DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 1 of 8

University of Southern Maine

COS 200 / ITT 200 – Introduction to Cyber Security

College of Science, Technology & Health Fall 2018, COS 200-0001

Department of Technology & ITT 200-0001

Mark Monnin

Course Syllabus

Course Description:

An introduction to the fundamentals of cyber security and information assurance. Students will develop a

knowledge base for defining and recognizing both online threats and potential targets, and develop

intellectual tools for evaluating relative risks within cyberspace. Students will apply theories and best

practices for addressing potential costs of countermeasures for cyber attacks. Prerequisite: COS 160/170

or instructor permission. Offered fall semester only. Lecture and lab. Cr 3.

Outcomes:

1. Explain what is meant by integrity, confidentiality, and authentication.

2. Explain the relationship between threats, vulnerabilities, countermeasures, attacks, compromises and

remediation.

3. Describe legal and ethical considerations related to the handling and management of enterprise information

assets.

4. Give an example of how inside and external attacks are similar and are different.

5. Explain the three key factors involved in authentication and how they are used to verify identity and grant

access to a system.

6. Explain the process and value of two-factor authentication.

7. Explain how cryptosystems offer integrity, confidentiality and authentication.

8. Explain how cryptographic encryption algorithms are used to implement confidentiality in document

transfer.

9. Explain digital signatures and certificates.

10. Explain how public key infrastructure (PKI) works.

11. Explain how one-way functions are used to implement a non-repudiation service.

12. Describe a situation where a forensic investigation would be necessary.

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 2 of 8

13. Explain how a Denial of Service attack works against an organization’s network.

14. Identify and distinguish between the different types of Malware (viruses, Trojan horses, worms).

Text:

CISSP Guide to Security Essentials

Authors: Peter H. Gregory

Edition: 2nd edition

Publisher: Cengage Learning

Meeting time and Location:

This course meets every Monday and Wednesday from 2:00pm until 3:15pm in JMC 242 (Gorham)

Contacting the Instructor:

E-mail: mark.monnin@maine.edu

Phone: (207) 780-5619

Office: 208 John Mitchell Center (Gorham)

Office Hours: Monday thru Thursday 12:30pm-1:30pm

& many, many, many other times by appointment

(or just walk-in if I am in my office and the door is open)

Many other times I am available! Use: http://monnin.youcanbook.me to find a

time that works for you!

The most effective way to contact the me (the instructor) is via USM email. Students may

expect a response within 24-36 hours to email sent during normal business hours, possibly

sooner. Emails messages sent at on the weekend or on holidays may not necessarily receive a

response until the next business day. Please keep in mind that your instructor is not sitting at a

computer 24/7 waiting for questions, so sending an e-mail question at night or on a weekend

and expecting an immediate response is not realistic.

Course web site:

This course also has an “online companion website” (also called a “learning management system”).

The companion site is used to enhance the materials in the classroom, not replace them. The

companion site can be accessed by visiting http://bb.courses.maine.edu with a web browser. The

website runs a package called Blackboard Learn that provides a number of class tools. Once logged in, you will

have access to…

Your grades for individual assignments

Electronic copies of all of the course handouts

A way to ask questions to the instructor and discuss topics with other classmates

A list of announcements I make for the class

…and more

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 3 of 8

Course Requirements:

A USB flash drive (aka thumb drive) is required for this class. It doesn’t need to be large or expensive.

Anything 4GB or larger will be fine (just about everything you can find these days is well over 4GB, and will

be fine – just large enough to carry files to and from class). You should be able to get one between $10-$20

(and sometimes cheaper).

Computer access:

University computer accounts are required to access the University computer system. Accounts are

automatically assigned for all registered students. Computers are available in some classrooms in JMC and

in USM computing centers. Additionally, you can also work on assignments on your own computers. All

the software required to complete the course is available at no charge to the students.

This course uses the Blackboard learning system for some of the coursework. Handouts, assignments, and

grades will be available on Blackboard. Additionally, there may be some electronic assignments to be

completed within Blackboard. If you are accessing Blackboard from your own computer, you will need

Internet access and an appropriate computer setup (a modern Windows or OS X system is likely to be fine).

Students also have a University assigned (@maine.edu) e-mail account which are to be used to

communicate with the instructor. If you normally check an e-mail account other than your University

account, be sure to have mail from your University account forwarded to the account you check.

Student Owned Devices:

Class notes: Note taking is encouraged as part of your coursework. Students may also use

tablets and laptops and other electronic devices to type notes as long as this is done quietly

under reasonable circumstance. However, no texting, audio, images, and/or video recording

technologies will be allowed, to be used for capturing lectures, reviews, or labs within the

classroom without the instructor’s specific consent or permission. Typically, recording is granted only for

specific accommodations.

Student owned technologies in the classroom: Students may use their own laptop/notepad computers in

the classroom, but the responsibility of these personal technologies is their own in regards to theft and

damages incurred.

Cell phones: Please remember to be respectful of others and silence your cell phones off during class. If

you need to take or make a call, please exit the classroom first. Repeated disruptions may require a request

to have the phone turned off.

Music players and streaming devices: During computer labs, once the lectures are completed. While

working on assignments, students may use headphones and access their personal audio devices or online

resources.

Using Devices During Exams: No electronic devices are permitted during exams and quizzes unless the

instructor’s specific consent is given. Permission will typically only be granted for special needs cases.

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 4 of 8

Attendance and Late Work:

Attendance: Just like work, regular class attendance is required, and is considered essential for

success. You are expected to attend all scheduled classes, and be ready to start at the beginning of

the class period.

Additionally, not all material covered in this course is in the reading assignments, and exams are more

heavily based on the lectures and hands-on projects than on the textbook.

Just like life, I don’t give regular points for attendance, - just showing up is not enough. Also, just like life

being too absent is problematic. If you miss more than the equivalent of 3 weeks (e.g. 6 classes in a twice a

week class), you will receive an F for the course. (Note: This does mean that anything less is fine, this is just

the absolute limit, please plan to attend all sessions.) I also reserve the right to give extra credit when

someone goes well above and beyond what is asked for, but that is the exception, not the rule.

Being late on occasion is ok, however habitually arriving to class late is considered rude – rude to the

instructor, and rude to your fellow students who are trying to learn. So, just don’t be rude…

Late Work: Homework assignments are due two weeks after they are handed out, unless otherwise

announced in class. All assignments except quizzes and exams can be turned in late until the start

of the last class, but will be penalized 25%. No assignments will be accepted afterwards.

Please plan on taking all quizzes and exams on the date they are scheduled. You are expected to work

around the exam dates. However, exams and quizzes can be taken up to one week late (until the start of the

class) or until the start of the class the last day the class meets (whichever is earlier) with a penalty. The

penalty is 10% for the first late quiz or exam, 25% for any additionally late quizzes or exams. In any case, if

you do not take the exam within a one week period, it is an automatic 0. (This may seem harsh, but I cannot

return exams without all exams being completed, and your will likely have bosses at work that are a stickler

to deadlines). Make up exams will also not necessarily be identical to the original exam, and may be

more difficult.

Talk to me beforehand if you know you will miss a deadline for a non-reschedulable, extenuating,

circumstances (e.g. military service, religious holiday, medically necessitated treatment, court appearance,

trips sponsored by other academic units), so that other, non-penalized, arrangements can be made.

Even if it is late, it is still worth points – so make sure to turn in everything even if it’s late (but try not to be

late to begin with…). Just remember that the last day that we meet as a class is the last day to turn in

anything…

Withdrawal from the Course:

(From the USM website)

“Students may withdraw from classes using the Drop form and receive a W grade if the form is processed

between the beginning of the third week of classes and the end of the day that coincides with sixty percent

of the length of the course, measured in days. The date the Registrar receives written notification of

withdrawal is used when calculating any refunds. Beyond the sixty percent limit, a Course Withdrawal

Form must be used to withdraw from any class. The Course Withdrawal Form must be signed by the

instructor, who has the prerogative to assign the student an F or a W as a course grade. The W option

should only be used when the student has extenuating circumstances, which should be noted on the form.

The W grade must be approved in writing by the Dean or Director of the school, college or program in

which the course is taught. A student receives no tuition refund for a withdrawal processed after the sixty

percent limit. Please visit http://www.usm.maine.edu/reg for the CW Form.”

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 5 of 8

Grading:

Students final grade will be based on the policies and requirements stated in this syllabus and will use the

following criteria:

A All requirements completed at a high level of quality demonstrating an exceptional effort.

B All requirements completed at a high level of quality demonstrating a high level of effort.

C All requirements successfully completed demonstrating acceptable effort.

D Requirements completed at a low level demonstrating a minimum effort.

F Requirements not completed at an acceptable level.

I (Incomplete) Legitimate extraordinary circumstances prevent the student from

completing course requirements.

Students must complete the course requirements by a date specified by the professor within one semester of

receiving an incomplete grade. Procrastination is not considered to be a legitimate extraordinary circumstance.

It is expected that students will request consideration for incomplete grades in writing as early in the course as

possible. The request must include the reason for requesting an incomplete, and a plan for completing the work

required.

Homework 10 points each assignment (unless otherwise stated) Other Assignments/Projects varies (will be announced on the assignment) First Exam 100 points Second Exam 100 points Final Exam 100 points

How your grade is computed: This course is not graded on a

curve. All points are considered equal.

To compute your grade, just add up all of your points and divide

by the total number of points possible (and then multiply the

result by 100 to get a percent).

As an example, if you earned 437 points out of a total 520 points possible, you

would have had earned 84.0% of all points, and earned a B (yea!)

BTW: Just for the record, unlike the photo, there is no A+ grade at USM,

which is fairly common at colleges– sorry folks…

A ≥ 95%

A- ≥ 90%

B+ ≥ 87%

B ≥ 83%

B- ≥ 80%

C+ ≥ 77%

C ≥ 73%

C- ≥ 70%

D+ ≥ 67%

D ≥ 63%

D- ≥ 60%

F < 60%

NOTE: If all requirements are not completed, a course grade of D or F may be assigned regardless of the

overall grade points. If students cheat on course assignments, actions taken may include a failing

assignment grade, a failing course grade, or a failing course grade with additional University action.

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 6 of 8

Cancellations and Emergencies:

Cancellations due to inclement weather are announced on the radio or may be obtained by calling

the University of Southern Maine’s hotline: 780-4800.

Emergency Response: http://www.usm.maine.edu/emergency/

Sign up for Emergency Response Alerts: http://usm.maine.edu/usmalert/

Course Evaluations:

End of the semester course evaluations are administered electronically. During the last week of classes,

students will receive an email notice that asks them to complete a course evaluation online. That email will

include a direct link to the course evaluation, and students will log in by using their MaineStreet ID and

password. Student ratings on the evaluation are very important to instructors and it is important that

students answer thoughtfully and honestly. The responses are confidential and will be collected by the

Office of Academic Assessment. After the final grades are posted, instructors will receive a summary

report of the student responses. All student feedback is valued and will be used for course and program

improvement purposes.

Academic Integrity Policy:

Everyone associated with the University of Southern Maine is expected to adhere to the

principles of academic integrity central to the academic function of the University. Any breach

of academic integrity represents a serious offense. Each student has a responsibility to know the

standards of conduct and expectations of academic integrity that apply to academic tasks.

Violations of student academic integrity include any actions that attempt to promote or enhance the

academic standing of any student by dishonest means. Cheating on an examination, stealing the words or

ideas of another (i.e., plagiarism), making statements known to be false or misleading, falsifying the results

of one’s research, improperly using library materials or computer files, or altering or forging academic

records are examples of violations of this policy which are contrary to the academic purposes for which the

University exists. Acts that violate academic integrity disrupt the educational process and are not

acceptable. Evidence of a violation of the academic integrity policy will normally result in disciplinary

action. A copy of the complete policy may be obtained from the Office of Community Standards (780-

5242).

Students with Disabilities:

The university is committed to providing students with documented disabilities equal access to all

university programs and services. If you think you have a disability and would like to request

accommodations, you must register with the Disability Services Center. Timely notification is essential.

The Disability Services Center can be reached by calling 207-780-4706 or by email at dsc-

usm@maine.edu. If you have already received a faculty accommodation letter from the Disability Services

Center, please provide me with that information as soon as possible. Please make a private appointment so

that we can review your accommodations.

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 7 of 8

Course Schedule:

Week # Date Topics Readings

1 Mon Sep 3 No Class - Labor Day

Wed Sep 5 Intro Chapter 1

Administrivia Information Security and Risk Management

2 Mon Sep 10 Information Security and Risk Management (cont.)

Wed Sep 12 Information Security and Risk Management (cont.)

3 Mon Sep 17 Access Control Chapter 2

Wed Sep 19 Access Control (cont.)

4 Mon Sep 24 Business Continuity Planning and Disaster Recovery Chapter 4

Wed Sep 26 Business Continuity Planning and Disaster Recovery

(cont.)

5 Mon Oct 1 Cryptography Chapter 5

Wed Oct 3 Cryptography (cont.)

6 Mon Oct 8 No Class - Fall Break

Wed Oct 10 Exam 1

7 Mon Oct 15 Legal, Regulations, Investigations, and Compliance Chapter 6

Wed Oct 17 Legal, Regulations, Investigations, and Compliance

(cont.)

8 Mon Oct 22 Legal, Regulations, Investigations, and Compliance Chapter 7

(cont.) Security Operations

Wed Oct 24 Security Operations (cont.)

9 Mon Oct 29 Security Operations (cont.) Chapter 8

Physical and Environmental Security

Wed Oct 31 Physical and Environmental Security (cont.)

10 Mon Nov 5 Security Architecture and Design Chapter 9

Wed Nov 7 Exam 2

11 Mon Nov 12 No Class - Veteran's Day (observed)

Wed Nov 14 Security Architecture and Design (cont.)

12 Mon Nov 19 Security Architecture and Design (cont.)

Wed Nov 21 No Class - Thanksgiving Break

Copyright 2018 Mark Monnin

DRAFT

COS 200 / ITT 200 – Introduction to Cyber Security M. Monnin Page 8 of 8

Week # Date Topics Readings

13 Mon Nov 26 Telecommunications and Network Security Chapter 10

Wed Nov 28 Telecommunications and Network Security (cont.)

14 Mon Dec 3 Telecommunications and Network Security (cont.)

Wed Dec 5 Additional Threats and Attacks

15 Mon Dec 10 Cyber Security Advanced Topics

Wed Dec 12 Cyber Security Advanced Topics (cont.)

16 Wed Dec 19 Final Exam - 12/19 @ 1:30pm

This calendar is a tentative schedule. The course schedule may be altered during the semester to meet the needs of this

particular class. Students will be notified by the instructor when adjustments to this syllabus are required.

Thanks to Professors Zaner and Wilson who provide wording for some sections of this syllabus.

Copyright 2018 Mark Monnin