Skip to main content

Cyber Security Courses (ADCY) Woods College of Advancing Studies


Subject Area Course # Course Title Semester Credit Hours Expand
ADCY 6000 Cyber Ecosystem and Cybersecurity Spring 3
Course Description

Course provides an overview of Cyberspace, defines the scope of Cybersecurity, and addresses information classification and system compartmentalization. Course includes an appreciation of information confidentiality, integrity, and availability, and covers Cybersecurity architecture, strategy, services, hardware, software, and cloud services. The course also examines national security issues, critical infrastructure, and the potential for cybercrime and cyber terrorism, as well as the need for corporations to align their security with business needs and consider the threat from malicious employees, contractors, and/or vendors.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6050 Cybersecurity Policy: Privacy & Legal Requirements Spring 3
Course Description

Course provides a comprehensive examination of the laws, regulations, and Executive Orders concerning data protection and privacy, including PCI, HIPAA, GLBA, SOX, FISMA, NIST, FISA, CFAA, and their overseas counterparts, and the roles of Federal, State and local regulators and law enforcement officials. The course also examines data protection and national security issues governed by various Federal agencies (e.g., SEC, FTC, FCC, DOE, DOJ, DHS, NSA, Treasury), including suspicious activity reporting (SAR) requirements under the Patriot Act. Additionally, the course addresses intellectual property protection, security classifications, data location requirements, audits, compliancy assessments, and individual, class-action, and shareholder derivative litigation and liability.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with: LAWS4466

Comments:

ADCY 6200 International Cybersecurity Summer 3
Course Description

TBD


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6300 Network & Infrastructure Security Summer 3
Course Description

Course provides an understanding of the threats and vulnerabilities in Cybersecurity and an introduction to the concepts of layering defense and providing for defense-in-depth. Specific topics include operating system security, component lifecycle management, database security, server security, application security, mobile devices, BYOD, and end-point security. The course covers the roles of physical security, system hardening, firewalls, encryption, anti-virus, and malware defense. The course also introduces identity and access management, role-based access control (RBAC), intrusion detection, penetration testing, and incident response.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6350 Incident Response & Management Summer 3
Course Description

Course provides an understanding of the design and development of a Cybersecurity strategy which aligns with private industry and government needs, including incident documentation/analysis, response planning, and the role of a critical event response team (CERT) in determining recovery, managing liability and communications, coordinating with law enforcement, and protecting corporate reputation. Course also examines leadership and the adoption and implementation of a proactive stance through monitoring and responding to internal and external intelligence, including monitoring network traffic, activity logs (SIEM) for data breaches, denial of service (DoS), and integrity events, and outlines the roles of information security operations centers (ISOCs) and network operations centers (NOCs).


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6400 Managing Cyber Risk: Mobile Devices and Social Networking Fall 3
Course Description

Course provides an in depth examination of “The Internet of Things” (IOT), mobile devices, BYOD, and social networking. It covers endpoint security, including personal and company data separation and mobile device management (MDM). Course also provides an understanding with respect to threats from phishing, baiting, pretexting, hacking, and rogue employees and/or contractors, and covers password policy, employee training, policy design, and security awareness programs.


Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6450 Cyber Investigations and Digital Forensics Fall 3
Course Description

Course covers forensic investigation, case prioritization, and case management, and addresses procedural documentation, standards of evidence, reporting, and disclosure requirements. The digital forensic portion of the course provides an understanding as to disk imaging, file recovery, trace-back techniques, network analytics, evaluation of metadata, malware, and anti-forensics. Additionally, the course covers the out-sourcing of the investigative function, or part thereof, to third parties, and provides specific case studies, including a practical laboratory project.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6475 Security in the Cloud Spring 3
Course Description

Course provides an understanding of basic cloud deployment models, including private, public, hybrid, and community, and the various service platforms (e.g., SaaS, PaaS, IaaS). Course addresses governance control and responsibility for cloud security together with cloud security components, and covers service provider security and its evaluation, security standards (e.g., SSAE-16, CSA-CCM, Shared Assessments, NIST, CIS), procurement, and service level agreements (SLAs). Security topics include traffic hijacking, data isolation/storage segregation, identity management, virtualization security, continuity, data recovery, logging, notification, and auditing.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6500 Organizational Effectiveness: Governance, Risk Management and Compliancy Fall 3
Course Description

Technical proficiency is not enough to manage business risk. Every potential or identified threat cannot be mitigated, and organizations must choose where to focus their often limited resources to support business goals. This course focuses on Governance, Risk and Compliance (GRC) as an organizational capability that all organizations require in today's complex world. Topics include understanding the business context of key stakeholders, corporate culture, and organizational risks. Students will understand how GRC capabilities such as enterprise risk management (ERM), compliance management (SOX, ISO, PCI, NIST, etc.) and policy management should work together to build a cohesive strategy within the business context. Students will learn about GRC technology and GRC program management required to support and grow GRC capabilities. Lastly, students will hear from guest lecturers about the roles and responsibilities of the Board of Directors, Risk/Audit Governance Committees, Chief Executives (Chief Information Security Officer (CISO), Chief Risk Officer (CRO), Chief Security Officer (CSO), etc.) and how they rely on GRC capabilities to support the business.


Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6600 Establishing the Business Case & Resource Allocation Spring 3
Course Description

Course provides guidance and the necessary skills to lead, design, and frame a business case for investment. Course outlines cost-benefit analysis and return-on-investment (ROI) by utilizing incident analysis, threat, and residual vulnerability analyses to determine and quantify the underlying business parameters. Course also addresses supporting techniques, including benchmarking and normalization, to enable data-based decision-making. Additionally, the course covers executive dashboard design, security metrics, key performance indicators (KPIs), graphics, illustrative techniques, business reach-out, and leadership engagement.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6650 Role of Intelligence: Enabling Proactive Security Fall 3
Course Description

Course addresses internal and external intelligence sources, including intrusion detection, log analysis, data mining, M&A due diligence, HUMINT, and the role of an Information Security Operations Center (ISOC). From an external perspective, the course covers information gathering, intelligence feeds/sources, and fusion centers as well as the automation, filtering, validation, analysis, and dissemination of intelligence. The course also provides an understanding as to technical countermeasures (e.g., sandboxes, honeypots), and addresses the roles of DHS, FBI, NSA, and DOD.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6700 Privacy Law Fall/Spring/Summer 3
Course Description

This timely, topical course offers a comprehensive examination of protection of privacy and personal data, including identity, financial, health, educational, and other data. These subjects pervade numerous, diverse aspects of the economy and society in the Information Age, from human rights to international trade. Students will learn about: Fair Information Practices; the development of modern privacy law in the United States and around the world; Fourth Amendment privacy and the autonomy of the individual in relation to the state; key US laws (HIPAA, FERPA, GLBA, GINA, COPPA, etc.); significant international rules (European Union’s new General Data Protection Regulation (GDPR), etc.); important institutions (Federal Trade Commission, Data Protection Authorities, etc.); standards; Privacy by Design and Default; and emerging issues.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6900 Ethical Issues in Cybersecurity and the Ignation Paradigm Summer 3
Course Description

TBD


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6925 Cybersecurity: Risk & Resiliency Spring 3
Course Description

Course provides a comprehensive understanding of the fundamentals of risk management and applies them to the cyber security and digital risk management environments. It addresses methodologies for comparing digital risks and deciding between acceptance, mitigation, risk transfer and avoidance. The course compares popular methodologies for quantifying, comparing and categorizing digital risks. It includes specific topics such as Risk and Control Self-Assessment (RCSA), Risk Appetite Statement (RAS), Risk Tolerance metrics, Three Line Defense Model, Risk Register, Third-Party Risk Management and Factor Analysis of Information Risk (FAIR). Participants attending this course will be introduced to a broad spectrum of risk management principles, learn how to apply them in cyber security and digital environments, and immediately be able to contribute to cyber risk management using a risk management toolbox learned in this course that is applicable across a wide scope of business, government, academia and beyond.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6950 Applied Research Project Summer 3
Course Description

TBD


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments:

ADCY 6955 Applied Research Project For Non-Profit Organizations Spring 3
Course Description

This course provides students with hands-on experience in the development, delivery, and results analysis of an information and cybersecurity assessment process for local non-profit organizations. The assessment tool that will be used is a prototype based on the NIST Cybersecurity Framework (CSF). Students will explore how NIST CSF maps to other well-known assessment frameworks including NIST SP800-53, NIST SP800-171, COBIT 5, and ISO 27000. Students will review the assessment tool and other research through the lens of the non-profit environment. Students will complete a controlled assessment of a local non-profit, which will help them develop skills in assessing, through the lens of information and cyber security, a business environment. Students will utilize these skills in bridging the gap between technical jargon and non-technical audiences by preparing and presenting their assessment findings to the executive leadership of the assessed non-profit. Students will gain a practical ability to perform an information/cybersecurity risk assessment along with the process of developing and delivering the assessment as a part of the students' learning.


Schedule: Periodically

Instructor(s):

Prerequisites: None

Cross listed with:

Comments: