Cybersecurity for MSSE 2023
MSSE second-year students may request a cybersecurity elective as course SENG 5271. If the course is not chosen to be an offered elective, students may take it as an independent study. In either case, the course is entirely online.
The course provides a broad introduction, while focusing on the practical engineering aspects of cybersecurity. I hate lecturing, so most lectures are presented through my Coursera course. We explore the distinction between security objectives (i.e. requirements) and security mechanisms (i.e. implementation). We look at the security tools used for authentication, access control, cryptography, and network security. While this may skirt on some fearsome mathematics, we will limit ourselves to grade school algebra and set theory, salted with simple concepts from probability.
Students begin the course with modules from my Cybersecurity in the Cloud specialization offered on Coursera, plus readings and labs from my textbook Elementary Information Security.
Now, don’t panic if cloud computing is not your thing.
The Coursera specialization relies heavily on examples taken from cloud computing, but the concepts apply broadly across cybersecurity. We complete three-fourths of the specialization and then students focus on individually-chosen specialty topics. These may be in-depth readings with discussions, or software-oriented projects.
Class time is spent in Q&A, discussions, and lab sessions. Each lab may last 60-90 minutes and they are graded. In smaller classes, I grade them pass-fail, though I can’t guarantee doing that with a larger class. If the class is too large for one lab session, I’ll split the class into groups and spend part of the class time with each group. I enjoy hands-on (though remote) work with the individual students.
The first 10 or 12 weeks of the semester cover the Coursera material, usually one week per module, plus an online lab. A typical module contains an hour of video lecture and demonstration, and an hour or so of assessments: quizzes and peer-reviewed research assignments. I encourage students to pick different topics for the peer-reviewed assignments to reduce the potential boredom of reviewing each other’s work. And, if you think it’s boring to read about cyberattacks, why would you take a cybersecurity elective.
Planned Course Schedule
| Day | Week | Course | Module | Topic | Lab |
|---|---|---|---|---|---|
| Saturday | 1 | 1 | 1 | Attack Surface | Google drive access ctl |
| Friday | 2 | 1 | 1,2 | Net Security Architecture | Network search, nmap |
| Saturday | 3 | 1 | 3 | Net Crypto, CVSS | Secret-key crypto |
| Friday | 4 | 1 | 4 | Cloud Arch, Virtualization | Public-key crypto |
| Saturday | 5 | 2 | 1 | Databases, States | Server Certificates |
| Friday | 6 | 2 | 2 | SQL, Data Breaches | Injection Demos |
| Saturday | 7 | 2 | 3 | Vendor Data Services | SOC 1-2-3 |
| Friday | 8 | 2 | 4 | Data Privacy | DNS research |
| Saturday | 9 | 3 | 1 | App Arch | Email tracing |
| Friday | 10 | 3 | 2 | Authentication | Hash cracking, entropy |
| Saturday | 11 | Spring Break | NO CLASS | ||
| Friday | 12 | 3 | 3 | Sessions | Vulnerability scanning |
| Saturday | 13 | 3 | 4 | Scripts | Script based attacks |
| Friday | 14 | Research and Recitation | |||
| Saturday | 15 | Graduation | NO CLASS | ||
| Saturday | 16 | Research and Recitation |
The Coursera Specialization
Coursera organizes its offerings around specializations, courses, and modules:
- A module typically contains educational material that a learner will take a week to complete.
- A course typically runs for a few weeks. Each typically contains three to six modules.
- A specialization typically takes a few months to complete, similar to a semester-long course. Each contains three or more courses.
Here are links to the four Coursera courses in the specialization:
- Cloud Security Basics
- Cloud Data Security
- Cloud Application Security
- Cloud Top Ten Risks (not required for this class)
I have posted draft videos from the first course on Vimeo, if you want to view examples of online course videos.
During SENG 5271 or an independent study, students participate in a “private session” of each Coursera course. I will provide all registered students with a sign-up link for each private of the 3 private sessions – there is one session per course. If you want to complete the optional fourth course, I’ll provide a signup for that, too.
*** This is a Security Bloggers Network syndicated blog from Cryptosmith authored by cryptosmith. Read the original post at: https://cryptosmith.com/2022/04/12/msse-2023/