CNIT 160: Cybersecurity Responsibilities

Fall 2019 Sam Bowne

Schedule · Lectures · Links · Home Page

78846 501 Mon 6:10-9:00 PM SCIE 37


Catalog Description

Explores security technology, risks, countermeasures, and consequences, to help decision-makers protect those who rely on them. Includes hands-on activities such as packet analysis, exploiting vulnerable systems, and password cracking, and also research, presentations, and debates about current controversies, laws, and policies. Addresses topics such as surveillance, cyberwar, and computer crime.

Student Learning Outcomes

Upon completion of this course, a student will be able to:
  • Compare security technologies including encryption, storage, and transmission methods
  • Evaluate social and political arguments relating to information security and privacy
  • Engage in healthy and constructive debates that include both technical and political issues around security


"CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition" by Peter H. Gregory
Publisher: McGraw-Hill Education; 1 edition (March 19, 2018), ISBN: 1260027031, Buy from Amazon ($35)


The quizzes are multiple-choice, online, and open-book. Study the textbook chapter and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts.

To access the quizzes:

  • Go to https://canvas.instructure.com/enroll/NH6YBB
  • If you've taken one of my class previously, you should already have an account on this Canvas server (it's NOT the usual CCSF Canvas system). Otherwise, create a new account.
  • You should see the course, including the quizzes, as shown below.
  • After you have joined the course, you can access it at https://canvas.instructure.com
  • Questions? Email CNIT.160@gmail.com

Presentations and Papers

Each student must make two in-class Presentations and write two Papers. Topics must be submitted in advance. Presentations will be strictly limited to four minutes. Papers must be 2000 - 4000 characters, written in proper grammatical English, and free of plagiarism. Papers must be emailed as plaintext in the body of an email to CNIT.160@gmail.com

Live Streaming

To join the livestream, use this Zoom link: https://zoom.us/j/4108472927
Classes will also be recorded and published on YouTube for later viewing.


For class-related questions, please email CNIT.160@gmail.com




Schedule (may be revised)

Mon 8-19  1 Becoming a CISM
Mon 8-26Quizzes: Ch 1 & 2a * 2 Information Security Governance
Mon 9-2 Holiday: No Class
Fri 9-6 Last Day to Add
Mon 9-9Quiz: Ch 2b *
2 Information Security Governance

Mon 9-16No Quiz
Topic 1 Due (5 pts)
Guest Speaker: Ming Chow
Senior Lecturer at Tufts University
Department of Computer Science
Twitter: @0xmchow

"Security responsibilities and citizenship"

Mon 9-23Quiz: Ch 3a
Topic 1 Due (5 pts)
3 Information Risk Management
Mon 9-30Quiz: Ch 3b
Early Presentation 1 (+10)
3 Information Risk Management
Mon 10-7Quiz: Ch 4a
Presentation 1 (50 pts)
4 Information Security Program
Development and Management
Mon 10-14Quiz: Ch 4b
Late Presentation 1 (-10)
4 Information Security Program
Development and Management
Mon 10-21No Quiz
Topic 2 due
Guest: TBD
Mon 10-28Quiz: Ch 4c
Paper 1 due (50 pts)
4 Information Security Program
Development and Management
Mon 11-4Quiz: Ch 4d
4 Information Security Program
Development and Management
Mon 11-11 Holiday: No Class
Mon 11-18Quiz: Ch 5a
Early Presentation 2 (+10)
5 Information Security Incident Management

Mon 11-25Quiz: Ch 5b
Presentation 2 (50 pts)
5 Information Security Incident Management
Mon 12-2No Quiz
Late Presentation 2 (-10)
Guest: TBD
Mon 12-9No Quiz
Paper 2 due (50 pts)
Last Class: Topic TBA
Thu 12-13 -
Thu 12-20
Final Exam available online throughout the week.
You can only take it once.

All quizzes due 30 min. before class
* No late penalty until 9-16


Syllabus (PDF)
Grading Policy (PDF)

1 Becoming a CISM

Ch 1: Becoming a CISM
Ch 1c: Cyberwar
PDF · Keynote
PDF · Keynote

2 Information Security Governance

Introduction to Information Security Governance
Security Strategy Development

3 Information Risk Management

Risk Management Concepts
Implementing a Risk Management Program
The Risk Management Life Cycle
Operaational Risk Management

4 Information Security Program Development and Management

Information Security Programs
Security Program Management
Security Program Operations
IT Service Management
Metrics and Monitoring
Continuous Improvement

5 Information Security Incident Management

Security Incident Response Overview
Incident Response Plan Development
Responding to Security Incidents
Business Continuity and Disaster Recovery Planning


Radix Economic Model (1-31-19)
60% of small companies that suffer a cyber attack are out of business within six months.
Larry Diamond talks Russia, China, "Ill Winds" on Kara Swisher podcast (Aug, 2019)
North Korea stole $2 billion from banks (SWIFT attacks) and cryptocurrency exchanges for its nuclear weapons program (ty @violetblue) (Aug, 2019)
White House proposal would have FCC and FTC police alleged social media censorship - CNN (Aug, 2019)

Last Updated: 8-12-19