CNIT 160: Cybersecurity Responsibilities

Fall 2023 Sam Bowne

Schedule · Lectures

73203 Weds 6:10 - 9:00 PM Cloud 218

Use Twitch

To attend class:

For interactive help, use https://zoom.us/j/4108472927
Password: student1

Free Textbook Access

  • Go here
  • Click "O'Reilly"
  • In the "Select your Institution" drop-down list box, click "Not listed? Click here"
  • Enter your CCSF email address
  • Enter the book's title the "Find a Solution..." field


Catalog Description

Explores security technology, risks, countermeasures, and consequences, to help decision-makers protect those who rely on them. Includes hands-on activities such as packet analysis, exploiting vulnerable systems, and password cracking, and also research, presentations, and debates about current controversies, laws, and policies. Addresses topics such as surveillance, cyberwar, and computer crime.

Student Learning Outcomes

Upon completion of this course, a student will be able to:
  • Compare security technologies including encryption, storage, and transmission methods
  • Evaluate social and political arguments relating to information security and privacy
  • Engage in healthy and constructive debates that include both technical and political issues around security


"CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition" by Peter H. Gregory
Publisher: McGraw-Hill Education; 1 edition (March 19, 2018), ISBN: 1260027031, Buy from Amazon ($35)


The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.

Don't use CCSF's Canvas system for this class. Instead, all students should use this Canvas server:

Enroll Here · View Course · Reset password

Presentations and Papers

Each student must make two in-class Presentations and write two Papers. Topics must be submitted in advance.

Presentations will be strictly limited to four minutes. You may pre-record your presentation, but if you do, please submit it as either an MP4 file or a YouTube link.

Papers must be 500 - 1000 words, written in proper grammatical English, and free of plagiarism. Papers must be submitted in Canvas or emailed as plaintext in the body of an email to CNIT.160@gmail.com

If you use AI tools like ChatGPT to help write your paper, you must say so and explain how you verified and corrected the text it produced.

Here is an example of a suitable paper:

Xi's choice: Destroy Trump, or save him and weaken America

Discussion Board

Each CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due.

For the topics and requirements, see the Discussion board in Canvas.


For questions, please send a message in Canvas or email CNIT.160@gmail.com

Optional Books




Schedule (may be revised)

Wed 8-16  1 Becoming a CISM & Cyberwar

Wed 8-23Quizzes: Ch 1 & 2a * 2a Information Security Governance
Pages 16-55, ending at Security Strategy Development

Wed 8-30Quiz: Ch 2b *
Discussion 1 *
2b Information Security Governance
Pages 55-102, beginning at Security Strategy Development

Wed 9-6Quiz: Ch 3a *
Topic 1 Due (5 pts) *
Discussion 2 *
3a Information Risk Management p. 102 - 115


  • Risk Management Concepts
  • Implementing a Risk Management Program

Wed 9-13Quiz: Ch 3b
Early Presentation 1 (+10)  
Discussion 3
3b Information Risk Management p. 114 - 125


  • The Risk Management Life Cycle
    • The Risk Management Process
    • Risk Management Methodologies

Wed 9-20No Quiz

Nurturing AI Curiosity: Building Blocks for
Community College Students' AI Journey

A talk from BayICT, for details:
Information and Zoom Link

Wed 9-27Presentation 1 (50 pts) Student Presentations

Wed 10-4 Paper 1 due
Discussion 4
3c Information Risk Management p. 125 - 158


  • The Risk Management Life Cycle
    • Starting at "Asset Identification and Valuation"

Wed 10-11Quiz: Ch 3c & 3d
Discussion 5
3d Information Risk Management p. 158 - 182


  • Operational Risk Management

Wed 10-18 Quiz: Ch 4a
Topic 2 due
Discussion 6
4a Information Security Program
Development and Management p. 190 - 202

Wed 10-25 No Quiz
Machine Learning

Wed 11-1Quiz: Ch 4b
Discussion 7
Early Presentation 2 (+10)
4b Information Security Program
Development and Management p. 202 - 235

Wed 11-8No Quiz
Presentation 2 (50 pts)

Wed 11-15Quiz: Ch 4c
Discussion 8
4c Information Security Program
Development and Management p. 235-257

Wed 11-22Quiz: Ch 4d
Discussion 9
Paper 2 due (50 pts)
4d Information Security Program
Development and Management p. 257-275

Wed 11-29No Quiz

K8s For Hackers

Wed, Nov 29, 6 PM
with Kaz

Wed 12-6No Quiz
Last Class: No New Material

Tue 12-12
through Tue 12-19
Final Exam available online throughout the week.
You can only take it once.

All quizzes due 30 min. before class
* No late penalty until 9-13


Syllabus (PDF)
Grading Policy (PDF)

1 Becoming a CISM

Ch 1: Becoming a CISM
Ch 1c: Cyberwar
PDF · Keynote
PDF · Keynote
Unwanted Truths: Inside Trump's Battles
With U.S. Intelligence Agencies

2 Information Security Governance

Ch 2a: Introduction to Information Security Governance
Ch 2b: Security Strategy Development
Ch 2c: US v. China
Ch 2d: Ill Winds
America's Caste System
PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote

3 Information Risk Management

Ch 3a: Risk Management Concepts & Implementing a Program
Ch 3b: The Risk Management Life Cycle
Ch 3c: The Risk Management Life Cycle (continued)
Ch 3d: Operational Risk Management
PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote

4 Information Security Program Development and Management

Ch 4a
Ch 4b
Ch 4c
Ch 4d
Ch 4e
PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote
PDF · Keynote

5 Information Security Incident Management

Security Incident Response Overview
Incident Response Plan Development
Responding to Security Incidents
Business Continuity and Disaster Recovery Planning


Submitting Projects

CCSF students must do these things to get credit:

  • Perform the project steps until you find a flag
  • Capture a whole-desktop image showing the flag
  • Outline or highlight the flag in the image
  • Submit the image in the appropriate Project in Canvas
  • Type the flag into the text field

Machine Learning

ML 100: Machine Learning with TensorFlow (65 pts extra)
ML 101: Computer Vision (10 pts extra)


Radix Economic Model (1-31-19)
60% of small companies that suffer a cyber attack are out of business within six months.
Larry Diamond talks Russia, China, "Ill Winds" on Kara Swisher podcast (Aug, 2019)
North Korea stole $2 billion from banks (SWIFT attacks) and cryptocurrency exchanges for its nuclear weapons program (ty @violetblue) (Aug, 2019)
White House proposal would have FCC and FTC police alleged social media censorship - CNN (Aug, 2019)
UN probing 35 North Korean cyberattacks in 17 countries (2019-08-20)
UNIT 42 PLAYBOOK VIEWER: Threatr Actor Intel (TTP's)
NotPetya an 'act of war,' cyber insurance firm taken to task for refusing to pay out (Jan 2019)
Delta Sues Vendor Inc for Causing Data Breach (Aug 2019)
Facebook and Twitter say China has been spreading disinformation in Hong Kong. "For us in the security industry, this is really the first time we've seen China really go this overt," says @TrustedSec CEO @HackingDave. (2019-08-21)
Ch 2a: Former Equifax CEO Blames One IT Guy for Massive Hack
The Recent U.S. Policy Towards China Is Productive | IQ2US Debates (Aug, 2019)
Recode Decode: CDA 230: The US law that shaped the internet, explained (and debated)
Can the Chinese government now get access to your Grindr profile? (Jan 2019)
Grindr Is Owned by a Chinese Firm, and the U.S. Is Trying to Force It to Sell (Mar. 2019)
China's Kunlun Tech agrees to U.S. demand to sell Grindr gay dating app (May 2019)
Ch 2b: The reality of implementing ISO 27001 - IT Governance USA Blog
Ch 2c: Pricing & Options for ISO 27001 and ISO 22301 Documentation
Successfully Countering Russian Electoral Interference | Center for Strategic and International Studies
The China hawk who captured Trump's 'very, very large brain'
A China Hawk Gains Prominence as Trump Confronts Xi on Trade
Ch 3a: Top 10 Governance, Risk and Compliance (GRC) Vendors
The Cyber Threat from Iran after the Death of Soleimani (Feb 2020)
2020-10-03: 9 Tips for CISM Exam Success [Updated 2019]
2020-10-15: Recommended Mandiant and FireEye Blogs

Updated: 12-6-23 8:03 pm