All CSUSM

# Course Descriptions

MATH 503 Cryptography (3)
Fundamentals of protecting confidentiality, integrity and availability of information in computer systems. This covers the fundamentals of cryptographic concepts and methods and several encryption/decryption algorithms will be discussed. It includes an introduction to the mathematics behind cryptography including number theory, group theory and probability theory; cryptographic algorithms including classical methods, symmetric key systems, public key systems, hash functions, digital signatures and certificates; cryptanalysis and attacks; and access control including authentication and authorization. Assignments include programming labs to apply public keys, dictionary attacks, digital signatures and certificates.  The course cannot be counted towards the Master's degree in Mathematics.

Upon successful completion of the course, students will be able to:

1. Identify basic structures of cryptographic algorithms from a mathematical and computer scientific viewpoint
2. Describe the common cryptographic protocols used to protect information
3. Identify common flaws in cryptographic regimes
4. Apply current/common cryptographic technologies and controls for authentication and encryption
5. Communicate their analyses and decisions effectively

Prior knowledge required:

• Discrete mathematics (counting, set theory, modular arithmetic)
• Elementary probability
• Familiarity with functions, especially exponential and logarithmic

MCS 500 (2) Introduction to Cybersecurity
Overview of the field of cybersecurity, including different role players, common terms, fundamental technical elements, and fundamental management elements. Includes current events in cybersecurity.

MCS 510 Security in Computer Networks (3)
Theoretical and practical aspects of security in computer networks, including wired and wireless networks will be covered. Subjects include: fundamental techniques and protocols used to insure secure communications, common attacks and defenses, and vulnerability assessment of network systems. Application and operationalization of network security technologies and techniques. Prerequisite: MATH 503.

Upon successful completion of the course, students will be able to:

1. Recognize design and analysis of network security architectures, protocols, and services in both wired and wireless networks
2. Identify network security standards, their functionality and limitations
3. Identify network attacks and analyze defense techniques against them
4. Apply and operationalize network security technologies and techniques
5. Communicate their analyses and decisions effectively

Prior knowledge required:

• A fundamental understanding of networking concepts
• A basic understanding of the standard protocols and services provided by the various layers of the protocol stack
• Some limited programming experience with languages or scripts such as C/C++,  Java, Perl, PHP, Python
• Familiarity with the architecture and features of a LAN and WAN, such as the Internet
• A fundamental understanding of network security and the basics of Common Gateway Interface (CGI) and web application programming

MCS 511 Secure Features in Operating Systems (3)
Provides an overview of the current security of most commercial operating systems and examines the fundamental concerns of security in modem operating systems. Covers the analysis of the operating systems model for computer system security criteria as it pertains to overall system vulnerability. Based upon the security requirements and general architecture of secure operating systems publically available security enhanced operating systems are examined and evaluated.

Upon successful completion of the course, students will be able to:

1. Identify fundamental security features in a modem operating system.
2. Analyze threats behind operating system security
3. Identify vulnerabilities of a computer system
4. Develop and apply appropriate techniques for operational security
5. Communicate their analyses and decisions effectively

Prior knowledge required:

• A fundamental understanding of modern operating system design and implementation
• A basic understanding of operating system structure and operation including process management, memory management, storage management as well as current protection and security mechanisms
• A solid background using various operating systems interfaces, system calls, system programs and operating system debugging/monitoring
• Familiarity with a command line interface such as a Linux shell is encouraged. Some limited programming experience using C/C++, Java or shell programming would be beneficial

MCS 512 Development of Secure Software (4)
Introduction to the development of secure software during all phases of the software development life cycle. An emphasis is placed upon the secure code implementation and the most common pitfalls and security bugs found in programming languages. Risk assessments, threat modeling and secure code analysis of existing systems are also considered one of the primary topics. Hands-on exercises will be required in laboratory sessions.

Upon successful completion of the course, students will be able to:

1. Identify security issues in current programming languages and methods
2. Evaluate applications using secure coding standards
3. Perform application risk assessment of existing systems
4. Communicate their analyses and decisions effectively

Prior knowledge required:

• Experience using at least one modern programming language (not a scripting language)
• Knowledge of common features in modern programming languages

MCS 610 Offensive Security & Penetration Testing (4)
Introduction to the latest penetration testing techniques. Covers pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post exploitation, and reporting in penetration testing. Methodologies for web applications will be covered, including choosing the best techniques and tools for security situations. Prerequisites: MCS 510, 511, 512

Upon successful completion of the course, students will be able to:

1. Define and use the terms used in penetration testing
2. Describe the steps in penetration testing
3. Choose and apply the right penetration technique for a given situation
4. Choose and apply the right penetration tools for a given situation
5. Describe the required content of a report after penetration testing

MCS 611 Intrusion Detection and Icident Response (4)
Focuses on investigating threats against computers and networked systems. Covers principles and techniques of intrusion detection such as network traffic analysis, packet analysis, application protocol layer for common protocols and log analysis. Evaluates the use of intrusion detection tools and services. Prerequisites: MCS 510, 511, 512

Upon successful completion of the course, students will be able to:

1. Understand and identify threats against computers and network systems
2. Analyze and evaluate network traffic, system logs
3. Describe principles of incident response and incident management
4. Develop incident reports and analysis presentations

MCS 660 Communication in a Technical Industry (2)
Provides insight and practice in the forms of communication between technical and non-technical audiences including presentations, proposals, organizational reporting/reports and other communication demands found in industry. Students will differentiate between objectives of the various communication purposes and understand key steps and ingredients for effective communication.

MCS 680A Semester-in-Residence Writing Workshop (1)
Provides tools and a focused pathway and complete Semester-in-Residence Project.

Enrollment is restricted to students who have been admitted to the Master of Science in Cybersecurity Program.

MCS 680B Internship/Semester-in-Residence (4)
Provides industry experience in the Cybersecurity field under the guidance of a graduate committee consisting of a faculty member, an industry representative and the Program Director.  Leads to establishing/accomplishing goals, communicationg work/project progress, acquiring broad organizational insight and demonstrating core competencies required for the degree.  Culminates in a written project document and an oral presentation to fellow students, faculty and industry representatives.

Enrollment is restricted to students who have been admitted to the Master of Science in Cybersecurity program. Enrollment Requirement: An officially appointed advisory committee and advancement to candidacy.

MGMT 521 Principles of Organizational Behavior and Leadership for Security Management (2)
Covers the key topics in organizational behaviors and leadership seeking to explain people’s behavior and experiences in various types of organizations, as well as how to effectively lead people to accomplish shared goals. Explores how research and knowledge of these topics can be applied in managing information systems and security related projects specifically, and in organizations more generally. Issues in contractual negotiations and effective communication inside organizations will also be addressed.

Upon successful completion of the course, students will be able to:

1. Distinguish between the main concepts and theories of
2. Organizational Behavior (OB) and Leadership in the context of security management
3. Apply key OB and Leadership concepts to real world situations in cybersecurity
4. Analyze and describe responses to security incidents in terms of OB and Leadership theories and concepts
5. Recognize OB and Leadership related traits and perspectives
6. Communicate their analyses and decisions effectively

MIS 522 Information Systems and Security Management (2)
Overviews the fundamental principles and components of information systems. Introduces the concepts and topics of Information Technology Security and Risk Management at the organizational level. Studies incentives and the requirements for information security, the integration of security into the systems design process, and life cycle of information security management.

Upon successful completion of the course, students will be able to:

1. Identify information systems and key business strategies
2. Describe the principles of information technology security
3. Analyze data value in business context
4. Describe the components of information security management and how the elements interact
5. Evaluate different methods for access control
6. Identify appropriate strategies to assure confidentiality, integrity, and availability of information
7. Communicate their analyses and decisions effectively

MIS 621 Information Security Governance (3)
Covers the fundamentals of developing business rationales for information security (assurance) governance. Studies the development and implementation of IT strategies to integrate assurance functions to improve security, and ensure the preservation of the organization and its ability to continue to operate. Offers a comprehensive view of information security policies in business context and the psychology of implementation. Provides insight into governance, privacy, regulator mandates, business incentives, and legal issues. Prerequisites: MGMT 521, MIS 522

Upon successful completion of the course, students will be able to

1. Identify the role of an information systems security (ISS) policy framework
2. Analyze how security policies help mitigate risks and support business
3. Identify components and basic requirements for creating a security policy framework
4. Identify different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework
5. Develop ISS policies associated with the user domain, IT infrastructure, risk management and incident response teams (IRT)
6. Analyze social, legal and ethical issues represented by information technology environments

MIS 622 Technology Assessment and Security Risk Management (3)
Examines variety of quantitative models, including financial, economic and business models, to analyze real managerial problems for technology assessment and investment that affect all types of institutions. Introduces the concept of risk and risk management and discusses up-to-date methods for both qualitative and quantitative risk analysis. Focuses on training future information technology or security managers to make better risk decisions. Prerequisites: MGMT 521 and MIS 522

Upon successful completion of the course, students will be able to

1. Analyze and communicate appropriate financial, economical, and business models to assess technology investment decisions
2. Describe the fundamental concepts of Risk Management and Risk Management Life Cycle
3. Identify Risk Management Artifacts in an organizational environment
4. Conduct a Business Impact Assessment and develop a Security Risk Management plan
5. Compare the difference between qualitative and quantitative risk analysis methods and apply appropriate methods to the right situation
6. Describe the procedure for periodical security risk review
7. Evaluate and justify security technology selections and designs

Evaluate and apply common risk management frameworks

Alternative Courses

MCS 697
Alternative course for specialization or waived courses.  Industrial or Academice research directored or sponsored by industry experts and faculty.  Graduate classification or consent of instructor with approval by the academic advisor and program director.

MCS 597A (1) 597B (2) 597C (3) Topics in Cybersecurity
Advanced topics in cybersecurity. May be repeated up to six (6) units. Enrollment Restricted to students who have obtained consent of Program Director.