Core Curriculum (34 credits)
The MSCSE core curriculum creates a baseline of knowledge for students to operate within the world of cyber security. Core classes balance the needs of security engineers to apply secure development concepts coupled with theoretical computer science; all within a framework of ethical best practices. (Note that the course numbers and course names are subject to change during the formal course approval process).
Ethics and social responsibility are important objectives of all information assurance and cybersecurity courses taught as part of this program. In addition to explicit discussion in the context of specific subject areas of each course, each student enrolling in these courses will be expected to sign a “Cyber Security Code of Conduct” in order to underscore the importance of these concerns.
CSS 514 Security Policy, Ethics, and the Legal Environment (2 cr Seminar)
Addresses ethical, legal, and policy frameworks within which information assurance and secure development lifecycle professionals must practice. Covers ethical, moral, legal and policy issues related to computers and telecommunications systems, such as how they impact privacy, fair information practices, equity, content control, and freedom of electronic speech.
CSS 515 Contemporary Issues in Information Assurance (2 cr Seminar)
Addresses current developments in information assurance and cyber security with focus on the changing threat spectrum, legal developments, international relationships, intellectual property protection, with emphasis from the ethical and moral perspectives. Students will be exposed to communities and resources important to becoming a responsible professional in the security field. Prerequisites: CSS 514 or CSS517
CSS 517 Information Assurance and the Secure Development Lifecycle (5)
Covers the foundations of Information Assurance (IA) and the Secure Development Lifecycle (SDL) needed to understand and apply best practices for development and on-going support of secure software systems in organizations. Uses workshops and applied project to practice methods and create artifacts important to IA principles.
CSS 519 Incident Response and Recovery (5)
Explores management of response to security incidents including identification, examination, and integration of diverse crisis and emergency management, disaster recovery, and organizational continuity management issues. Also covers incident tracking, patch management, and corrective responses to internal and external stakeholders. Prerequisite: CSS 517.
CSS 527 Cryptology and Data Protection (5)
Explores symmetric and asymmetric cryptography, key management, and encryption algorithms including DES, AES, RSA, PGP and SSL. Public key infrastructures and virtual private networks are discussed. The course covers protocols, hashing, digital signatures, and certificates and certificate authorities. Cryptanalytic methods are introduced. Policy considerations such as key escrow and recovery and export controls are discussed. Website security issues are addressed as well as electronic commerce security. Issues such as certificate management, certificate revocation cycles, and scalability of PKI solutions are included. Strengths and weaknesses of symmetric and asymmetric cryptography are covered, as well as joint solutions that optimize the strengths of both approaches.
CSS 537 Network and Internet Security (5)
Covers the policies, practices, procedures, and technologies other than cryptology, as well as aspects of data protection, that comprise the protection process for information assurance and the Secure Development Lifecycle. The course addresses identification, authentication, access control, multilevel security, and authorization. Security models and kernels are introduced. Network security design and management issues are explored including use of IPSec, VPNs, and various forms of wireless networking. The role of cryptography in managing access control is discussed. Prerequisites: CSS 527
CSS 577 Secure Software Development (5)
This course covers development of security requirements and the design, development and implementation of secure systems. Principles of secure design and coding are covered in depth. Vulnerabilities and countermeasures for both computer systems and networks are explored. Effects of operating systems and machine architecture upon computer security are discussed. Methods for testing and verification of security features and capabilities are presented. Prerequisite: CSS 517
CSS 578 Vulnerability Analysis and Detection (5)
Focuses on approaches to identifying vulnerabilities in an information infrastructure and assessing the risk imposed by such vulnerabilities. Specific technologies and techniques used by hackers, spies and thieves to obtain access to sensitive, private information are discussed and explored. Includes security auditing, mapping of networks, patch management, security configuration management, and the use of automated tools for identifying and characterizing vulnerabilities. Physical security is discussed. Methodologies and technologies for penetration testing of systems and networks are explored. The use of social engineering as a method for gaining information concerning and access to information infrastructures is described and discussed. Strategies are developed for mitigation of risks prior to occurrence of a security-compromising incident. Prerequisites: CSS 537