ISM529: Emerging Cyber Security Technology, Threats, and Defense
Credit Hours:
3
Contact Hours:
This is a 3-credit course, offered in accelerated format. This means that 16 weeks of
material is covered in 8 weeks. The exact number of hours per week that you can
expect to spend on each course will vary based upon the weekly coursework, as
well as your study style and preferences. You should plan to spend 10-25 hours per
week in each course reading material, interacting on the discussion boards, writing
papers, completing projects, and doing research.
Faculty Information
Name:
Phone:
CSU-Global Email:
Virtual Office Hours:
Course Description and Outcomes
Course Description:
This course provides students with the ability to explore and examine emerging trends and technology in cyber
security. Students will analyze organizations and review the feasibility of adopting new cyber security trends to
provide competitive advantages in the workplace. This course also evaluates how policies and procedures
continue to evolve as technology changes and becomes more capable in the workplace.
Course Overview:
Students explore and critically examine emerging trends and technology in the field of cyber security. The
course begins by establishing a definitional framework for the topic, examining the current state of cyber
security and privacy. The main body of the course presents an inventory of key emerging technologies and the
associated security risks and defenses, supported by student engagement with current websites, reports, and
news articles. Students analyze and apply their knowledge of technology, risk, and risk management to
organizational environments and consider the feasibility of adopting or abjuring specific security measures,
evaluate organizational impacts from current trends, and address current issues toward provision of competitive
advantages in the business workplace. Students also consider the evolution and future of security policies and
procedures as technology changes, becomes more powerful, and introduces new risks and defenses to
organizations.
Course Learning Outcomes:
1. Explain and evaluate the roles of security and privacy with respect to the information and
communication of an organization.
2. Compare and contrast the concepts of security and privacy and explain how the imperatives for each
may compliment or interfere with the imperative for the other.
3. Outline the basic threats, vulnerabilities, risks, and attacks on IT networks and describe and evaluate
how they have evolved over time.
4. Describe and analyze the implications of major emerging technology trends, issues, and threats to the
security and privacy of networks and information.
5. Plan and design policy and practices to defend against emerging security and privacy threats.
Participation & Attendance
Prompt and consistent attendance in your online courses is essential for your success at CSU-Global Campus.
Failure to verify your attendance within the first 7 days of this course may result in your withdrawal. If for some
reason you would like to drop a course, please contact your advisor.
Online classes have deadlines, assignments, and participation requirements just like on-campus classes. Budget
your time carefully and keep an open line of communication with your instructor. If you are having technical
problems, problems with your assignments, or other problems that are impeding your progress, let your
instructor know as soon as possible.
Course Materials
Required:
Anderson, R. (2008). Security engineering: A guide to building dependable distributed systems (2nd ed.). San
Francisco, CA: John Wyle & Sons, Inc. ISBN: 9780470068526
Mitnick, K. (2011). Ghost in the wires: My adventures as the world’s most wanted hacker. New York, NY: Little
Brown and Company. ISBN: 9780316037723
NOTE: All non-textbook required readings and materials necessary to complete assignments, discussions, and/or
supplemental or required exercises will be provided within the course itself. Please read through each course
module carefully.
Course Schedule
Due Dates
The Academic Week at CSU-Global begins on Monday and ends the following Sunday.
 Discussion Boards: The original post must be completed by Thursday at 11:59 p.m. MT and Peer
Responses posted by Sunday 11:59 p.m. MT. Late posts may not be awarded points.
 Mastery Exercises: Students may access and retake mastery exercises through the last day of class until
they achieve the scores they desire.
 Critical Thinking Activities: Assignments are due Sunday at 11:59 p.m. MT.
Week
#
Readings
Chapters 1 & 2 in Security Engineering: A Guide to Building Dependable Distributed
Systems
Chapter 8 (Sections 8.1-8.3) in Security Engineering: A Guide to Building Dependable
Distributed Systems
1
4

Discussion (25
points)
Critical
Thinking (110
points)

Discussion (25
points)

Discussion (25
points)
Critical
Thinking (110
points)
Binham, C. (2013, November 21). The hacker hunters. Financial Times. Retrieved from
http://www.ft.com/intl/cms/s/2/bccc8f3c-523c-11e3-8c4200144feabdc0.html#axzz2lxvPDLxa
Chapters 6-10 in Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
Chapters 5 (section 5.1 through 5.3 and 5.8), 7, & 18 in Security Engineering: A Guide to
Building Dependable Distributed Systems
3

Foreword, Prologue, & Chapters 1-5 in Ghost in the Wires: My Adventures as the World’s
Most Wanted Hacker
ISO. (2013, November/December). The new cyber warfare. ISO focus. Retrieved from
http://www.iso.org/iso/isofocus_101.pdf
Chapters 3, 4, & 21 (Sections 21.1 & 21.2) in Security Engineering: A Guide to Building
Dependable Distributed Systems
2
Assignments
Thomson, I. (2013, September 11). NIST denies it weakened its encryption standard to
please the NSA: Bruce Schneier tells agency its credibility is shot. The Register. Retrieved
from
http://www.theregister.co.uk/Print/2013/09/11/nist_denies_that_the_nsa_weakened_it
s_encryption_standard/
Chapters 23 & 24 (Sections 24.3.1 & 24.6) in Security Engineering: A Guide to Building
Dependable Distributed Systems
Cavoukian, A. (2009). Privacy by design. Retrieved from
http://www.privacybydesign.ca/index.php/paper/privacy-by-design/
Democracy Now! (2013, September 6). Undermining the very fabric of the internet: Bruce
Schneier on NSA’s secret online spying [Video file]. Retrieved from
http://www.democracynow.org/2013/09/06/undermining_the_very_fabric_of_the_inter
net



Discussion (25
points)
Critical
Thinking (110
points)
Chapter 21, section 21.3 through end in Security Engineering: A Guide to Building
Dependable Distributed Systems
5
6
ISO. (2013, November/December). Wicked world of cyberspace. ISO Focus. Retrieved from
http://www.iso.org/iso/isofocus_101.pdf
Chapter 19 sections 19.1-19.3.3 and 19.8 & Chapter 24 Security Engineering: A Guide to
Building Dependable Distributed Systems
Narayanan, A., & Shmatikov, V. (2010). Myths and fallacies of “personally identifiable
information.”Communications of the ACM, 53(6), 24-26. Retrieved from
http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf

Discussion (25
points)

Discussion (25
points)
Critical
Thinking (120
points)

Stewart, C. S., & Vranica, S. (2013, September 30). Phony web traffic tricks digital ads: As
online marketing budgets soar, fraudsters skim millions with “Botnets.” Wall Street
Journal. Retrieved from
http://online.wsj.com/article/SB10001424052702303464504579107082064962434.html
Chapters 22 (Sections 22.1-22.2.2) & 25 in Security Engineering: A Guide to Building
Dependable Distributed Systems

Discussion (25
points)

Discussion (25
points)
Portfolio (350
points)
ISO. (2013, November/December). The new cyber warfare, ISO Focus, Retrieved from
http://www.iso.org/iso/isofocus_101.pdf
Karisny, L. (2012, May 14). Smart grid security: An inside view from Patrick C. Miller:
Security is bolted on, not baked in. Digital Communities. Retrieved from
http://www.digitalcommunities.com/articles/Smart-Grid-Security-an-inside-view-fromPatrick-C-Miller.html
TheTruthAboutSmartGrids.org. (2013, October 3). Naperville smart meters keep track of
household activities. Retrieved from
http://thetruthaboutsmartgrids.org/2013/10/03/smart-meter-data-reveals/
7
Gregan, P. (2013, November 15). UK cyber unit warns on Bitcoins ransom
phishing bid. Financial Times. Retrieved from http://www.ft.com/cms/s/0/e57d4f864e39-11e3-8fa5-00144feabdc0.html
Caldwell, C. (2013, November 22). The mystery of Bitcoin is how it keeps users’ trust.
Financial Times. Retrieved from http://www.ft.com/cms/s/0/960c906c-5206-11e3-adfa00144feabdc0.html
Furlan, R. (2012, December 31). Build your own Google glass. IEEE Spectrum. Retrieved
from http://spectrum.ieee.org/geek-life/hands-on/build-your-own-google-glass
Kerr, P. K., Rollins, J., & Theohary, C. A. (2010). The Stuxnet computer worm: Harbinger of
an emerging warfare capability. Retrieved from
http://www.fas.org/sgp/crs/natsec/R41524.pdf
Chapters 26 & 27 in Security Engineering: A Guide to Building Dependable Distributed
Systems
8
Georgia Institute of Technology. (2013). Emerging cyber threats report 2013. Retrieved at
http://gtsecuritysummit.com/pdf/2013ThreatsReport.pdf

Borger, J. (2013, September 24). Brazilian president: US surveillance a breach of
international law. The Guardian. Retrieved from
http://www.theguardian.com/world/2013/sep/24/brazil-president-un-speech-nsasurveillance
Glenny, M. (2013, October 28). Leaks have weakened American control of the web.
Financial Times Retrieved from http://www.ft.com/cms/s/0/007c7ed2-3d60-11e3-992800144feab7de.html
Goodin, D. (2013, November 21). LG smart TV snooping extends to home networks,
second blogger says Internet-connected TVs from LG phone home with file names in
shared folders. ARS Technica. Retrieved from
http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-homenetworks-second-blogger-says/
Jones, S. (2013, December 5). Cyber war technology to be controlled in same way as arms.
Financial Times. Retrieved from http://www.ft.com/intl/cms/s/2903d504-5c18-11e3931e-00144feabdc0.html
Berners-Lee, T., Aaron, C., Esterhuysen, A., Falcão, J. A., Ojo, E., Puddephat, A., Singh, P. J.,
Solomon, B. (2013, December 5). Time is running out to protect our online freedoms.
Financial Times. Retrieved from http://www.ft.com/intl/cms/s/2fd822ea-5c3b-11e3-b4f300144feabdc0.html
Moyers, B. (2013, November 8). Heidi Boghosian on Spying and Civil Liberties [Video file].
Retrieved from http://billmoyers.com/segment/heidi-boghosian-on-spying-ondemocracy/
Gellman, B., & Ashkan, S. (2013, October 30). NSA infiltrates links to Yahoo, Google data
centers worldwide, Snowden documents say. Washington Post. Retrieved from
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoogoogle-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-416611e3-8b74-d89d714ca4dd_story.html
Mathews, L.. (2013, October 29.). Chinese appliances are shipping with malwaredistributing WiFi chips. Retrieved from http://www.geek.com/apps/chinese-appliancesare-shipping-with-malware-distributing-wifi-chips-1575315/
Brown, J. (2013, May 28). Is U.S. less secure after Chinese hack weapons designs [Video
file] ? PBS Newshour. Retrieved from http://www.pbs.org/newshour/bb/asia/janjune13/china_05-28.html
Assignment Details
This course includes the following assignments/projects:
Module 1
Critical Thinking: Social Engineering (110 Points)
Both Anderson in Security Engineering and Mitnick in Ghost in the Wires refer to social engineering as a critical
aspect of cyber security. Search the Internet or the CSU-Global Library (the Lexis-Nexis Academic database might
be useful) to find two examples of cyber security breaches that exemplify the concept of social engineering as
discussed by both authors. Note that you can, if you wish, use the same examples for this week’s Discussion forum.
Apply Anderson’s and Mitnick’s discussions of the role of social engineering to the activities described in your
examples. In your paper, address each of the following items:
1.
2.
3.
4.
5.
Briefly describe the two examples of security breaches and describe the role played by social engineering
in bringing them about.
Define and analyze the concept of social engineering in the contexts of both of your examples.
Offer suggestions regarding how the victims of both incidents could have protected against the social
engineering component of the security breach.
Cite statements made about social engineering by Anderson and Mitnick and discuss whether and how
the two authors’ different perspectives on the conception of social engineering provide different insights
into your examples.
Explain why social engineering is an important consideration in the field of cyber security.
Support your analysis by citing specific statements about social engineering by both authors and at least one
additional credible or scholarly source. The CSU-Global Library is a good place to find credible and scholarly
sources. Your paper should be 2-3 pages in length with document and citation formatting per CSU-Global Guide to
Writing and APA Requirements.
Module 2
Critical Thinking: Incremental Delivery due 11:50 PM on Sunday of Week 2
Review the Portfolio Project Description on the Module 8 Assignments page.
Submit a brief description of the “real or hypothetical corporation (profit or non-profit) or other type of
organization that uses IT in its product, activities, or operations” that will serve as the scenario for your Portfolio
Project. If you work or have worked for an organization could benefit from an information network security policy,
consider using your place of employment as the scenario for your project.
Your description should be at least a paragraph and no more than a page in length.
Though you will not receive immediate points for this deliverable, it is a part of your Portfolio Project requirements
and points will be applied to or deducted from your final project grade if the deliverable is not completed and
submitted as assigned. See the Portfolio Project grading rubric on the Course Information page for details. You will
receive valuable instructor feedback on your description that should be processed when you complete the
Portfolio assignment.
Module 3
Critical Thinking: System Vulnerabilities (110 Points)
This week’s readings illustrate that key network protocols and operating systems that are widely used and
depended on in the current technical landscape (e.g., Internet, Unix, Windows, Apple OS, etc.) are vulnerable to
cyber-attack, in part because they were not originally designed for the purposes to which they are now applied.
Search the Internet or the CSU-Global Library (the Lexis-Nexis Academic database might be useful) to find two
examples of organizations that exhibit vulnerabilities to one or more network security problems. A viable research
strategy might be to search for articles about businesses that offer information services or extensively use
information technology, including as search terms the protocols or operating systems discussed in the module.
Briefly describe each example and discuss the associated vulnerabilities, the reasons for them, and the reasons
why they are difficult to remedy. Your answer should address the following points:
1.
2.
3.
4.
5.
Describe the sorts of attacks that take advantage of these limitations.
Describe what could go wrong and why with respect to the types of security issues illustrated by your
examples.
Propose remedies or approaches to security that might serve to prevent breaches of security with respect
to your cases.
Explain the assumptions of the original developers of the software product associated with the
vulnerability regarding how their products or systems would be applied and why they may have been
inadequate.
Address the question of why consumers and organizations tolerate the vulnerabilities associated with
popular ORs. Do viable solutions exist? If so, what stands in the way of their implementation? Support
your response or position.
Support your analysis by citing specific statements from this week’s required readings and at least two additional
credible or scholarly sources. The CSU-Global Library is a good place to find credible and scholarly sources. Your
paper should be 2-3 pages in length with document and citation formatting per CSU-Global Guide to Writing and
APA Requirements.
Module 4
Critical Thinking: Security and Privacy (110 Points)
As defined earlier in this course, security is the state of being free from danger or threat and privacy is being free
from being observed or disturbed. This exercise explores the relationships between these two concepts in the
context of organizational data and networking operations and priorities.
Search the Internet or the CSU-Global Library (the Lexis-Nexis Academic database might be useful) to find two
examples of incidents in which security and privacy have been breached. Submit an essay that addresses each of
the following points:
1.
2.
3.
4.
Briefly summarize your cases and describe how issues of privacy and security play out in each case.
Describe how privacy and security concerns reinforce and/or conflict in each case. Describe and evaluate
any trade-offs between the need for one versus the other and explain instances wherein the need for
security might pre-empt or forfeit privacy.
Explain whether the data or information would be more secure if private and/or more private if secure.
Evaluate whether, why, and how individuals and organizations tolerate or justify conflicts or forfeiture
where security and privacy are concerned. Support your response or position.
Support your analysis by citing specific statements from this week’s required readings and at least two additional
credible or scholarly sources. The CSU-Global Library is a good place to find credible and scholarly sources. Your
paper should be 2-3 pages in length with document and citation formatting per CSU-Global Guide to Writing and
APA Requirements.
Module 6
Critical Thinking: Describe and Analyze an Emerging Security Issue (120 Points)
A wide range of emerging technologies and associated security issues and threats have been identified in this
course. The list provided in the course is by no means complete, nor is it possible to have a complete list.
For this assignment, Identify, explain, analyze, and evaluate an emerging technology that is associated with
security issues and threats that has not been covered in the course. Conduct research on the Internet or the CSUGlobal Library to find and research your topic. Then submit an essay that addresses the following points:
1.
Describe the emerging technology, security issue(s) and/or threat(s).
2.
3.
4.
5.
Explain why it creates problems, what sort, for who or what, to what broader consequences.
Analyze the emerging technology/issue/threat in the context of broader trends and tendencies in the
context of technology and security.
Describe its broader security implications and relationships with other technologies or issues.
Describe what might be a possible defense, remedy, or mitigation of risk.
Support your analysis by citing specific statements in the required readings for Modules 4, 5, and/or 6 and at least
two additional credible or scholarly sources. The CSU-Global Library is a good place to find credible and scholarly
sources. Your paper should be 2-3 pages in length with document and citation formatting per CSU-Global Guide to
Writing and APA Requirements.
Module 8
Portfolio Project: Apply the new NIST Cybersecurity Framework to an Organization (350 Points)
Background: In October 2013, The Preliminary Cybersecurity Framework was released by the National Institute of
Standards and Technology (NIST) for public review and comment. The Framework is described in the following
document, which is linked from the Portfolio Project Description on the Week 8 Assignments page.
NIST. (2013). Preliminary cybersecurity framework: Executive order 13636, Improving critical infrastructure
cybersecurity. Gaithersburg, MD: National Institute of Standards and Technology.
Also read more about the NIST Framework at http://www.nist.gov/cyberframework/.
The Framework, developed in collaboration with industry, provides guidance to organizations on the management
of cybersecurity risk. A key objective of the Framework is to encourage organizations to consider cybersecurity risk
as a priority similar to financial, safety, and operational risk while factoring in larger systemic risks inherent to
critical infrastructure.
Preparation: Choose a real or hypothetical corporation (profit or non-profit) or other type of organization that
uses IT in its product(s), service(s), activities, and/or operations. If you work in an organization or field that could
benefit from an information network security analysis, you might choose use it as your case.
Assignment: Prepare a well written security policy analysis for your organization that utilizes the concepts learned
in the course and the NIST Framework as a basis for your analysis.
Your portfolio project report should include the following elements:
1.
2.
3.
4.
Introduction briefly summarizing the organization’s mission, goals, products/services, business model, and
strategy.
Analysis of the organization’s situation and needs relative to its clients/customers, staff, management,
and owners or other stakeholders.
Analysis and synthesis of the organization’s needs using the Framework Core and Framework Profile
methodologies as tools. A Framework Profile is a tool to enable an organization to establish a roadmap for
reducing cyber security risk that is well aligned with organization and sector goals, considers
legal/regulatory requirements and industry best practices, and reflects risk management priorities. A
Framework Profile can be used to describe both the current state and the desired target state of specific
cyber security activities, thus revealing gaps that should be addressed to meet cyber security risk
management objectives.
Your assessment of the NIST Framework itself and its usefulness or shortcomings for your organization.
This Framework is new and was released for public review and comment, posing a number of questions
that you should address (see page i, “Note to Reviewers”).
Make sure that your analysis addresses the basic elements of a good security policy as may be appropriate to your
organization. Such elements might include a vulnerability assessment, firewall provisions, encryption systems,
authentication and authorization, intrusion detection, virus detection, codes of ethics, legal/compliance
requirements, education, training, incident reporting, etc.
The last part of your report should provide a critique of the efficacy of the NIST Framework, how well it serves your
needs, and what might be its shortcomings. Also address any specifications in the framework that are not
applicable to, or efficacious for, your organization and whether any important foundational elements absent in the
framework need to be added.
Discuss and cite at least three credible or scholarly sources other than the course textbooks (which can be cited as
well) to support your analysis and policy choices. The CSU-Global Library is a good place to find credible and
scholarly sources. Your paper should be 8-10 pages in length with document and citation formatting per CSUGlobal Guide to Writing and APA Requirements.
Recommendation: It is recommended that students review Chapter 8 and other relevant portions in the course
textbook, Security Engineering, early in the term and apply the knowledge therein to planning and drafting the
Portfolio Project. (Relevant material can be found by consulting the index entries under “security policies.”)
Incremental Delivery due 11:50 PM on Sunday of Week 2
Submit a brief description of the “real or hypothetical organization, corporation (profit or non-profit), or institution
that uses IT in its product, activities, or operations” that will serve as the scenario for your Portfolio Project. If you
work or have worked for an organization could benefit from an information network security policy, consider using
your place of employment as the scenario for your project.
Your description should be at least a paragraph and no more than a page in length.
Course Grading
Grading Scale and Policies
20% Discussion Participation
45% Critical Thinking Activities
35% Final Portfolio Paper
A
95.0 – 100
A-
90.0 – 94.9
B+
86.7 – 89.9
B
83.3 – 86.6
B-
80.0 – 83.2
C+
75.0 – 79.9
C
70.0 – 74.9
D
60.0 – 69.9
F
59.9 or below
In-Classroom Policies
For information on late work and incomplete grade policies, please refer to our In-Classroom Student Policies
and Guidelines or the Academic Catalog for comprehensive documentation of CSU-Global institutional policies.
Academic Integrity
Students must assume responsibility for maintaining honesty in all work submitted for credit and in any other
work designated by the instructor of the course. Academic dishonesty includes cheating, fabrication, facilitating
academic dishonesty, plagiarism, reusing /re-purposing your own work (see CSU-Global Guide to Writing and
APA Requirements for percentage of repurposed work that can be used in an assignment), unauthorized
possession of academic materials, and unauthorized collaboration. The CSU-Global Library provides information
on how students can avoid plagiarism by understanding what it is and how to use the Library and Internet
resources.
Citing Sources with APA Style
All students are expected to follow the CSU-Global Guide to Writing and APA Requirements when citing in APA
(based on the APA Style Manual, 6th edition) for all assignments. For details on CSU-Global APA style, please
review the APA resources within the CSU-Global Library under the “APA Guide & Resources” link. A link to this
document should also be provided within most assignment descriptions on your course’s Assignments page.
Netiquette
Respect the diversity of opinions among the instructor and classmates and engage with them in a courteous,
respectful, and professional manner. All posts and classroom communication must be conducted in accordance
with the student code of conduct. Think before you push the Send button. Did you say just what you meant?
How will the person on the other end read the words?
Maintain an environment free of harassment, stalking, threats, abuse, insults or humiliation toward the
instructor and classmates. This includes, but is not limited to, demeaning written or oral comments of an ethnic,
religious, age, disability, sexist (or sexual orientation), or racist nature; and the unwanted sexual advances or
intimidations by email, or on discussion boards and other postings within or connected to the online classroom.
If you have concerns about something that has been said, please let your instructor know.