635.676.81 - Cybersecurity in Information Systems
Description
This course describes the systems security engineering process, focusing on security during the design and implementation of information systems. Topics include architecture and design principles, risk assessment, resiliency, and security metrics. The course addresses emerging topics in cybersecurity including wireless security, cloud security, cross domains and the government standards and processes for secure information systems; surveys many aspects of cybersecurity and its impact on the enterprise; and lays the groundwork to architect and build a natively more secure system that can withstand hacking attacks and continue to deliver basic functionality to the enterprise. We will address the federal government standards and recommendations as well as industry’s best practices. Students will cover the basic concepts of information security and research the latest security incidents including external attacks and internal leaks to assess and analyze the exploited vulnerabilities. By learning from current incidents, students can build systems that adapt quickly to emerging threats and potentially continue to serve the enterprise, even while under attack. Additionally, the course addresses the assessment of emerging technologies to determine the potential threats to the enterprise as well as the usability to secure the enterprise. Finally, we will address the subject of legal and ethical access control and the balance between privacy and security.
Expanded Course Description
This course focuses on the systems security engineering process, concentrating on security during the design and implementation of information systems. Topics include architecture and design principles, risk assessment, resiliency, and security metrics. The course addresses emerging topics in cybersecurity including wireless security, cloud security, cross domains and government standards and processes for secure information systems; this course also surveys many aspects of cybersecurity and its impact on the enterprise; and it lays the groundwork to architect and build a natively more secure system that can withstand hacking attacks and continue to deliver basic functionality to the enterprise. We will address federal government standards and recommendations as well as industry’s best practices. Students will cover the basic concepts of information security and research the latest security incidents including external attacks and internal leaks to assess and analyze the exploited vulnerabilities. By learning from current incidents, students can build systems that adapt quickly to emerging threats and potentially continue to serve the enterprise, even while under attack. Additionally, this course addresses the assessment of emerging technologies to determine the potential threats to the enterprise as well as the usability to secure the enterprise. Finally, we will address the subject of legal and ethical access control and the balance between privacy and security.
Instructor
Sam Farroha
Course Structure
The Cybersecurity in Information Systems course is an application and research-based course that will focus of developing basic Cybersecurity skills in addition to investigating advanced concepts in the area. The goal is to enable students to be able to assess emerging threats even before it materializes and help build protections for their information systems. The students are expected to prepare for the lecture by reading the text and provided materials and be ready to discuss the topics during the class period. Moreover, during the semester the students are expected to present their research and projects and discuss emerging information systems threats and disruptive technologies.
The class will be composed of lectures, analysis of current threats, mini-research presentations and discussions, and project presentations. Since the best way to learn the material is through a comprehensive project, there will be a period after each lecture for the students to collaborate with each other and the faculty to work on the project.
Course Topics
Introduction to Cyber Systems Security |
Cyber Security at the age of Internet of Things and pervasive connected systems |
Malicious Attacks, Threats, and Vulnerabilities |
Business Drivers of Cyber Security and Economic Impacts |
Planning for Security and Creating Risk Assessment, Response, and Recovery |
Security Enabling Technologies and Access Controls |
Security Technologies and tools |
Security Operations and Administration |
Auditing, Testing, and Monitoring |
Advanced Cybersecurity Topics - Slides and references are based on current/emerging technologies – extra references provided |
Emerging technologies affecting Cybersecurity needs and Implications - Slides and references are based on current/emerging technologies – extra references provided |
Malicious Code and Activities |
Cybersecurity Standards and regulations |
Summary Architecting Secure Systems |
Course Goals
This course emphasizes the dynamic nature of cyber threats and empowers the students with the tools and processes to investigate emerging threats to find the optimal solution to their enterprise based on the best available tools and knowledge at the time. This course provides a broad coverage of cyber security vulnerabilities, technologies, impacts and protection mechanisms to leverage in building customized protection required for each enterprise.
Course Learning Outcomes (CLOs)
- Explain to stakeholders cyber security concepts and the value of building native security
- Assess emerging technologies for cyber impact
- Identify, assess, and rank system security risks based on current threats and technologies
- Build defenses that are based on the analysis of security risks and bad actors and that contribute to overall security and privacy
- Understand cyber security processes and lifecycle
- Investigate the human aspects of security and privacy
- Interpret information technology/cyber security standards and practices
- Students will be able to conduct original research to come up with unbiased conclusions on emerging products, technologies, processes, and vulnerabilities. They will also be able to review peer and employee reports and deliver constructive feedback helping the enterprise make the right strategic decisions.
- Students will be able to apply the knowledge gained from this course to their domain by working through the lifecycle of an exemplar Enterprise system.
Textbooks
Required: Fundamentals of Information Systems Security; D. Kim, M. Solomon, 4th Edition; 2023 OR
Fundamentals of Information Systems Security; D. Kim, M. Solomon, 3rd Edition; 2018
Optional: Principles of Information Security; M. Whitman, H. Mattord; 7th Edison; 2022 OR
Principles of Information Security; M. Whitman, H. Mattord; 6th Edison; 2018
Other Materials & Online Resources
Additional materials will be introduced during the course
Student Coursework Requirements
Item Description | % of Grade |
Mini Research | 40% |
Participation | 10% |
Exams/Quizzes | 20% |
Group Project | 30% |
Grading Policy
| Score Range | Letter Grade |
|---|---|
| 100-98 | = A+ |
| 97-94 | = A |
| 93-90 | = A− |
| 89-87 | = B+ |
| 86-83 | = B |
| 82-80 | = B− |
| 79-77 | = C+ |
| 76-73 | = C |
| 72-70 | = C− |
| 69-67 | = D+ |
| 66-63 | = D |
| <63 | = F |
Course Policies
All assignment submissions should be submitted in Microsoft Word, Power point, Excel (any other editable formats require prior approval, PDF is not acceptable) and must be postmarked by the stated deadline. All source code must be submitted with assignments. Please make sure that you have updated malware protection on your system to prevent propagation of malware. Any infected or corrupted submission will count as a missing assignment.
Note 1: for the discussions, your initial submission needs to be posted by Wednesday @ 10PM EST, and responses to peer submission needs to be posted by Friday @ 10PM EST. Second round of comments can take place until the following Monday @ Noon EST.
Note 2: Each mini research should be no less than 1500 words not including front cover and reference listings.
Note 3: For the project, you must include architecture drawings that illustrate your components and their connectivity. You do not need to follow any of the standards, block diagrams with clear labeling are sufficient.
Class Participation: Weekly discussions on reading assignments, current topics, homework, projects, and emerging cyber security issues. Each student is expected to participate on a weekly basis with constructive comments and discussions on assignments and emerging issues in IT security. (10 %)
Mini-Research Papers and Peer Reviews: 3 Mini Research papers, ~3 pages each (~1500 words), individually prepared, properly referenced, then shared for peer review. Each student is expected to provide constructive feedback on at least 2 peer papers in each of the 3 assignments. (40%) [Rubric will be provided]
Mini Research, Project Policy:
- All work must be submitted before 5:00 PM the day it is due or you will not receive credit.
- Please submit your homework on time even if you are unable to attend the class/office hours.
- Mini research should be ~3 pages (~1500 words) written in concise format (executive summary style) with references
- Mini research will be presented to the class in a ~10 minute presentation then lead a discussion
- Remember part of the grade is awarded for leading and participating in the discussions.
- Sample Research Areas: (separate list will be provided with exact topics)
- You need to select from the list
- We need to have a variety of research topics, so First ask, first granted
- Few topics are open to a maximum of two students to work individually and deliver a paper
- Pleas use the discussion area to post your selection and state ( Example Topic 1, 35A, 37, 41B)
- Once a topic is reserved, other students need to make a different selection
- Automated tools that create research papers/essays are prohibited and lead to disciplinary action
- Each Mini Research must be based on at least 3 scholarly articles that are written by experts and published in a peer/expert reviewed scientific journals. (Using Wikipedia, NEWS or journalist articles as well as for profit company-based publications/advertisements are not part of the minimum 3 expert references)
- Please note the weight of each of the research papers
- Mini Research 1 is the first Mini Research that you will submit
Please make sure that you follow the following rules:
- Tests (Exams) are individual Effort
- Developing and delivering Mini Research is an individual effort
- Details are provided in a separate publication
- Project is team effort
- Details are available in a separate publication
- Participation must be done within the specified timeframe to maximize benefit
***** A full course syllabus is published in a separate document ******
Academic Policies
Deadlines for Adding, Dropping and Withdrawing from Courses
Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.
Academic Misconduct Policy
All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.
This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.
Students with Disabilities - Accommodations and Accessibility
Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.
For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.
Student Conduct Code
The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically.
For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/
Classroom Climate
JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity.
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).
Course Auditing
When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.