Learn how to secure systems and the enterprise using cryptography, authentication, and ethical hacking. You will also identify and communicate cybersecurity risks facing businesses through risk assessment reports that support management decisions.
Information security overlaps with politics. In this class, we will at times examine the tension between security and surveillance. Statements from the community of information security professionals and experts may be at odds with statements from government or law enforcement representatives. The freedom to critique a public policy, public servant, government agent, or government agency is healthy in a democracy insofar that it encourages critical thinking, which then in turn impacts public policy through citizen participation in local and national politics.
During the class, we may critically analyze things that politicians and other public servants say and do that impact information security or that illustrate class topics. I will share my own views on topics. I will do my best to make our discussions a place where we can engage bravely, empathetically and thoughtfully with potentially difficult content.
We will use Canvas and Slack for course communication.
Slack will be used for assignment help and for lighthearted banter.
Please install laptop and phone apps so that you receive notifications. Add an
account at https://infosecmanagements22.slack.com. Use your @colorado.edu email
address for instant verification.
If you need assignment help, usually you should ask on a public channel on slack.
You are required to be aware of all announcements made on Canvas. However, while Slack is an important part of class participation, you are not required to read everything that happens on slack to complete assignments.
We will use Google Cloud Platform (GCP) to run tools and virtual machines necessary to complete assignments. New accounts on GCP get a $300 credit. You should be able to complete this class without going over that cost. However, you must supply a credit card number to receive the $300 credit. Separately from this, you will also need to purchase access to lab materials via the security-assignments.com storefront. Because I am one of the owners of security-assignments.com, you can get free access to the material. See Canvas for how to do so.
You do not need to install anything on your personal computer to complete class assignments. You only require a stable internet connection. You will launch a virtual machine instance on GCP from which you can complete class assignments. You will be able to remotely connect to your instance using Chrome Remote Desktop, which works just like a browser tab.
Note: This class will require that you learn a bit of Linux and cloud computing. This class may feel like computer science at times, but it is not. While you will run programs from a command line, you will not write programs.
Readings will be assigned from various books, blog posts, and business cases, including the following:
Many of the book readings are available for free through the university library. See Canvas for links.
All assignments and projects are to be submitted on time or early, so plan accordingly. If you must miss class, please submit your assignment early. On rare occasions, an exception may be granted, allowing the student to submit the work late with a 20% penalty. Under no circumstances will anything be accepted more than a week late.
As an option, students seeking certification may replace the final exam by passing the Security+ certification or another certification approved by the instructor. You can substitute your score on the certification (plus an adjustment — 5% for the Security+) for the final. For example, if you received an 85% on the Security+ exam you would receive a 90% for your final exam score.
To receive credit for the certification, a student must show evidence of having taken the certification exam by the last day of class. If a student doesn’t show the instructor evidence of passing the certification by this date, then they will be required to take the final exam.
| Category | Weight |
|---|---|
| Labs | 30 |
| Penetration Test Project | 30 |
| Final Exam | 30 |
| Reading Quizzes | 4 |
| Security Films | 1 |
| Participation | 5 |
| Extra Credit | Value |
|---|---|
| Third security movie | Replace 1 reading quiz |
| Read a security book | Replace 1 lab |
| Grades | 100-point Scale |
|---|---|
| A | 93 |
| A- | 90 |
| B+ | 87 |
| B | 83 |
| B- | 80 |
| C+ | 77 |
| C | 73 |
| C- | 70 |
| D+ | 67 |
| D | 63 |
| D- | 60 |
| F | 59 or less |
Labs are hands-on learning activities associated with material covered in class. Labs are completed outside of class, and are typically due one week after they are introduced in class.
This is a group project. The midterm will be a vulnerability and penetration assessment report of a server. Teams of students will be given an IP address of a server to assess for security weaknesses. The final deliverable is a written report. The report will be due two weeks later.
Many assigned readings have associated quizzes. Quizzes are open book, open Internet and must be completed within 30 minutes. Quizzes are administered through Canvas.
Two films are required viewing for this course: “Zeros Days” and “Citizenfour.” To receive credit, watch each film and simply indicate that you watched the whole film and give your brief reaction to the film on a quiz posted on Canvas.
You can replace your lowest quiz score by watching a third security film from the Security Readings and Films list. Report it as for the required security films. submitting a few sentences about what you thought about it.
Similarly, you can replace your lowest lab score by reading a security book from the Security Readings and Films list. Submit your report on Canvas.
Most students will earn 80% of these points. Students who are exceptional and go above and beyond in enhancing the classroom experience may receive a higher score.
The following list is not comprehensive, but rather an example of items considered for the class participation score:
In this class, you will work in teams. As a result, consider reviewing a short report on team effectiveness and establishing a team agreement (sample agreement).
It is okay to use your laptop to take notes, but do not use it for non-class related activities. Not only does this diminish your learning experience, but it distracts those around you.
For virtual class meetings:
Both students and faculty are responsible for maintaining an appropriate learning environment in all instructional settings, whether in person, remote or online. Those who fail to adhere to such behavioral standards may be subject to discipline. Professional courtesy and sensitivity are especially important with respect to individuals and topics dealing with race, color, national origin, sex, pregnancy, age, disability, creed, religion, sexual orientation, gender identity, gender expression, veteran status, political affiliation or political philosophy. For more information, see the policies on classroom behavior and the Student Conduct & Conflict Resolution policies.
As a matter of public health and safety, all members of the CU Boulder community and all visitors to campus must follow university, department and building requirements and all public health orders in place to reduce the risk of spreading infectious disease. Students who fail to adhere to these requirements will be asked to leave class, and students who do not leave class when asked or who refuse to comply with these requirements will be referred to Student Conduct and Conflict Resolution. For more information, see the policy on classroom behavior and the Student Code of Conduct. If you require accommodation because a disability prevents you from fulfilling these safety measures, please follow the steps in the “Accommodation for Disabilities” statement on this syllabus.
CU Boulder currently requires masks in classrooms and laboratories regardless of vaccination status. This requirement is a precaution to supplement CU Boulder’s COVID-19 vaccine requirement. Exemptions include individuals who cannot medically tolerate a face covering, as well as those who are hearing-impaired or otherwise disabled or who are communicating with someone who is hearing-impaired or otherwise disabled and where the ability to see the mouth is essential to communication. If you qualify for a mask-related accommodation, please follow the steps in the “Accommodation for Disabilities” statement on this syllabus. In addition, vaccinated instructional faculty who are engaged in an indoor instructional activity and are separated by at least 6 feet from the nearest person are exempt from wearing masks if they so choose.
If you feel ill and think you might have COVID-19, if you have tested positive for COVID-19, or if you are unvaccinated or partially vaccinated and have been in close contact with someone who has COVID-19, you should stay home and follow the further guidance of the Public Health Office ([email protected]). If you are fully vaccinated and have been in close contact with someone who has COVID-19, you do not need to stay home; rather, you should self-monitor for symptoms and follow the further guidance of the Public Health Office ([email protected]).
If you qualify for accommodations because of a disability, please submit your accommodation letter from Disability Services to your faculty member in a timely manner so that your needs can be addressed. Disability Services determines accommodations based on documented disabilities in the academic environment. Information on requesting accommodations is located on the Disability Services website. Contact Disability Services at 303-492-8671 or [email protected] for further assistance. If you have a temporary medical condition, see Temporary Medical Conditions on the Disability Services website.
CU Boulder recognizes that students’ legal information doesn’t always align with how they identify. Students may update their preferred names and pronouns via the student portal; those preferred names and pronouns are listed on instructors’ class rosters. In the absence of such updates, the name that appears on the class roster is the student’s legal name.
All students enrolled in a University of Colorado Boulder course are responsible for knowing and adhering to the Honor Code academic integrity policy. Violations of the Honor Code may include, but are not limited to: plagiarism, cheating, fabrication, lying, bribery, threat, unauthorized access to academic materials, clicker fraud, submitting the same or similar work in more than one course without permission from all course instructors involved, and aiding academic dishonesty. All incidents of academic misconduct will be reported to the Honor Code ([email protected]); 303-492-5550). Students found responsible for violating the academic integrity policy will be subject to nonacademic sanctions from the Honor Code as well as academic sanctions from the faculty member. Additional information regarding the Honor Code academic integrity policy can be found on the Honor Code website.
CU Boulder is committed to fostering an inclusive and welcoming learning, working, and living environment. The university will not tolerate acts of sexual misconduct (harassment, exploitation, and assault), intimate partner violence (dating or domestic violence), stalking, or protected-class discrimination or harassment by or against members of our community. Individuals who believe they have been subject to misconduct or retaliatory actions for reporting a concern should contact the Office of Institutional Equity and Compliance (OIEC) at 303-492-2127 or email [email protected]. Information about university policies, reporting options, and the support resources can be found on the OIEC website.
Please know that faculty and graduate instructors have a responsibility to inform OIEC when they are made aware of incidents of sexual misconduct, dating and domestic violence, stalking, discrimination, harassment and/or related retaliation, to ensure that individuals impacted receive information about their rights, support resources, and reporting options. To learn more about reporting and support options for a variety of concerns, visit Don’t Ignore It.
Campus policy regarding religious observances requires that faculty make every effort to deal reasonably and fairly with all students who, because of religious obligations, have conflicts with scheduled exams, assignments or required attendance.
See the campus policy regarding religious observances for full details.