MIS 3507: Defending Against Cybercrime
Spring 2019
- Professor
- Dr. Anthony Vance
- Web: anthonyvance.com
- Email:
- Phone: +1 801 361 2531
- Office Hours
- Location: Speakman 207E
- Hours: MW 2:30-3:45pm
- Or, by appointment
Course Information
Course Description
This course is a broad introduction to the managerial issues of information security. Because security is multifaceted, the topics of the class range widely, including technical (e.g., cryptography), managerial (e.g., policy compliance), physical (e.g., door locks), and psychological (e.g., social engineering) issues. A key objective of the class is to develop a security mindset, in which one learns to think like an attacker for ways to exploit a system.
Course Communication
We will use Slack for course communication. Add an account at https://cybersec-s19.slack.com. Please install laptop and phone apps so that you receive notifications. Use your @temple.edu email address for instant verification.
Course Schedule
Please refer to the calendar on canvas.temple.edu for a schedule of course lectures and assignment due dates.
Learning Outcomes
- Develop a security mindset
- Learn to think like a security professional—how to identify threats like an attacker, and how to model and mitigate those threats.
- Gain a working knowledge of methods of protecting data
- Gain a working knowledge of modern methods of protecting data: encryption, hashing, confidentiality, authentication, integrity, non-repudiation, certificates, and IP security.
- Learn methods of attack and defense
- Learn methods of attacking systems and how to protect against those methods of attacks.
- Appreciate the broad disciplines required for IS security
- Appreciate the broad disciplines required for information security to work. We'll cover subjects as diverse as cryptology, physical security, psychology, and management.
Technology Requirements
- You will need a laptop with at least 8GB of RAM and 50GB free storage.
Materials
- Security Engineering 2e by Ross Anderson (available online here)
- “Secrets & Lies” by Bruce Schneier (available online through Temple Library)
Grading
| Item | Points |
|---|---|
| Quizzes | 75 |
| Labs | 300 |
| Midterm project | 150 |
| Threat assessment project | 75 |
| Participation | 50 |
| Course Evaluation | 10 |
| Security Book Report | 75 |
| Security Film Reports | 50 |
| Final Exam | 200 |
| Total | 1000 |
| Extra Credit | Value |
|---|---|
| Security Movie for Extra Credit | Replace 1 quiz |
| Security Book for Extra Credit | Replace 1 lab |
Grading Scale
| Grades | Points |
|---|---|
| A | 930 |
| A- | 900 |
| B+ | 870 |
| B | 830 |
| B- | 800 |
| C+ | 770 |
| C | 730 |
| C- | 700 |
| D+ | 670 |
| D | 630 |
| D- | 600 |
| F | Less than 600 |
Classroom Policies
Participation Policy
Contribution will account for 5% of your final grade. Most students will earn 80% of these points. Students who are exceptional and go above and beyond in enhancing the classroom experience may receive a higher score.
The following list is not comprehensive, but rather an example of items weighted in the contribution category:
- Providing feedback on the class via the course evaluation
- Treating others with respect
- Showing courtesy for presenters (guest speakers, instructor, students)
- Participating in class discussions
- Arriving on time and not leaving early
- Not using technology inappropriately (distracting yourself or others)
Team Work and Freeloader Policy
It occasionally happens in class and organizational settings that someone in a group is not prepared to do their share. In the case of this class, I recommend that the team give the freeloader one warning and then fire that person from the team. That person will then do group assignments individually or find another team to join. The team should notify me of the change in team composition immediately. I will distribute a form to assess team participation at the end of the semester. If a major disparity in team contribution is reported, I will adjust team project grades.
Classroom Procedures
It is alright to use your laptop to take notes, but do not use it for non-class related activities. Not only does this diminish your learning experience, but it distracts those around you.
Out of respect for our guest speakers, do not use electronic devices (e.g., laptops and cell phones) during their presentations. If you want to take notes, please do so on paper.
Late Work
All assignments and projects are to be submitted on time or early, so plan accordingly. If you have to miss class, please submit your assignment early. On VERY rare occasions, an exception may be granted, allowing the student to submit the work late with a 20% penalty. Under no circumstances will anything be accepted more than a week late.
Assignments
Labs
Labs are hands-on learning activities that will be introduced in class and completed outside of class. Labs are typically due one week after they are introduced in class.
You can find instructions for each lab here.
Midterm Vulnerability Assessment Project
This is a group project. The midterm will be a vulnerability and penetration assessment report of a server. On Monday, March 18th, Teams of students will be given an IP address of a server to assess for security weaknesses. The midterm report will be due one week later on Monday, March 25th. The report will be written for a management audience.
You can read instructions for the midterm here.
Current Event Threat Assessment
This is a group project. Teams will choose a recent security breach incident and report on it as if it just occurred. The report will summarize the incident and give recommendations for how to manage the threat. The report will also include a risk assessment of other potential threats the chosen organization faces, along with recommendations for mitigating each identified threat. Deliverables include a written report.
Assignment description here.
Readings Quizzes
Most readings and videos on the schedule have associated quizzes. Quizzes are open book, open Internet and must be completed within 20 minutes. Quizzes are administered on Canvas.
Quizzes are due 30 minutes before class on the assigned date.
Required Security Book
You are required to read one of the books on the "Security Readings” list at the end of this document by the last day of class, April 29th. To receive credit, submit your report via a quiz posted on Canvas. Indicate which book you read, whether you read the whole book, and give your brief reaction to it.
Required Security Films
Two films are required viewing for this course: “Zeros Days” and “Citizenfour.” To receive credit, complete one security film report quiz for each film. Simply indicate (1) that you watched the whole film, (2) give a brief reaction to the film, and (3) describe how the film relates to the class.
Final Exam
The final exam will be administered via Canvas and will be available to take any time during finals week, May 2–8th. The exam will be open notes, open internet, closed neighbor. You will have two hours to complete the exam. Questions will be mainly multiple choice and will consist of conceptual and practical hands-on questions that draw on the lab assignments.
Certification Alternative for Final Exam
As an option, students seeking certification may replace the final exam by passing the Security+ certification or another certification approved by Dr. Vance. You can substitute your score on the certification (plus an adjustment—5% for the Security+) for the final. For example, if you received an 85% on the Security+ exam you would receive a 90% for your final exam score.
To receive credit for the certification, a student must show evidence of having taken the certification exam by the last day of class (April 29th). If a student doesn’t show Dr. Vance evidence of passing the certification by this date, then he/she will be required to take the final exam.
Extra Credit
You can replace your lowest quiz score by watching a third film from the Security Readings and Films list and indicate (1) that you watched the whole film, (2) give a brief reaction to the film, and (3) describe how the film relates to the class.
Similarly, you can replace your lowest lab score by reading another book from the Security Readings and Films list and submitting a few sentences about what you thought about it.