BAIM4250 Spring 2022


  • BAIM-4250-001
Dave Eargle (contact)
Thursdays, 2:00pm - 4:45pm
Office Hours
See canvas

Course Description

Learn how to secure systems and the enterprise using cryptography, authentication, and ethical hacking. You will also identify and communicate cybersecurity risks facing businesses through risk assessment reports that support management decisions.

Learning Outcomes

  1. Explain cybersecurity as a key enterprise risk and how it can be managed.
  2. Apply methods to identify, protect against, detect, respond to, and recover from cybersecurity threats.
  3. Use techniques of ethical hacking to perform penetration testing.
  4. Communicate risk assessment reports that support management decisions.

Content note

Information security overlaps with politics. In this class, we will at times examine the tension between security and surveillance. Statements from the community of information security professionals and experts may be at odds with statements from government or law enforcement representatives. The freedom to critique a public policy, public servant, government agent, or government agency is healthy in a democracy insofar that it encourages critical thinking, which then in turn impacts public policy through citizen participation in local and national politics.

During the class, we may critically analyze things that politicians and other public servants say and do that impact information security or that illustrate class topics. I will share my own views on topics. I will do my best to make our discussions a place where we can engage bravely, empathetically and thoughtfully with potentially difficult content.


We will use Canvas and Slack for course communication.

Slack will be used for assignment help and for lighthearted banter. Please install laptop and phone apps so that you receive notifications. Add an account at Use your email address for instant verification.

If you need assignment help, usually you should ask on a public channel on slack.

You are required to be aware of all announcements made on Canvas. However, while Slack is an important part of class participation, you are not required to read everything that happens on slack to complete assignments.

Technology Requirements

We will use Google Cloud Platform (GCP) to run tools and virtual machines necessary to complete assignments. New accounts on GCP get a $300 credit. You should be able to complete this class without going over that cost. However, you must supply a credit card number to receive the $300 credit. Separately from this, you will also need access to google cloud lab materials hosted on Because I am one of the owners of, you can get free access to the material. See Canvas for how to do so.

You do not need to install anything on your personal computer to complete class assignments. You only require a stable internet connection. You will launch a virtual machine instance on GCP from which you can complete class assignments. You will be able to remotely connect to your instance using Chrome Remote Desktop, which works just like a browser tab.

Note: This class will require that you learn a bit of Linux and cloud computing. This class may feel like computer science at times, but it is not. While you will run programs from a command line, you will not write programs.

Required Readings

Readings will be assigned from various books, blog posts, and business cases, including the following:

  • Required: “Security Engineering 2e/3e” by Ross Anderson (2e available online for free here)
  • Required: “Data Breach at Equifax” Srinivasan et al Harvard Business Case (See Canvas for a link) ($4.25)
  • Optional: “Secrets & Lies: Digital Security in a Networked World” by Bruce Schneier (available digitally through the university library)

Many of the book readings are available for free through the university library. See Canvas for links.

Late Work

All assignments and projects are to be submitted on time or early, so plan accordingly. If you must miss class, please submit your assignment early. On rare occasions, an exception may be granted, allowing the student to submit the work late with a 20% penalty. Under no circumstances will anything be accepted more than a week late.

Certification Option

As an option, students seeking certification may replace the final exam by passing the Security+ certification or another certification approved by the instructor. You can substitute your score on the certification (plus an adjustment — 5% for the Security+) for the final. For example, if you received an 85% on the Security+ exam you would receive a 90% for your final exam score.

To receive credit for the certification, a student must show evidence of having taken the certification exam by the last day of class. If a student doesn’t show the instructor evidence of passing the certification by this date, then they will be required to take the final exam.

Point Distribution

Category Weight
Labs 30
Penetration Test Project 30
Final Exam 30
Reading Quizzes 4
Security Films 1
Participation 5
Extra Credit Value
Third security movie Replace 1 reading quiz
Read a security book Replace 1 lab

Grading Scale

Grades 100-point Scale
A 93
A- 90
B+ 87
B 83
B- 80
C+ 77
C 73
C- 70
D+ 67
D 63
D- 60
F 59 or less



Labs are hands-on learning activities associated with material covered in class. Labs are completed outside of class, and are typically due one week after they are introduced in class.

Go to the Labs

Penetration test project

This is a group project. The midterm will be a vulnerability and penetration assessment report of a server. Teams of students will be given an IP address of a server to assess for security weaknesses. The final deliverable is a written report. The report will be due two weeks later.

Readings Quizzes

Many assigned readings have associated quizzes. Quizzes are open book, open Internet and must be completed within 30 minutes. Quizzes are administered through Canvas.

Security Films

Two films are required viewing for this course: “Zeros Days” and “Citizenfour.” To receive credit, watch each film and simply indicate that you watched the whole film and give your brief reaction to the film on a quiz posted on Canvas.

Extra Credit

You can replace your lowest quiz score by watching a third security film from the Security Readings and Films list. Report it as for the required security films. submitting a few sentences about what you thought about it.

Similarly, you can replace your lowest lab score by reading a security book from the Security Readings and Films list. Submit your report on Canvas.

Classroom Policies

Participation Policy

Most students will earn 80% of these points. Students who are exceptional and go above and beyond in enhancing the classroom experience may receive a higher score.

The following list is not comprehensive, but rather an example of items considered for the class participation score:

  • Constructive participation on the class slack workspace.
  • Completing the final course evaluation
  • Taking in-class activities seriously
  • Treating others with respect
  • Showing courtesy for presenters (guest speakers, instructor, students)
  • Participating in class discussions
  • Arriving on time and not leaving early
  • Not using technology inappropriately (i.e., not distracting yourself or others)
  • Self-reports and justification about degree of helping others.


In this class, you will work in teams. As a result, consider reviewing a short report on team effectiveness and establishing a team agreement (sample agreement).

Classroom Procedures

It is okay to use your laptop to take notes, but do not use it for non-class related activities. Not only does this diminish your learning experience, but it distracts those around you.

For virtual class meetings:

  • Cameras enabled. I need the human connection!
  • Mics muted by default.
  • Preferably you’re not in bed.
  • Wear clothes that would be appropriate to wear on campus.

University Policies

Classroom Behavior

Both students and faculty are responsible for maintaining an appropriate learning environment in all instructional settings, whether in person, remote or online. Those who fail to adhere to such behavioral standards may be subject to discipline. Professional courtesy and sensitivity are especially important with respect to individuals and topics dealing with race, color, national origin, sex, pregnancy, age, disability, creed, religion, sexual orientation, gender identity, gender expression, veteran status, political affiliation or political philosophy. For more information, see the policies on classroom behavior and the Student Conduct & Conflict Resolution policies.

Requirements for COVID-19

As a matter of public health and safety, all members of the CU Boulder community and all visitors to campus must follow university, department and building requirements and all public health orders in place to reduce the risk of spreading infectious disease. Students who fail to adhere to these requirements will be asked to leave class, and students who do not leave class when asked or who refuse to comply with these requirements will be referred to Student Conduct and Conflict Resolution. For more information, see the policy on classroom behavior and the Student Code of Conduct. If you require accommodation because a disability prevents you from fulfilling these safety measures, please follow the steps in the “Accommodation for Disabilities” statement on this syllabus.

CU Boulder currently requires masks in classrooms and laboratories regardless of vaccination status. This requirement is a precaution to supplement CU Boulder’s COVID-19 vaccine requirement. Exemptions include individuals who cannot medically tolerate a face covering, as well as those who are hearing-impaired or otherwise disabled or who are communicating with someone who is hearing-impaired or otherwise disabled and where the ability to see the mouth is essential to communication. If you qualify for a mask-related accommodation, please follow the steps in the “Accommodation for Disabilities” statement on this syllabus. In addition, vaccinated instructional faculty who are engaged in an indoor instructional activity and are separated by at least 6 feet from the nearest person are exempt from wearing masks if they so choose.

If you feel ill and think you might have COVID-19, if you have tested positive for COVID-19, or if you are unvaccinated or partially vaccinated and have been in close contact with someone who has COVID-19, you should stay home and follow the further guidance of the Public Health Office ([email protected]). If you are fully vaccinated and have been in close contact with someone who has COVID-19, you do not need to stay home; rather, you should self-monitor for symptoms and follow the further guidance of the Public Health Office ([email protected]).

Accommodation for Disabilities

If you qualify for accommodations because of a disability, please submit your accommodation letter from Disability Services to your faculty member in a timely manner so that your needs can be addressed. Disability Services determines accommodations based on documented disabilities in the academic environment. Information on requesting accommodations is located on the Disability Services website. Contact Disability Services at 303-492-8671 or [email protected] for further assistance. If you have a temporary medical condition, see Temporary Medical Conditions on the Disability Services website.

Preferred Student Names and Pronouns

CU Boulder recognizes that students’ legal information doesn’t always align with how they identify. Students may update their preferred names and pronouns via the student portal; those preferred names and pronouns are listed on instructors’ class rosters. In the absence of such updates, the name that appears on the class roster is the student’s legal name.

Honor Code

All students enrolled in a University of Colorado Boulder course are responsible for knowing and adhering to the Honor Code academic integrity policy. Violations of the Honor Code may include, but are not limited to: plagiarism, cheating, fabrication, lying, bribery, threat, unauthorized access to academic materials, clicker fraud, submitting the same or similar work in more than one course without permission from all course instructors involved, and aiding academic dishonesty. All incidents of academic misconduct will be reported to the Honor Code ([email protected]); 303-492-5550). Students found responsible for violating the academic integrity policy will be subject to nonacademic sanctions from the Honor Code as well as academic sanctions from the faculty member. Additional information regarding the Honor Code academic integrity policy can be found on the Honor Code website.

CU Boulder is committed to fostering an inclusive and welcoming learning, working, and living environment. The university will not tolerate acts of sexual misconduct (harassment, exploitation, and assault), intimate partner violence (dating or domestic violence), stalking, or protected-class discrimination or harassment by or against members of our community. Individuals who believe they have been subject to misconduct or retaliatory actions for reporting a concern should contact the Office of Institutional Equity and Compliance (OIEC) at 303-492-2127 or email [email protected]. Information about university policies, reporting options, and the support resources can be found on the OIEC website.

Please know that faculty and graduate instructors have a responsibility to inform OIEC when they are made aware of incidents of sexual misconduct, dating and domestic violence, stalking, discrimination, harassment and/or related retaliation, to ensure that individuals impacted receive information about their rights, support resources, and reporting options. To learn more about reporting and support options for a variety of concerns, visit Don’t Ignore It.

Religious Holidays

Campus policy regarding religious observances requires that faculty make every effort to deal reasonably and fairly with all students who, because of religious obligations, have conflicts with scheduled exams, assignments or required attendance.

See the campus policy regarding religious observances for full details.