MIS4596 –Managing Enterprise Cybersecurity–Spring 2022
Section 005 – CRN 47879 – Thursdays 5:30 – 8:00 PM
ALTER 0A234
As of Jan. 14, 2022, updated with new classroom information
Instructor
- Name: Paul Warner
- Office address: TBD
- Office phone: Contact via E-mail
- University email address: tuk55116@temple.edu
- Office hours: Online by Appointment
Course Textbook and Materials
- “Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition” by Ross Anderson
- Harvard Business Coursepack for MIS 4596 – three required cases to purchase at Harvard Business Publishing site (TBA)
- Security Assignments by Dave Eargle and Anthony Vance at http://security-assignments.com/
- Other materials will be available throughout the
- (Optional) “Secrets and Lies: Digital Security in a Networked World,” by Bruce Schneier
Class Sites
- at MIS Community – https://community.mis.temple.edu/mis4596sec004spring2020
- at Canvas – https://templeu.instructure.com/courses/110080
TEMPLE AND COVID-19
Temple University’s motto is Perseverance Conquers, and we will meet the challenges of the COVID pandemic with flexibility and resilience. The university has made plans for multiple eventualities.
Working together as a community to deliver a meaningful learning experience is a responsibility, we all share: we’re in this together so we can be together.
Course Objective
This course is a broad introduction to the managerial issues of information security. Because security is multifaceted, the topics of the class range widely, including technical (e.g., cryptography), managerial (e.g., policy compliance), physical (e.g., door locks), and psychological (e.g., social engineering) issues. A key objective of the class is to develop a security mindset, in which one learns to think like an attacker for ways to exploit a system.
Course Learning Goals
Develop a security mindset
- Learn to think like a security professional—how to identify threats like an attacker, and how to model and mitigate those
Gain a working knowledge of methods to protect data
- Gain a working knowledge of modern methods of protecting data: encryption, hashing, confidentiality, authentication, integrity, non-repudiation, certificates, and IP
Learn methods of attack and defense
- Learn methods of attacking systems and how to protect against those methods of attacks. Appreciate the broad disciplines required for IS security
- Appreciate the broad disciplines required for information security to work. We’ll cover subjects as comprehensive as cryptology, physical security, psychology, and management, based on based on the NIST Cybersecurity Framework Version 1.1 (https://www.nist.gov/cyberframework/framework) and the NIST Risk Management Framework (https://csrc.nist.gov/projects/risk-management/about-rmf).
Communicate security risks and responses effectively
- This course is a Temple-designated writing intensive course. As such, a substantial portion of the course will be devoted to practicing capable, proficient communication of cybersecurity risks, threats, mitigations, and responses to relevant stakeholders for their decision
Technology Requirements
Information Security Assignments
This course will use lab assignments and milestone projects at http://security-assignments.com/, developed by Dave Eargle and Anthony Vance. Access to the resources in this site will require subscription with a fee (https://security-assignments.com/store/). Details to be available.
Google Cloud Platform (GCP)
This course uses GCP to run tools and virtual machines necessary to complete assignments. New accounts on GCP receive a $300 credit for three months. Students should be able to complete this class without going over that cost. The instructor will have the students launch a Kali virtual machine instance on GCP from which they can complete class assignments. The students will be able to remotely connect to the instance using Chrome Remote Desktop, which works just like a browser tab.
Canvas
Canvas is the University’s learning management system (LMS).
- For resources and/or Canvas related questions or issues, please use the Help (?) feature in the Canvas Global Navigation for assistance via phone or a 24-hour Chat
- Canvas guides for students: https://community.canvaslms.com/docs/DOC-10701
Grading
Milestones |
Group or Individual |
40% |
Labs |
Individual |
20% |
Mid-Term Exam |
Individual |
10% |
Final Exam |
Individual |
20% |
Quizzes |
Individual |
5% |
Participation |
Individual |
5% |
|
|
|
Total |
|
100% |
Milestones (40%)
There are four milestone projects that will help students develop professional cybersecurity and communication skills.
- Milestone 1: Risk Assessment Draft
- Milestone 2: Final Risk Assessment Report
- Milestone 3: Penetration Test Report
- Milestone 4: Penetration Test with Mitigation Report
- These projects can be completed by individually or with a group of up to four. Students are free to form a group.
- A group can be made of students from both Section 002 and
- The milestones will be graded in the same manner whether it is completed individually or by a
- Late submissions are subject to a 10% deduction in points per 12 hours.
Labs (25%)
These are hands-on learning activities that will begin in class and completed outside of class.
- There are 14 labs. However, only the top 12 highest lab scores will be counted toward the lab (In other words, students can skip up to two labs.)
- All labs are due by 11:59 PM on Thursday, May 5. However, it is strongly encouraged to complete one lab a week throughout the No late submission will be accepted.
- Some lab assignments are necessary to be completed prior to exams or
Lab Peer Support
Students are encouraged to help each other complete lab assignments. When a student offers help to another to complete one lab assignment, he/she will receive a 5% extra credit to the lab assignment.
- For example, if Molly helps Michael for Lab #2, she will receive a 5% extra credit to her Lab #2 If Molly is reported to help two of her classmates, she will receive an 10% extra credit.
- The one who receives help must submit the helper’s name in Canvas submission. (In other words, Michael should report that he has received help from Molly.)
- A student can report help only from one student in one lab. (Michael cannot report help from both Molly and )
Mid-Term (15%) and Final Exams (20%)
- The mid-term and final exams will be open-book and open-note exams over
- The mid-term exam opens at Feb 23 and is due by Feb 27, 11:59 PM (subject to change).
- The final exam opens at Apr 28 and is due by May 4, 11:59 PM (subject to change). It is cumulative and covers the entire
- There will be no extension to completion of exams.
Certification Option for the Exams
- As an option, students seeking certification may replace both the mid-term and final exams by passing CompTIA Security+ certification (https://www.comptia.org/certifications/security) or other certification approved by the
- Students can substitute the score on the certification plus an adjustment (5% for the Security+) for the mid-term and final exams. For example, if a student receives an 85% on Security+, he/she receives 90% of the points for the two
- To receive credit for the certification, the student must show evidence of having taken the certification exam by April
Department Requirements for MIS Majors
- [Requirement 1] Those who are majoring or double-majoring MIS must earn at least 1,000 PRO points to pass this course by the end of the semester. (See https://community.mis.temple.edu/files/2020/04/MIS-Course-Structure-Updated-March- pdf) This requirement does not apply to non-MIS majors.
- [Requirement 2] MIS majors who are graduating at the end of this semester are required to register as an MIS alumnus – https://community.mis.temple.edu/professionalachievement/register-as-an-alum/. This requirement does not apply to those who are not
- A failure to meet the above requirement results in an Incomplete The department will inform the instructor in April-May 2022 of those failing to meet the above requirements, and the instructor will give them an Incomplete grade, which will be converted to a proper grade as soon as the two requirements are met.
Grade Scale
93% – 100% |
A |
90% – 92.99% |
A- |
87% – 89.99% |
B+ |
83% – 86.99% |
B |
80% – 82.99% |
B- |
77% – 79.99% |
C+ |
73% – 76.99% |
C |
70% – 72.99% |
C- |
67% – 69.99% |
D+ |
63% – 66.99% |
D |
60% – 62.99% |
D- |
< 59.99% |
F |
Other Course Policies
- Attendance and Participation: Attendance and participation are a key component of learning It is strongly encouraged to read/review all post materials (readings, videos, or others) prior attendance and actively take part in all class discussions and activities. Missing classes will make it difficult to successfully complete the milestones, labs, and exams, leading to a lower final grade.
- Email : Use @temple.edu email account for all correspondents with the instructor. Email messages sent from a non-Temple account may not be responded. The instructor does not prefer using Canvas
- Inclement Weather: Generally, in case of inclement weather, a class will not be canceled as long as the University is
Schedule (subject to change)
Week |
Thursday |
Topics |
1 |
Jan 13 |
Introduction Threat Modeling |
2 |
Jan 20 |
Risk Assessment Information Privacy |
3 |
Jan 27 |
Introduction to Linux and Google Cloud Platform Introduction to Cryptography |
4 |
Feb 3 |
Symmetric Cryptography Hashing |
5 |
Feb 10 |
Asymmetric Cryptography Digital Certificates and Public Key Infrastructures |
6 |
Feb 17 |
Authentication and Passwords Password Cracking |
7 |
Feb 24 |
Mid-Term Review Guest Speaker (TBA) |
|
Mar 3 |
Spring Break |
8 |
Mar 10 |
Password Cracking Vulnerability Scanning |
Week |
Thursday |
Topics |
9 |
Mar 17 |
Vulnerability Exploitation |
10 |
Mar 24 |
Vulnerability Exploitation Social Engineering |
11 |
Mar 31 |
Physical Security |
12 |
Apr 7 |
Malware Analysis Network Security Monitoring |
13 |
Apr 14 |
Incident Response and Recovery |
14 |
Apr 21 |
Incident Recovery Final Review |
Other Key Dates and Deadlines (subject to change)
Tue, Jan 18 |
Milestone 1 opens |
Mon, Jan 24 |
Last day to drop from the course |
Sat, Jan 29 |
Deadline for Milestone 1 |
Sat, Feb 5 |
Deadline for Milestone 2 |
Wed, Feb 23 |
Mid-term exam opens |
Sun, Feb 27 |
Deadline for mid-term exam |
Tue, Mar 15 |
Milestone 3 opens |
Sat, Apr 2 |
Deadline for Milestone 3 |
Mon, Apr 25 |
Last day to withdraw from the course |
Thur, Apr 28 |
Final exam opens |
Sat, Apr 30 |
Deadline for Milestone 4 |
Wed, May 4 |
Deadline for final exam |
Thur, May 5 |
Deadline for completion of all lab assignments |
Sat, May 7 |
Instructor deadline for the final grade to the University |
All assignments and exams are due by 11:59 PM EST.
Attendance Protocol and Your Health
If you feel unwell, you should not come to campus, and you will not be penalized for your absence. Instructors are required to ensure that attendance is recorded for each in-person or synchronous class session. The primary reason for documentation of attendance is to facilitate contact tracing, so that if a student or instructor with whom you have had close contact tests positive for COVID-19, the university can contact you. Recording of attendance will also provide an opportunity for outreach from student services and/or academic support units to support students should they become ill. Faculty and students agree to act in good faith and work with mutual flexibility. The expectation is that students will be honest in representing class attendance.
Video Recording & Sharing Policy:
Any recordings permitted in this class can only be used for the student’s personal educational use. Students are not permitted to copy, publish, or redistribute audio or video recordings of any portion of the class session to individuals who are not students in the course or academic program without the express permission of the faculty member and of any students who are recorded. Distribution without permission may be a violation of educational privacy law, known as FERPA as well as certain copyright laws. Any recordings made by the instructor or university of this course are the property of Temple
University. Any unauthorized redistribution of video content is subject to review by the Dean’s office, and the University Disciplinary Committee. Penalties can include receiving an F in the course and possible expulsion from the university. This includes but is not limited to: assignment video submissions, faculty recorded lectures or reviews, class meetings (live or recorded), breakout session meetings, and more.
Academic Integrity – ZERO TOLERANCE
Plagiarism and academic dishonesty can take many forms. The most obvious is copying from another student’s materials, but the following are also forms of this:
- Copying materials directly from the Internet (or another source) without a proper citation crediting the author
- Turning in an assignment from a previous semester as if it were your own
- Having someone else complete your assignment and submitting it as if it were your own
- Signing someone else’s name to an attendance sign-in sheet
- Use of assignments completed in one class as any part of a project assigned in another class
- Sharing/copying homework
- Use of unauthorized notes during an examination
- In cases of cheating, both parties will be held equally responsible, i.e. both the student who shares the work and the student who copies the
There will be zero tolerance for blatant plagiarism or any other type of academic dishonesty. In particular, plagiarizing someone’s work (be it a classmate’s or on the Internet) is strictly prohibited. Under this zero tolerance policy, in any occurrence of academic cheating, a formal complaint will immediately be filed with the University Discipline Committee (UDC). This incident will be listed on the student’s permanent academic record. The instructor will not discuss the penalty for violating this policy and simply direct the student to this paragraph in the class syllabus.
Academic Honesty
Temple University believes strongly in academic honesty and integrity. Plagiarism and academic cheating are, therefore, prohibited. Essential to intellectual growth is the development of independent thought and a respect for the thoughts of others. The prohibition against plagiarism and cheating is intended to foster this independence and respect.
Plagiarism is the unacknowledged use of another person’s labor, another person’s ideas, another person’s words, another person’s assistance. Normally, all work done for courses — papers, examinations, homework exercises, laboratory reports, oral presentations — is expected to be the individual effort of the student presenting the work. Any assistance must be reported to the instructor. If the work has entailed consulting other resources — journals, books, or other media — these resources must be cited in a manner appropriate to the course. It is the instructor’s responsibility to indicate the appropriate manner of citation. Everything used from other sources — suggestions for organization of ideas, ideas themselves, or actual language — must be cited. Failure to cite borrowed material constitutes plagiarism. Undocumented use of materials from the World Wide Web is plagiarism.
Academic cheating is, generally, the thwarting or breaking of the general rules of academic work or the specific rules of the individual courses. It includes falsifying data; submitting, without the instructor’s approval, work in one course which was done for another; helping others to plagiarize or cheat from one’s own or another’s work; or actually doing the work of another person.
The penalty for academic dishonesty can vary from receiving a reprimand and a failing grade for a particular assignment, to a failing grade in the course, to suspension or expulsion from the University. The penalty varies with the nature of the offense, the individual instructor, the department, and the school or college.
Students who believe that they have been unfairly accused may appeal through the School or College’s academic grievance procedure. See Grievances under Student Rights in this section.
Source: http://bulletin.temple.edu/undergraduate/about-temple-university/student- responsibilities/#academichonesty
Turnitin Canvas Plagiarism Framework
All major written assignments and presentations will be automatically submitted to Turnitin within Canvas for originality. Turnitin detects word patterns that are identical to those in other digitally available work, which includes, peer-reviewed papers, blogs, newspaper articles, and previously submitted student work. Any identical wording between deliverables and that of any other work submitted digitally can be detected easily – if a quote is not appropriately marked and sourced, it constitutes as plagiarism.
Disability Statement
Any student who has need of accommodation based on the impact of a disability should contact the instructor privately to discuss the specific situation as soon as possible. Contact Temple University’s Disability Resources and Services (DRS) office at (215)204-1280 located in the Howard Gittis Student Center South, 4th Floor to coordinate accommodations for students with documented disabilities. Please contact the instructor and the DRS within the first week of class, at the beginning of the semester. DRS will establish a student’s needs and make necessary arrangements with faculty. If the student chooses not to contact DRS, he/she will be unable to receive accommodations retroactively, once exams are completed and/or course grades are submitted. Such decisions are made jointly between the DRS office and the instructor, at their discretion based on circumstances. Accommodation letters must be received by the instructor during the first two weeks of the semester.
Student Support Services
The following academic support services are available to support you:
- Student Success Center – https://studentsuccess.temple.edu/
- Online Tutoring – http://www.temple.edu/class/programs/writing/tutoring.html
- Business Communication Center – foxbcc@temple.edu and https://www.fox.temple.edu/institutes-centers/bcc/
- Writing Center – https://www.cla.temple.edu/wconline/
- University Libraries – https://library.temple.edu/webpages/remote-learner-support
- Career Center – https://www.temple.edu/life-at-temple/students/careers-and- internships/career-center)
- Tuttleman Counseling Services – https://counseling.temple.edu/access-services
- Disability Resources and Services – https://disabilityresources.temple.edu/
If you are experiencing food insecurity or financial struggles, Temple provides resources and support. Notably, the Temple University Cherry Pantry (https://studentcenter.temple.edu/cherry-pantry) and the Temple University Emergency Student Aid Program (https://careteam.temple.edu/emergency-student-
aid-0) are in operation as well as a variety of resources from the Office of Student Affairs (https://studentaffairs.temple.edu/).