Introduction to Cyber Security (College)

by David Nimri

An introduction to the fundamental principles and topics of Information Technology Security and Risk Management at the organizational level. The coursework addresses hardware, software, processes, communications, applications, and policies and procedures with respect to organizational Cyber Security and Risk Management. Of utmost importance is hands-on learning versus lecture. Students will complete hands-on labs to practice the technical aspects of Information Security. The course should help with preparation for the CompTIA Security+ certification exam. This course can be included in an Associates Degree path in Cyber Security and/or Computer Information Systems.

Program Information
Course Certification Elements
Course Competencies / Outcomes

Hands-on labs should make up about 50% of course time.  Therefore, demonstration of skills and abilities should be primarily done via hands on labs and tests should be used to demonstrate knowledge of topics.   

Upon completion of this course, students should be able to demonstrate skills, knowledge or abilities of the following topics:

  • Authentication.
  • Attacks and malicious code.
  • Removing access. 
  • Email and web security. 
  • Directory and file transfer services. 
  • Wireless and instant messaging. 
  • Media and medium. 
  • Network security typologies. 
  • Intrusion detection. 
  • Security Baselines. 
  • Cryptography. 
  • Physical security. 
  • Disaster recovery and business continuity. 
  • Computer forensics and other advanced topics.
  • Prepare for taking the Security+ exam
  • Lay the foundation for the Ethical Hacking followup course
Course Work Based Learning Activities

Students will:

  • Collaborate with industry to resolve information technology issues.
  • Coordinate project activities with other personnel or departments.
  • Develop computer or information security policies or procedures.
  • Implement security measures for computer or information systems.
  • Monitor the security of digital information.
  • Test computer system operations to ensure proper functioning.
  • Train others in computer interface or software use.
  • Troubleshoot issues with computer applications or systems.
  • Update knowledge about emerging industry or technology trends.
  • Exposure to public and private cloud technologies
  • Complete hands on labs in virtual machines to practice technical skills. 
  • Be exposed to industry guest speakers to understand IT operations


    Course Materials

    Students will have:

    • Exposure to systems with vulnerabilities, exploitation tools, systems management tools, and mitigation methods/tools
    • Access to Wifi routers, firewalls and network switches
    • Security+ certification books similar to:
      • ISBN-10: 1118875079
      • CompTIA Security+ Study Guide: SY0-401 6th Edition. Dulaney, Emmett.
    • Misc hacking tools and equipment with vulnerabilities  (Kali, drones, etc)
    • Access to Virtual Machines should be provided to complete hands-on topics and labs.  Examples of lab environments include: 
      • NDG Group NetLAB+
      • RAVE
      • U-Certifiy
    Course Units (1 semester course)

    Unit 1 (Fundamental Principles)

    Unit Length (Hours):

    2 weeks

    Unit Description:

    An introduction to the fundamental principles of information systems security.

    Unit Competencies/ Outcomes

    Students should be able to define the concepts of threat, evaluation of assets, information assets, physical, operational, and information security and how they are related. Students should be able define and understand key topics such as confidentiality, integrity and viability (CIA). 

    Unit Assessment

    Students should take a test that challenges them to demonstrate knowledge of basic fundamentals of security.   For example, a student should be able to identify the relationship between Integrity and Availability.

    Unit 2 (Network Security)

    Unit Length (Hours): 

    3 weeks

    Unit Description:

    In this unit, students should be introduced to network designs elements, network components and devices, administrative and technical security principles and address different scenarios. Apply security technologies and Define the role of firewalls, routers, switches, intrusion detection systems, and other networking hardware.

    Unit Competencies/ Outcomes

    Students should be able to explain network design elements and components. Given a scenario, students should be use network administration principles, protocol controls and services to secure a network. They should also be able to troubleshoot security issues on wireless devices.  Finally, students should be introduced to the best practices of implementing security configuration parameters on network devices and systems.

    Unit Assessment (in order of importance)

    Labs, Tests and hand outs.  

    Detail: Tests should be used with a handout to ensure the student can identify the different elements of a network, which devices perform what role in a network, and which methods can be used to secure a network. Labs should include configuring a firewall, capturing network traffic, and securing wired/wireless networks.

    Unit 3 (Compliance and Operational Security)

    Unit Length (Hours): 

    2 Weeks

    Unit Description:

    This unit will help students evaluate the need for the careful design of a secure organizational information infrastructure. Perform risk analysis and risk management, determine both technical and administrative mitigation approaches. Explain the need for a comprehensive security model and its implications for the security manager or Chief Security Officer (CSO).

    Unit Competencies/ Outcomes

    Students should be to explain the importance of risk related concepts, and summarize the security implications of integrating systems and data with third parties. Given a scenario, students should be able to implement risk mitigation strategies, forensic procedures and summarize incident response procedures. They should be able to capture the importance of security awareness, training, and be able to recommend risk management best practices. Students should be able to compare and contrast physical security, environmental controls and given a scenario, they should be able to select appropriate controls.

    Unit Assessment (in order of importance)

    Labs, Tests and hand outs.  

    Detail: Test should focus on risk management to determine data classifications, the appropriate level of controls for those data classifications and possible mitigation/resolution strategies and creating a security plan. Labs should focus on reviewing Access Control Lists, IAAA controls, outline basic security practices.

    Unit 4 (Threats and Vulnerablities)

    Unit Length (Hours):

    3 weeks

    Unit Description:

    This unit provides students with the knowledge and skills to identify threats and apply security technologies and techniques to mitigate threats.

    Unit Competencies/ Outcomes

    Students should be able explain the types various of malware, wireless attacks, and application tacks. They should be able to summarize social engineering attacks and the associated effectiveness with each attack. They should also be expected to analyze a scenario and select the appropriate type of mitigation and deterrent techniques. Finally, students should be able to explain the proper use of penetration testing versus vulnerability scanning.

    Unit Assessment (in order of importance)

    Labs, Tests and hand out. 

    Tests should ensure students understand the various threats and attacks.  Labs should focus on analyzing the types of application attacks, incident response procedures, log analysis, and scenario resolution. Labs should also focus on discovering security threats and vulnerabilities.

    Unit 5 (Application, Data and Host Security)

    Unit Length (Hours):

    2 weeks

    Unit Description:

    This unit should focus on the application of risk management techniques to manage risk, reduce vulnerabilities, threats, and implementation of appropriate safeguards/controls.

    Unit Competencies/ Outcomes

    Students should be able to explain the importance of application security controls, techniques and select the appropriate solution to establish host security in given a scenario. They should be able to summarize mobile security concepts and technologies. Students should be able to implement appropriate controls to ensure data security, as well as be able to compare and contrast alternative methods to mitigate security risks in static environments.  

    Unit Assessment (in order of importance)

    Labs, Tests and hand outs.  

    Detail: Tests should focus on identifying which vulnerabilities pose the greatest risk to the environment, systems management and systems security.  Labs should focus on encryption, implementing controls that are scenario appropriate, and enumerating hosts and vulnerabilities. 

    Unit 6 (Access Control and Identity Managment)

    Unit Length (Hours):

    3 weeks

    Unit Description:

    This unit should help students identify, understand and implement the different types of access controls and identity management.

    Unit Competencies/ Outcomes

    Students should be able to compare, contrast and select appropriate authentication authorization or access control services.  Using best practices as a guide, students should be able to install and configure security control and performing account management.

    Unit Assessment (in order of importance)

    Labs, Tests and hand outs.

    Details: Tests should focus on access controls, Identification, authentication, authorization and auditing.   Labs will focus on installing and configuring different security controls, account management and log review.

    Unit 7 (Cryptography)

    Unit Length (Hours):

    2 weeks

    Unit Description:

    This unit should focus on basic cryptography, its implementation considerations, and key management.

    Unit Competencies/ Outcomes

    Students should be able to understand, compare and contrast different cryptography techniques.  Given a scenario, students should be able to utilize general cryptography concepts. Students should be able to use PKI, certificate management and associated components. 

    Unit Assessment (in order of importance)

    Labs, Tests and hand outs.

    Details: Tests should allow students to demonstrative knowledge of encryption keys, encryption types and selecting the appropriate cryptography and controls based on a scenario.  Labs should focus on the use of cryptographic methods, PKI, and certificate management.

    Course Summative Assessment

    Consider using this to prepare the student to take the CompTIA Security+ exam. The final should focus on learned topics, identification of appropriate procedures and key terms.