Degree Requirements

This course provides the framework and language to understand what is considered an information security problem. This includes understanding the essential properties of information security -- confidentiality, integrity, and availability -- as well as ways to implement controls that ensure the application of those properties. There are several control frameworks in use around the world that provide easy starting places to ensure protections are in place. This course will help students evaluate those control frameworks for applicability in their environments. (3 credits)

The threat landscape in the world today is poorly understood, often being diluted to easy and pithy words and phrases that do not adequately explain what is happening or who the attackers are. This course is about clearly identifying threat actors and their motivations, including the geopolitical and economic reasons for their actions. Misunderstanding the adversary can lead to missing the best approaches to circumventing attacks, as well as opportunities to think more broadly about how to address security-related issues globally rather than using only local controls at each individual business. (3 credits)

Information security is all about people. People are the first, last, and best line of defense. Attackers regularly make use of this understanding, spending a lot of time thinking about how to best manipulate people into performing actions against their best interests. Too often, security practitioners believe they can require people to behave in certain, tightly circumscribed ways. They miss that humans will continue to be humans, so it is best to work with them rather than against them. Understanding not only the attacker mindset but also the mindset of the people within the organization can help identify the best controls to implement. (3 credits)

Appropriate security must start with business needs, since the business defines what essential resources they can invest in that effort. This begins with policies but continues through standards and processes. None of these can be developed in isolation, however, nor can they remain stagnant since attacker techniques are continuing to evolve to counter controls in place. This is why threat intelligence and effective communication with staff and external stakeholders are both essential. (3 credits)

A common approach to identifying defensive strategies is to go on the offensive. The theory is, if a friendly entity identifies vulnerabilities, they can be remediated before an attacker can identify them. However, some of these practices simply result in a false sense of security for organizations. Students will come away from this course with an understanding of what types of offensive security practices would be best for their organization. (3 credits)

Offensive security can be helpful to identify vulnerabilities that need to be addressed, but you can’t protect against everything. Organizations need to be vigilant and have the necessary visibility to notice when attackers are attempting to compromise systems. This requires appropriate architectures that enable extensive logging and the ability to consume and act on those logs. Again, this requires threat intelligence to know what is happening in the world with respect to threat groups and their activities, as well as an understanding of business requirements to identify attempts to compromise critical information assets. (3 credits)

Logging and alerting are important to get visibility into activities within the business systems but as soon as an alert happens, the organization needs to be able to respond. Often, there is a focus on the purely technical investigation when people look at incident response. This entirely misses the planning that is required when building the incident response plan and framework, since there are a variety of legal, management, regulatory, and communications considerations. These are not the types of considerations that should be considered in the middle of a crisis when an attacker is in the environment, as that is a luxury of time that no organization has at that moment. (3 credits)

Learning to program is an essential practice, since it forces a structured, logical way of thinking, while also encouraging a level of creativity in problem solving. Languages like C have been used to teach programming for decades, but C has been enabling very bad programming practices since the late 1960s. Newer languages like Rust encourage better programming practices, focusing on solid exception handling, in addition to good memory management techniques. This course is a primer on programming in Rust, without the expectation of anyone coming out an expert in programming but having had an understanding of the approach to problem solving necessary for programming tasks. (3 credits)

Vulnerabilities often start in software. This is not entirely true, since the biggest source of vulnerabilities is the human element, but to the extent possible, vulnerabilities can be controlled with solid software testing and validation. This course will build on the programming skills from the Programming in Rust course, introducing testing practices and principles used against software, including native as well as web-based applications. (3 credits)

The software industry is undergoing a major shift in the delivery of functionality to the end user. Many traditional native applications (applications that run on a local system) are moving to a web-based delivery model, where a uniform interface is used regardless of the application -- the web browser. This shift has put a lot more control back in the hands of the company developing the software and has the potential to enhance security, by reducing vulnerabilities and enabling better resilience in a more cost-effective way. This course introduces security early in the software development lifecycle, identifying ways to inject security practices in the requirements, development, testing and deployment phases. Understanding how to protect information from the start of the development process all the way through deployment of software will go a long way to making it harder to get to information assets. (3 credits)

This course examines American crime problems in a historical perspective, examines crime causation, social and public policy factors affecting crime, the impact of crime and crime trends, social characteristics of specific crimes, and the prevention of crime. (3 credits)

Examine the relationship between society, the law, and causes of violence applying sociological concepts such as inequality, stratification, social control and social change. Includes analysis of violent behaviors, law enforcement practices, court processes, the legal professions, the law itself, and related social institutions. (3 credits)

 

This course intends to offer learners a multi-layered approach to resolving the most natural, and often the most pernicious of human interaction, conflict. Regardless of the parties involved, conflict is ever present and must be resolved. As such, this course takes a perspective assuming that everyone, every day, is presented with conflicting ideas, data, information, positions, and decision-making. This relentless conflict calls on the use of cognitive and communication skills that appropriate the proper strategy needed to reach resolutions between the differing parties. Beginning with Roger Fisher and William Ury's seminal work (1981) on principled negotiation, and including the traditional technique of positional bargaining (win/lose), this course encourages learners to challenge their assumptions, identify alternative techniques, and discuss the fundamental components inherent in all negotiations, i.e., issues versus interests. This course goes beyond the principles associated with the investigation of the many intricacies of negotiations and bargaining. Since negotiation is considered an artistic skill, classroom time is reserved for exercises is to practice developing the skills necessary to negotiate successfully. (3 credits)

Teaches students software life cycle project management including estimating, project planning, project monitoring, and use of standards, reviews and software control mechanisms. (3 credits)