Optional

CNIT 160: Cybersecurity Responsibilities

Fall 2019 Sam Bowne

Schedule · Lectures · Links · Poll · Home Page

78846 501 Mon 6:10-9:00 PM SCIE 37

Required

Catalog Description

Explores security technology, risks, countermeasures, and consequences, to help decision-makers protect those who rely on them. Includes hands-on activities such as packet analysis, exploiting vulnerable systems, and password cracking, and also research, presentations, and debates about current controversies, laws, and policies. Addresses topics such as surveillance, cyberwar, and computer crime.

Student Learning Outcomes

Upon completion of this course, a student will be able to:

Compare security technologies including encryption, storage, and transmission methods
Evaluate social and political arguments relating to information security and privacy
Engage in healthy and constructive debates that include both technical and political issues around security

Textbook

"CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition" by Peter H. Gregory
Publisher: McGraw-Hill Education; 1 edition (March 19, 2018), ISBN: 1260027031, Buy from Amazon ($35)

Quizzes

The quizzes are multiple-choice, online, and open-book. Study the textbook chapter and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts.
To access the quizzes:

Go to https://canvas.instructure.com/enroll/NH6YBB
If you've taken one of my class previously, you should already have an account on this Canvas server (it's NOT the usual CCSF Canvas system). Otherwise, create a new account.
You should see the course, including the quizzes, as shown below.
After you have joined the course, you can access it at https://canvas.instructure.com
To reset your password, go to https://canvas.instructure.com/login/canvas
Questions? Email CNIT.160@gmail.com

Presentations and Papers

Each student must make two in-class Presentations and write two Papers. Topics must be submitted in advance. Presentations will be strictly limited to four minutes. Papers must be 500 - 1000 words, written in proper grammatical English, and free of plagiarism. Papers must be emailed as plaintext in the body of an email to CNIT.160@gmail.com
Here is an example of a suitable paper:
Xi's choice: Destroy Trump, or save him and weaken America

Live Streaming

To join the livestream, use this Zoom link: https://zoom.us/j/4108472927
Classes will also be recorded and published on YouTube for later viewing.

Email

For class-related questions, please email CNIT.160@gmail.com

Optional Books

Schedule (may be revised)

Mon 8-19

1 Becoming a CISM & Cyberwar

Mon 8-26

Quizzes: Ch 1 & 2a *

2 Information Security Governance

Mon 9-2

Holiday: No Class

Fri 9-6

Last Day to Add

Mon 9-9

Quiz: Ch 2b *

2 Information Security Governance

Mon 9-16

No Quiz
Topic 1 Due (5 pts)

Ming Chow
Senior Lecturer at Tufts University
Department of Computer Science
Twitter: @0xmchow
"Security responsibilities and citizenship"

Mon 9-23

No Quiz

Chris Gastardi
Twitter: @ChrisGastardi
"Digital Forensics Careers in Federal Law Enforcement"

Video not available

Mon 9-30

No Quiz

Alex Muentz
Leviathan Security Group
"Risk Management and Regulation"
Video of Alex not available
Early Presentation 1 (+10)

Mon 10-7

Presentation 1 (50 pts)

3 Information Risk Management

Mon 10-14

Quiz: Ch 3a & Ch 3b
Presentation 1 (50 pts)

3 Information Risk Management

Mon 10-21

No Quiz
Topic 2 due

Marco Palacios
Fortinet
"So, you want to work for the government?"
Late Presentation 1 (-10)

Mon 10-28

Quiz: Ch 3c
Paper 1 due (50 pts)

3 Information Risk Management

Mon 11-4

Quiz: Ch 3d

3 Information Risk Management

Mon 11-11

Holiday: No Class

Mon, Nov 18, 2019
Leonard Bailey
Special Counsel for National Security
in the Department of Justice's (DOJ)
Computer Crime and Intellectual Property
Section (CCIPS) and Head of
CCIPS' Cybersecurity Unit
6 pm in SCIE 37

This talk will not be recorded.
Attend in person or watch the
livestream at https://zoom.us/j/4108472927

Mon 11-25

No Quiz due
Presentation 2 (50 pts)

4 Information Security Program
Development and Management

Mon 12-2

Quiz: Ch 4a & 4b
Late Presentation 2 (-10)

4 Information Security Program
Development and Management

Mon, Dec 9, 2019
Last class
Paper 2 due (50 pts)
Jason Chang
Variable Path, Inc.
"They Hack, You Pay!"
Understanding Your Cybersecurity Vulnerability

Thu 12-13 -
Thu 12-20

Final Exam available online throughout the week.
You can only take it once.

All quizzes due 30 min. before class
* No late penalty until 9-16

Lectures

Syllabus (PDF)
Grading Policy (PDF)

1 Becoming a CISM

Ch 1: Becoming a CISM
Ch 1c: Cyberwar PDF · Keynote
PDF · Keynote

2 Information Security Governance

Ch 2a: Introduction to Information Security Governance
Ch 2c: US v. China
Ch 2b: Security Strategy Development
Ch 2d: Ill Winds
PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote

3 Information Risk Management

Ch 3a: Risk Management Concepts & Implementing a Program
Ch 3b: The Risk Management Life Cycle
Ch 3c: The Risk Management Life Cycle
Ch 3d: Operational Risk Management PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote

4 Information Security Program Development and Management

Ch 4a: Information Security Programs
Ch 4b: Security Program Management
Security Program Operations
IT Service Management
Controls
Metrics and Monitoring
Continuous Improvement PDF · Keynote
PDF · Keynote

5 Information Security Incident Management

Security Incident Response Overview
Incident Response Plan Development
Responding to Security Incidents
Business Continuity and Disaster Recovery Planning

Links
Radix Economic Model (1-31-19) 60% of small companies that suffer a cyber attack are out of business within six months. Larry Diamond talks Russia, China, "Ill Winds" on Kara Swisher podcast (Aug, 2019) North Korea stole $2 billion from banks (SWIFT attacks) and cryptocurrency exchanges for its nuclear weapons program (ty @violetblue) (Aug, 2019) White House proposal would have FCC and FTC police alleged social media censorship - CNN (Aug, 2019) UN probing 35 North Korean cyberattacks in 17 countries (2019-08-20) UNIT 42 PLAYBOOK VIEWER: Threatr Actor Intel (TTP's) NotPetya an 'act of war,' cyber insurance firm taken to task for refusing to pay out (Jan 2019) Delta Sues Vendor Inc for Causing Data Breach (Aug 2019) Facebook and Twitter say China has been spreading disinformation in Hong Kong. "For us in the security industry, this is really the first time we've seen China really go this overt," says @TrustedSec CEO @HackingDave. (2019-08-21) Ch 2a: Former Equifax CEO Blames One IT Guy for Massive Hack The Recent U.S. Policy Towards China Is Productive \| IQ2US Debates (Aug, 2019) Recode Decode: CDA 230: The US law that shaped the internet, explained (and debated) Can the Chinese government now get access to your Grindr profile? (Jan 2019) Grindr Is Owned by a Chinese Firm, and the U.S. Is Trying to Force It to Sell (Mar. 2019) China's Kunlun Tech agrees to U.S. demand to sell Grindr gay dating app (May 2019) Ch 2b: The reality of implementing ISO 27001 - IT Governance USA Blog Ch 2c: Pricing & Options for ISO 27001 and ISO 22301 Documentation Successfully Countering Russian Electoral Interference \| Center for Strategic and International Studies The China hawk who captured Trump's 'very, very large brain' A China Hawk Gains Prominence as Trump Confronts Xi on Trade Ch 3a: Top 10 Governance, Risk and Compliance (GRC) Vendors The Cyber Threat from Iran after the Death of Soleimani (Feb 2020) 2020-10-03: 9 Tips for CISM Exam Success [Updated 2019] 2020-10-15: Recommended Mandiant and FireEye Blogs CafePress-Complaint

Links

Radix Economic Model (1-31-19)
60% of small companies that suffer a cyber attack are out of business within six months.
Larry Diamond talks Russia, China, "Ill Winds" on Kara Swisher podcast (Aug, 2019)
North Korea stole $2 billion from banks (SWIFT attacks) and cryptocurrency exchanges for its nuclear weapons program (ty @violetblue) (Aug, 2019)
White House proposal would have FCC and FTC police alleged social media censorship - CNN (Aug, 2019)
UN probing 35 North Korean cyberattacks in 17 countries (2019-08-20)
UNIT 42 PLAYBOOK VIEWER: Threatr Actor Intel (TTP's)
NotPetya an 'act of war,' cyber insurance firm taken to task for refusing to pay out (Jan 2019)
Delta Sues Vendor Inc for Causing Data Breach (Aug 2019)
Facebook and Twitter say China has been spreading disinformation in Hong Kong. "For us in the security industry, this is really the first time we've seen China really go this overt," says @TrustedSec CEO @HackingDave. (2019-08-21)
Ch 2a: Former Equifax CEO Blames One IT Guy for Massive Hack
The Recent U.S. Policy Towards China Is Productive | IQ2US Debates (Aug, 2019)
Recode Decode: CDA 230: The US law that shaped the internet, explained (and debated)
Can the Chinese government now get access to your Grindr profile? (Jan 2019)
Grindr Is Owned by a Chinese Firm, and the U.S. Is Trying to Force It to Sell (Mar. 2019)
China's Kunlun Tech agrees to U.S. demand to sell Grindr gay dating app (May 2019)
Ch 2b: The reality of implementing ISO 27001 - IT Governance USA Blog
Ch 2c: Pricing & Options for ISO 27001 and ISO 22301 Documentation
Successfully Countering Russian Electoral Interference | Center for Strategic and International Studies
The China hawk who captured Trump's 'very, very large brain'
A China Hawk Gains Prominence as Trump Confronts Xi on Trade
Ch 3a: Top 10 Governance, Risk and Compliance (GRC) Vendors
The Cyber Threat from Iran after the Death of Soleimani (Feb 2020)
2020-10-03: 9 Tips for CISM Exam Success [Updated 2019]
2020-10-15: Recommended Mandiant and FireEye Blogs
CafePress-Complaint

Last Updated: 12-10-19 6:09 axm