Core Curriculum (34 credits)
The MSCSE core curriculum creates a baseline of knowledge for students to operate within the world of cyber security. Core classes balance the needs of security engineers to apply secure development concepts coupled with theoretical computer science; all within a framework of ethical best practices. (Note that the course numbers and course names are subject to change during the formal course approval process).
Ethics and social responsibility are important objectives of all information assurance and cybersecurity courses taught as part of this program. In addition to explicit discussion in the context of specific subject areas of each course, each student enrolling in these courses will be expected to sign a “Cyber Security Code of Conduct” in order to underscore the importance of these concerns.
CSS 514 Security, Policy, Ethics, and the Legal Environment (2)
Addresses ethical, legal, and policy frameworks within which information assurance and secure development lifecycle professionals must practice. Covers ethical, moral, legal and policy issues related to computers and telecommunications systems, such as how they impact privacy, fair information practices, equity, content control, and freedom of electronic speech.
CSS 515 Contemporary Issues in Information Assurance (2)
Addresses current developments in information assurance and cyber security, such as the changing threat spectrum, legal developments, international relationships, and intellectual property protection with an emphasis on the ethical and moral perspectives. Covers communities and resources important to becoming a responsible professional in the security field. Prerequisite: either CSS 514 or CSS 517.
CSS 517 Information Assurance and the Secure Development Lifecycle (5)
Covers the foundations of Information Assurance (IA) and the Secure Development Lifecycle (SDL) needed to understand and apply best practices for development and on-going support of secure software systems in organizations. Uses workshops and applied project to practice methods and create artifacts important to IA principles.
CSS 519 Incident Response and Recovery (5)
Explores management of response to security incidents including identification, examination, and integration of diverse crisis and emergency management, disaster recovery, and organizational continuity management issues. Also covers incident tracking, patch management, and corrective responses to internal and external stakeholders. Prerequisite: CSS 517.
CSS 527 Cryptography and Data Assurance (5)
Explores symmetric and asymmetric cryptography, key management, and encryption algorithms such as DES, AES, RSA, and PGP. Discusses PKI, SSL, and VPN including how to use protocols, hashing, digital signatures, and certificates and certificate authorities. Covers policies, procedures, and methods for the proper use of cyptography in secure systems. Prerequisite: either CSS 517, which may be taken concurrently or permission of instructor.
CSS 537 Network and Internet Security (5)
Examines the theory and practice of network security, the role of cryptography, and the current state of the art in building secure networked systems. Covers topics such as access control, authentication, perimeter security defense, firewalls, virtual private networks, intrusion detection systems, and wireless security and network security auditing tools. Prerequisite: either CSS 517, which may be taken concurrently or permission of instructor.
CSS 577 Secure Software Development (5)
Examines secure design and secure coding principles, practices, and methods including least privilege, threat modeling, and static analysis. Covers common vulnerabilities such as buffer overruns, integer overflows, injection attacks, cross-site scripting, and weak error handling in detail.
CSS 578 Vulnerability Analysis and Detection (5)
Explores vulnerability analysis and exploitation, penetration testing tools, and defense techniques. Covers topics such as OS fingerprinting, remote network mapping, software and operational vulnerabilities, attack surface analysis, fuzz testing, patch management, and security auditing. Prerequisite: either CSS 517, which may be taken concurrently or permission of instructor.