Issues

• Cybersecurity is a huge topic
• This course has essentially no prerequisites!
• The field is moving quickly

Approach

We will use the textbook as our guide but need to think critically about:

• Whether the material up to date and sufficiently comprehensive
• Can we extract general principles or concepts from what we read
• Is there a better approach to understanding the topic

Course Texts

1. Computer Security Fundamentals, 4th Edition, Dr. Chuck Easttom, 2020. Course Text

2. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition by Darril Gibson; James M Stewart; Mike Chapple Published by Sybex, 2018.

3. Learn Kali Linux 2019, Glen D. Singh, Packt Publishing, November 2019, ISBN: 9781789611809.

Terminology, Abbreviation, and Acronyms

So many to remember and look up

• Master NIST Cybersecurity Glossary, very complete but was slow when I tested it.
• National Initiative for Cybersecurity Careers and Studies Glossary. Good but not comprehensive.
• SANS Institute Glossary

Case Studies

We need to be familiar with a reasonable sample of famous and/or recent attacks

• We’ll use the very well produced and entertaining Darknet Diaries podcast

• Approximately one podcast per week will be assigned for you to listen to.

• Suggestions for other sources of cases studies are welcome.

Not a Programming Class

We may write some small programs to illustrate some core concepts

• You may use Python

• You may use JavaScript via Node.js (or the browser)

• No other languages will be accepted

What We Don’t Have Time For

• Hands on with Pen testing tools
• Hands on with Forensics
• Hands on Malware analysis

Hands on with Cryptography

• You will learn how to set up SSH public and private keys for working with remote servers as part of public key cryptography

• We run symmetric encryption algorithms via GnuPG

• Set up a “web of trust” based public key infrastructure for secure emails with classmates

Possible Hands On

• OSINT (Open Source Intelligence)
• Scanning for Malware
• Privacy enhancement
• Darknet/TOR

Purpose

To gain and share more in depth and up to date knowledge in an important area of cybersecurity.

Project/Report Sample Areas 1

1. Identity (Authentication, Authorization)
   1. Solid Project use of Identities.
   2. Setting up a Solid Pod.
   3. WebID, Oauth 2, OpenID, etc…
2. Pen Testing (Kali Tools in Virtual Network)
   1. Website Penn testing
   2. Other

Project/Report Sample Areas 2

3. Malware
   1. Detection, removal
   2. Analysis
   3. Creation
4. Privacy and Tracking on the Web
   1. Latest techniques
   2. Countering the techniques: theory, tools, browsers
5. Cybersecurity and the Law
   1. The Latest Privacy Laws (EU, California, etc…)
   2. Breach related laws

Technical Writing

CSUEB Writing rubric enhanced for CS671 (Dr. Levent Ertaul)

From Google Technical Writing:

Comedy writers seek the funniest results, horror writers strive for the scariest, and technical writers aim for the clearest. In technical writing, clarity takes precedence over all other rules.

Technical Writing Resources

• CSS Tricks: Advice for Technical Writing

• Google’s technical writing courses

• Your suggestions here