MIS 385N.3 IT Security, Policy, and Compliance
This course builds skills for the prevention and mitigation of cybersecurity, data privacy, and ethical dilemma risks in digital artifacts and machine learning and AI algorithms by covering IT governance, risk, and control frameworks, ethical decision making frameworks, and relevant laws, regulations, and industry standards.
MIS 284N Cybersecurity Technical Foundations
This course provides students with foundational knowledge of contemporary technical cybersecurity topics relevant to current and future business and IT leaders. Students will obtain an in-depth understanding about the full strata of security from physical hacking, hardware, firmware/BIOS, operating system, application, virtual environments, cloud and networks. An emphasis is placed on analysis of real-life security failures and successes. Various defensive security tools will be discussed, demonstrated, and provided to students for hands-on student exercises. PKI, including TLS, X.509, TCP/IP security, trust models will be explored. Special challenges such as securing IoT, embedded systems (including medical devices) will be covered including a discussion of promising solutions. Security weaknesses of blockchain, including a recent successful attack, will be covered. Applied cryptography will be explored including key management, securing email, system-to-system connectivity, device encryption, non-repudiation, digital signatures, common deployment errors, revocation, code signing, and more.
MIS 384N e-Discovery and Digital Forensics
A comprehensive understanding of e-Discovery and Digital Forensics is useful for anyone involved in the management and operations of information technology environments. Business environments are nearly entirely run upon digital processing and transactions amongst interconnected computing platforms, e.g. PCs, servers, mobile devices, IoT devices, etc. The investigation of digital crimes such as financial fraud, identity theft and corporate espionage committed on business computing platforms requires structured legal discovery and technical forensics approaches.
The course will introduce the concepts needed to establish a functional understanding of e-Discovery and Digital Forensics that students can apply to real-world situations. The course will employ hands-on technical exercises and the use of case studies to create an experiential learning approach. Familiarity with Linux command line and virtual machines (VMware or VirtualBox) is helpful though not required.
MIS 284N Advanced Analytics in Cybersecurity Intelligence
Organizations face a variety of cyberattacks: e.g., DDoS, spam, malware, ransomware, account takeover, and IoT attacks, malicious insider programs, etc. This course will introduce students to advanced analytical applications for preventing such cyberattacks, or detecting and blocking them in a timely manner. Students will become familiar with what information security operations centers (ISOC) do to protect information and technology assets of organizations: e.g., monitor trends, identify irregularities, anomalies, and intrusions, model behaviors, and predict or detect and block cyber threats. Students will learn how to select and apply appropriate data analytical methods for cybersecurity intelligence in the information industry, including common threats, patterns, and trends, and best practices in protecting security and privacy. The course will use a hand-on learning approach. Students will learn how to collect and use current and historical data sources, how to develop statistical understanding of the types and intensities of cybersecurity threats, how to use machine learning and AI techniques in monitoring trends, visualizing threats, modeling behaviors and predicting threats, detecting irregularities, anomalies and intrusions, and supporting dynamic, intelligent risk management.
MIS 284N Human Dimensions of Cybersecurity
Despite millions of dollars invested in cybersecurity every year, the number of information security breaches continues to climb. Many managers and executives derive a false sense of security from the perception that “cybersecurity is an IT issue.” In reality, technological safeguards are necessary but insufficient to protect organizational and customer data. A comprehensive information security and cyber risk management program must also address the many threats posed by human actors – not just hackers – both inside and outside the organization.
This course explores both the risks and the opportunities posed by human interaction with organizational and customer data; introduces a framework for designing a comprehensive cyber risk management program beyond the technical safeguards; and provides guidance on using employee engagement methodologies to build a “human firewall.”