COS 232: Computer & Network Security I
A study of the fundamentals of operating system, network, and application security. Major areas of exploration include: fundamental security design principles, application vulnerability analysis, network penetration testing, basic cryptography, and defensive programming techniques.
Cybersecurity Knowledge Areas
- Cryptography
- Cyber Defense
- Cyber Threats
- Defensive Programming
- Foundational Concepts in Security
- Fundamental Security Design Principles
- Information Assurance Fundamentals
- Introduction to Cryptography
- Network Security
- Principles of Secure Design
- Threats and Attacks
- Web Security
Coverage
CAE 2014 Topics
- Cyber Defense (tier 1)
- Network mapping (enumeration and identification of network components)
- Cyber Threats (tier 1)
- Adversaries and targets
- Fundamental Security Design Principles (tier 1)
- Separation (of domains)
- Information Assurance Fundamentals (tier 1)
- Threats and Adversaries
- Introduction to Cryptography (tier 1)
- Symmetric Cryptography (DES, Twofish)
CAE 2014 Outcomes
- Cyber Defense (tier 1)
- Describe potential system attacks and the actors that might perform them
- Cyber Threats (tier 1)
- Students will be able to identify the bad actors in cyberspace and compare and contrast their resources, capabilities/techniques, motivations, aversion to risk
- Fundamental Security Design Principles (tier 1)
- List the first principles of security
- Information Assurance Fundamentals (tier 1)
- List the fundamental concepts of the Information Assurance / Cyber Defense discipline
- Introduction to Cryptography (tier 1)
- Identify the elements of a cryptographic system
ACM 2013 Outcomes
- Principles of Secure Design (tier 1)
- Describe the principle of least privilege and isolation as applied to system design
- Foundational Concepts in Security (tier 1)
- Describe the concepts of risk, threats, vulnerabilities and attack vectors (including the fact that there is no such thing as perfect security)
- Defensive Programming (tier 1)
- Explain why input validation and data sanitization is necessary in the face of adversarial control of the input channel.
- Threats and Attacks (tier 2)
- Describe likely attacker types against a particular system
- Principles of Secure Design (tier 2)
- Describe the concept of mediation and the principle of complete mediation
- Network Security (tier 2)
- Describe the different categories of network threats and attacks
- Cryptography (tier 2)
- Describe the purpose of cryptography and list ways it is used in data communications
- Web Security (tier 3)
- Describe the browser security model including same-origin policy and threat models