabilities.

 

Operating Systems (ITEC 371)

Learn more about ITEC 371

Detailed Description of Content of Course

Topics include:
1. Introduction and history of operating systems
2. Computer system structures
3. Operating system structure
4. Process/Processor management
5. Storage/Memory management
6. I/O systems
7. Distributed systems
8. Protection and security
9. Case studies
10. Ethics


Detailed Description of Conduct of Course

This course can be taught either as a survey of different operating systems and how each deals with the common problems which they must address, or as an in-depth treatment of a single operating system. In either case, the operating system(s) chosen must include multi-user support, multi-tasking, and virtual memory. Programming projects might include simulation of a particular aspect of operating system behavior or the implementation of the actual operating system facility being studied.


Goals and Objectives of the Course

Students who complete the course will be able to:

1. Describe the functions, structures and history of operating systems.
2. Demonstrate an ability to understand and apply design issues associated with operating systems.
3. Demonstrate an ability to understand and apply various process management concepts including scheduling, synchronization, and deadlock.
4. Be familiar with multithreading, protection and security mechanisms.
5. Explain and apply concepts of memory management including virtual memory.
6. Explain and apply techniques of system resources sharing among the users.
7. Explain and apply issues related to file system interface and implementation, disk management.
8. Be familiar with various types of operating systems including Unix.


Assessment Measures

Several projects and at least 1 in-class exam and a final exam are used to evaluate the student.

Principles of operating systems including interaction between operating systems and architecture of computer systems with emphasis on resource management.  

 

Introduction to Computer Networking (ITEC 350)

Learn more about ITEC 350

Detailed Description of Content of Course

Topics include:
1. Introduction
    a. Reasons for networking
    b. Concept and rationale for network layers
    c. Classification of networks: PAN (personal area networks), LAN (local area networks), MAN (metropolitan area networks), and WAN (wide area networks)
    d. Network standards and standard bodies
2. Applications and Layered Architectures
    a. Protocols, services, and layering
    b. ISO’s OSI (open systems interconnection) reference model
    c. TCP/IP (Transmission Control Protocol/Internet Protocol) protocol stacks
    d. DNS (Domain Name Systems)
    e. IP addressing and subnetting
    f. Connectionless vs. connection-oriented services
    g. Segmentation and reassembly
    h. Multiplexing: FDM (frequency division multiplexing), TDM (time division multiplexing), WDM (wavelength division multiplexing)
        i. Network analyzers
3. Digital Transmission Fundamentals
    a. Line Coding: unipolar NRZ (non-return-to-zero), polar NRZ, NRZ-inverted differential encoding, bipolar encoding, Manchester encoding, differential Manchester encoding.
    b. Error detection and correction: single parity bit, multi-dimensional parity check, CRC (cyclic redundancy check) polynomial codes
4. Peer-to-Peer Protocols and Data Link Layer
    a. ARQ (Automatic Repeat Request) protocols and reliable data transfer: stop-and-wait ARQ, go-back N ARQ, selective repeat ARQ, sliding window protocols
    b. Flow control
5. Medium Access Control Protocols and Local Area Networks
    a. Wireless LAN
6. Packet-Switching Networks
    a. Routing in packet-switching networks: centralized vs. distributed routing, static vs. dynamic routing, flat vs. hierarchical routing, flooding
    b. Shortest path routings: distance vector protocols (Bellman-Ford-Fulkerson shortest path algorithm), link state protocols (Dijkstra shortest path algorithm)
7. Communication Networks and Services
    a. IRP (internet routing protocols): RIP (routing information protocol), OSPF (open shortest path first), BGP (border gateway protocol)
    b. DHCP (dynamic host configuration protocol), NAT (network address translation), and mobile IP
8. Security Basics
    c. Confidentiality, integrity, authentication
    d. Packet sniffing, IP spoofing, DoS (denial of service), DDoS (distributed DoS)
    e. Symmetric key cryptography: substitution cipher, DES (data encryption standard),
    f. Asymmetric key cryptography: Public key infrastructure - RSA, confidentiality, digital signature, authentication


Detailed Description of Conduct of Course

Course is conducted using lecture, and students complete a network lab project. In the lab project, students establish a small local area network with Internet accessibility, file sharing, and other features using routers, switches, and multiple computers. Students will begin the project with cabling and installing various operating systems on the computers.


Goals and Objectives of the Course  

Students who complete the course will be able to:
1. Identify and describe the responsibilities of each of the seven layers of the OSI reference model defined by the  ISO.
2. Describe the implementation of the common protocols within the different layers of the TCP/IP protocol suite.
3. Set up a small network with a router, a switch, and multiple computers.
4. Identify common security weaknesses within a network and describe their solutions.
5. Write a survey paper on a leading edge topic related to networks and give a presentation.

Assessment Measures

In-class exams and the lab project will be used to measure each student’s performance.

This course covers networking concepts including the ISO reference model, TCP/IP protocol, and various network classifications as well as hands-on experience.

 

Programming in C & UNIX (ITEC 310)

Learn more about ITEC 310

Detailed Description of Content of Course

Topics include:
1. C language history
2. C Simple data types
3. C control structures: assignment, conditional and iterative control structures
4. C functions: parameter passing
5. Structured design: structured decomposition, debugging strategies
6. C arrays, pointers and strings: array out of bound
7. C structures
8. Data structures: stacks, queues, linked lists, trees
9. C files
10. C bit operations
11. C enumerated data types, preprocessor, interacting with operating systems, inter-process communication
12. Unix history and editors: vi
13. Basic Unix commands: cd, pwd, file, date, touch, ls, chmod, cp, mv, rm -r, mkdir, rmdir, >, <, |, echo, cat -n, more, less, strings, last, head, tail, script, image, mount, df, tar cxzf, ps, bg, ctrl-z, jobs, fg, kill, ctrl-c, &, wc, paste, od
14. Unix filters and utilities: grep, egrep, fgrep, sort, find
15. Unix shells: tcsh, Bourn shell commands
16. Unix shell scripts: parameter passing
17. Unix file, directory and processes: hidden files, filename, inode, boot block, superblock, inode table, hard link, soft link
18. Unix system administration


Detailed Description of Conduct of Course

Lecture topics will include features of the C programming language, the tools and services provided with the Unix operating system, and the use of these by C programs.  Students will design and implement programming projects to explore and reinforce these concepts.


Goals and Objectives of the Course

Students who complete the course will be able to:
1. Demonstrate an ability to understand and apply mathematical concepts when writing a C program to solve a problem.
2. Describe, design and implement a C program using functions and a linked data structure.
3. Describe, design, and use a shell command and its options.
4. Describe Unix file and directory structures.
5. Describe, design, and implement a Unix shell script.


Assessment Measures

Students will be evaluated based on several programming projects and a minimum of two examinations.

Introduces the C programming language including C library routines and the system call interface to the Unix operating system. File and terminal I/O, process control, and inter process communication are also covered.