Point Breakdown
Category | Points |
Milestone 1: Threat model | 20 |
Milestone 2: Penetration test report draft | 80 |
Milestone 3: Penetration test report | 100 |
Milestone 4: Risk assessment report draft | 80 |
Milestone 5: Final risk assessment report | 120 |
Labs | 180 |
Final exam | 200 |
Quizzes | 50 |
Security book quiz | 70 |
Security film quizzes | 70 |
Participation | 40 |
Course evaluation | 10 |
Grading Scale
Grades |
Scaled Points |
A |
930 points |
A- |
900 points |
B+ |
870 points |
B |
830 points |
B- |
800 points |
C+ |
770 points |
C |
730 points |
C- |
700 points |
D+ |
670 points |
D |
630 points |
D- |
600 points |
E |
599 points or less |
Certificate Option
As an option, students seeking certification may replace the final exam by passing the Security+ certification or another certification approved by the instructor. You can substitute your score on the certification (plus an adjustment—5% for the Security+) for the final. For example, if you received an 85% on the Security+ exam you would receive a 90% for your final exam score.
To receive credit for the certification, a student must show evidence of having taken the certification exam by the last day of class (5/1). If a student doesn’t show the instructor evidence of passing the certification by this date, then he/she will be required to take the final exam.
Class Participation Policy
Contribution will account for 5% of your final grade. Most students will earn 80% of these points. Students who are exceptional and go above and beyond in enhancing the classroom experience may receive a higher score.
The following list is not comprehensive, but rather an example of items weighted in the contribution category:
- Providing feedback on the class via the course evaluation
- Treating others with respect
- Showing courtesy for presenters (guest speakers, instructor, students)
- Participating in class discussions
- Arriving on time and not leaving early
- Not using technology inappropriately (distracting yourself or others)
Classroom Procedures
It is alright to use your laptop to take notes, but do not use it for non-class related activities. Not only does this diminish your learning experience, but it distracts those around you.
Course Communication
We will use Slack for course communication. Please install laptop and phone apps so that you receive notifications. Use your @temple.edu email address for instant verification.
Technology Requirements
This year will use Google Cloud Platform (GCP) to run tools and virtual machines necessary to complete assignments. New accounts on GCP receive a $300 credit. You should be able to complete this class without going over that cost. I will have you launch a virtual machine instance on GCP from which you can complete class assignments. You will be able to remotely connect to your instance using Chrome Remote Desktop, which works just like a browser tab.
You should also bring a laptop to class to connect to GCP.
Late Assignment Policy
All assignments and projects are to be submitted on time or early, so plan accordingly. If you have to miss class please submit your assignment early. On rare occasions, an exception may be granted, allowing the student to submit the work late with a 20% penalty. Under no circumstances will anything be accepted more than a week late.
Certification Option
As an option, students seeking certification may replace the final exam by passing the Security+ certification or another certification approved by the instructor. You can substitute your score on the certification (plus an adjustment—5% for the Security+) for the final. For example, if you received an 85% on the Security+ exam you would receive a 90% for your final exam score.
To receive credit for the certification, a student must show evidence of having taken the certification exam by the last day of class (5/1). If a student doesn’t show the instructor evidence of passing the certification by this date, then he/she will be required to take the final exam.
Assignments
Milestone 1: Threat model
This is a group project. Great a graphical threat model using attack trees for a given system. Additionally, through prose, describe and justify your threat model.
Milestone 2: Penetration test report draft
This is a group project. The midterm will be a vulnerability and penetration assessment report of a server. On Tuesday, October 15th, Teams of students will be given an IP address of a server to assess for security weaknesses. The midterm report will be one week later on Tuesday, October 22nd.
Instructions for Milestone 2 are available here.
Milestone 3: Penetration test report
This is a group project. Incorporate the feedback you receive from me to create a final version of the penetration test report.
Milestone 4: Risk assessment report draft
This is a group project. The report will include a risk assessment of other potential threats an organization faces, along with recommendations for mitigating each identified threat. Deliverables include a written report draft. Due on December 6th.
Milestone 5: Final risk assessment report
This is a group project. Incorporate the feedback you receive from me to create a final version of the final risk assessment report.
Readings Quizzes
Most readings and videos on the schedule have associated quizzes. Quizzes are open book, open Internet and must be completed within 30 minutes.
You can take these on Canvas. Quizzes are due by 30 minutes before class on the date due.
Labs
Labs are hands-on learning activities that will be begun in class and completed outside of class. Labs are typically due one week after they are introduced in class.
Required Reading
You are required to read one of the books on the “Security Readings” list at the end of this document by the last day of class, December 6th. To receive credit, submit your report via a quiz posted on Canvas. Indicate which book you read, whether you read the whole book, and give your brief reaction to it.
For extra credit, you may read an additional security book from the list of security books or one approved by Dr. Vance to replace your lowest lab score. If you choose this option, submit your report through this quiz by the last day of class.
Required Security Films
Two films are required viewing for this course: “Zeros Days” and “Citizenfour.” To receive credit, watch each film and simply indicate that you watched the whole film and give your brief reaction to the film on a quiz posted on Canvas.
“Citizenfour” by Laura Poitras The 2015 Academy Award winner for Best Documentary Feature, this film tells the story of Edward Snowden and the NSA spying disclosures of 2013. Availability: https://www.justwatch.com/us/movie/citizen-four Rated R. Edited version available on Vidangel.com. |
|
“Zero Days” by Alex Gibney A 2016 documentary about Stuxnet and the advent of cyberwarfare. Availability: https://www.justwatch.com/us/movie/zero-days Rated PG-13. Edited version available on Vidangel.com. |
For extra credit, you may watch either “The Lives of Others” or “The Conversation” to replaced one missed quiz. To receive credit, complete this quiz by the last day of class.
“The Lives of Others” by F. Henckel von Donnersmarck The 2007 Oscar winner of Best Foreign Language Film of the Year, this film tells the story of a secret police agent in East Berlin in 1984 who surveils a writer and becomes increasingly absorbed in his life. Availability: https://www.justwatch.com/us/movie/the-lives-of-others Rated R. Edited version available on Vidangel.com. |
|
“The Conversation” by Francis Ford Coppola A classic 1974 film psychological thriller starring Gene Hackman that revolves around surveillance. It is more relevant today than when it debuted. Availability: https://www.justwatch.com/us/movie/the-conversation Rated PG. Edited version available on Vidangel.com. |
Extra Credit
You can replace your lowest quiz score by watching a third film from the Security Readings and Films list and indicate (1) that you watched the whole film, (2) give a brief reaction to the film, and (3) describe how the film relates to the class.
Similarly, you can replace your lowest lab score by reading another book from the Security Readings and Films list and submitting a few sentences about what you thought about it.