Program Details

Technical - 3 Credits - Elective

Description: This course provides an introduction to technical aspects of cyber security. It describes threats and types of attacks against computers and networks to enable students to understand and analyze security requirements and define security policies. Security mechanisms and enforcement issues will be introduced. Students will be immersed in the cyber-security discipline through a combination of intense coursework, open-ended and real-world problems, and hands on experiments.

Technical - 3 Credits - Elective

Description: Machine learning deals with the automated classification, identification, and/or characterizations of an unknown system and its parameters. There are an overwhelming number of application driven fields that can benefit from machine learning techniques. This course will introduce you to machine learning and develop core principles that allow you to determine which algorithm to use, or design a novel approach to solving to engineering task at hand. This course will also use software technology to supplement the theory learned in the class with applications using real-world data.

Prerequisite knowledge: Probability/statistics

Technical - 3 Credits - Elective

Description: Cloud computing is the model for ubiquitous, convenient, on-demand access to a shared pool of configurable computing resources. With the interest in cloud computing, the security challenges are raising concerns. This class discusses the cloud computing architecture and components along with the threat modelling and discusses physical, database, network, virtualization, services, and users level security concerns and their solutions.

Prerequisite knowledge: Prior computer programming experience in language C or Java.

Technical - 3 Credits - Elective

Description: The purpose of the course is to give students a comprehensive introduction to digital communication principles. The major part of the course is devoted to studying how to translate information into a digital signal to be transmitted, and how to retrieve the information back from the received signal in the presence of noise and intersymbol interference (ISI). Various digital modulation schemes are discussed through the concept of signal space. Analytical and simulation models for digital modulation systems are designed and implemented in the presence of noise and ISI. Optimal receiver models for digital base-band and band-pass modulation schemes are covered in detail.

Technical - 3 Credits - Elective

Description: Shannon's approach to cryptography. Symmetric key cryptography, cryptographic hash functions, and public key cryptosystems. Authentication, key management and key distribution. Wireless and network security.

Prerequisite knowledge: Probability/statistics

Theory/Practical - 3 Credits - Elective

Description: Broad survey of the individual, organizational, cultural, social and ethical issues provoked by current and projected uses of networked computers on the Internet.

Theory/Practical - 3 Credits - Elective

Description: This course covers using controls to protect information assets. Topics include internal and external IT auditing, the role of auditing role in information security, the IT audit process, system independent IT audit processes, system dependent IT audit processes, auditing outsourced IT systems and resources. Controls covered will include desktop computer controls, systems development controls, computer center operation controls, assurance of information related to on-line, client-server, web-based, internet, cloud computing, virtualization and other advanced computer topics. Students will learn approaches to evaluating and addressing technology risk throughout the organization from the perspective of internal and external audit in addition to the view of end users. Topics included in the class will include coverage of all areas to prepare students to take the Certified Information Systems Auditor (CISA) exam.

Theory/Practical - 3 Credits – Common Core Course

Description: This course exposes the student to a broad range of computer systems and information security topics. It is designed to provide a general knowledge of measures to insure confidentiality, availability, and integrity of information systems. Topics range from hardware, software and network security to INFOSEC, OPSEC and NSTISS overviews. Components include national policy, threats, countermeasures, and risk management among others

Theory/Practical - 3 Credits - Core (for Information Systems Track)/Elective (for Cyber Physical Systems Track)

Description: The objective of our MIS 516 course is to provide students a thorough and operational knowledge of information security so that this critical area is recognized as a management issue and not an IT issue.

Technical - 3 Credits - Core (for Information Systems Track)/Elective (for Cyber Physical Systems Track)

Description: The information security arena contains a broad array of multi-level models for assessing, planning, implementing and monitoring the mitigation of security risks. At the very core of this information security spectrum are the actual system and network devices which store, manage, transmit and secure information. This course is designed to provide a working knowledge of issues and techniques surrounding the proper safeguarding of operating systems and related components. Filled with Information Assurance topics, this course offers a solid base for system administrators and technical managers.

Technical - 3 Credits - Common Core

Description: This course provides an in-depth knowledge of data communications and networking requirements, including networking technologies, hardware and software. This course has two objectives. First, it focuses on basic networking standards and protocols. Second, students will learn to evaluate, select and implement different data network options and prepare a cost-benefit analysis for a proposed solution.

Prerequisite knowledge: Python

Textbook for MIS 543:

James F. Kurose and Keith W. Ross, “Computer networking: a top-down approach”

Technical - 3 Credits – Core (for Information Systems Track)/Elective (for Physical Systems Track)

Description: Corporations today are said to be data rich but information poor. For example, retailers can easily process and capture millions of transactions every day. In addition, the widespread proliferation of economic activity on the Internet leaves behind a rich trail of micro-level data on consumers, their purchases, retailers and their offerings, auction bidding, music sharing, so on and so forth. Data mining techniques can help companies discover knowledge and acquire business intelligence from these massive datasets. This course will cover data mining for business intelligence. Data mining refers to extracting or “mining” knowledge from large amounts of data. It consists of several techniques that aim at discovering rich and interesting patterns that can bring value or “business intelligence” to organizations. Examples of such patterns include fraud detection, consumer behavior, and credit approval. The course will cover the most important data mining techniques -- classification, clustering, association rule mining, visualization, prediction.

Technical - 3 Credits - Core (for Information Systems Track)/Elective (for Cyber Physical Systems Track)

Description: This course is designed to provide students with a hands-on introduction to the fundamental concepts and tools of modern cyber threat intelligence. Students will become familiar with the cyber threat intelligence lifecycle, identifying, collecting, and integrating intelligence feeds, common intelligence formats, and standard cyber threat intelligence technologies (e.g., CIF servers, TAXII servers, SIEM's etc.).

Prerequisite: MIS 545: Data Mining for Business Intelligence and Python

Technical - 3 Credits - Core (for Information Systems Track)/Elective (for Cyber Physical Systems Track)

Description: This course introduces students to the principles and techniques of the cybersecurity practice known as penetration testing (pen testing), or ethical hacking, and covers the full pen test life cycle. Students discover how system vulnerabilities can be exploited and learn how to avoid such problems. Students will review various tools and methods commonly used to compromise information and control systems. Ethical hacking, also known as penetration testing, is the act of breaking into a system with the permission and legal consent of the organization or individual who owns and operates the system, with the purpose of identifying vulnerabilities to strengthening the organization's security. Students will conduct hands-on penetration tests in a lab environment to practice the concepts presented and tools reviewed in the course. This course is an ethical hacking course and students will learn hacking techniques within a controlled environment for the goal of better securing the IT resources of their rightful owners.

Prerequisite knowledge: Python

Theory/Practical - 3 Credits - Elective

Description: Project Management is the application of knowledge, analytical skills, software tools and techniques related to various project activities in order to meet project requirements. It is increasingly recognized as an essential business skill. With a variety of exercises, demos, simulations and lectures, this course will present to you a systematic approach to project management that complements common sense with discipline.

Textbooks for MIS 578 are:

• Contemporary Project Management, 4th Edition
• Microsoft Project 2019, Step by Step 

Technical - 3 Credits - Core (for Information Systems Track)

Description: The focus of this course is the usage of common tools used during penetration assessments and hardening system defenses. Students will draw from previous classes to combine skills in online defense and penetration exercises of systems in a virtual environment. Along with course labs, this course will apply theory and techniques to provide the following learning base - knowledge, comprehension, and application.

Prerequisite: MIS 545, MIS 515, MIS 543 or ECE 578, SIE 571, MIS 562, MIS 566, MIS 516, MIS 517 and Python

Textbook for MIS 689:

• Hacker Techniques, Tools, and Incident Handling, 3rd Edition

Technical - 3 Credits - Elective

Description: Statistical methodology of estimation, testing hypotheses, goodness-of-fit, nonparametric methods and decision theory as it relates to engineering practice. Significant emphasis on the underlying statistical modeling and assumptions.

Prerequisite knowledge: Statistics

Technical - 3 Credits - Elective

Description: Process and tools for systems engineering of large-scale, complex systems: requirements, performance measures, concept exploration, multi-criteria tradeoff studies, life cycle models, system modeling, etc.

Technical - 3 Credits – Common Core Course

Description: The purpose of this course is to introduce selected topics, issues, problems, and techniques in the area of System Cyber Security Engineering (SCSE), early in the development of a large system. Students will explore various techniques for eliminating security vulnerabilities, defining security specifications / plans, and incorporating countermeasures in order to achieve overall system assurance. SCSE is an element of system engineering that applies scientific and engineering principles to identify, evaluate, and contain or eliminate system vulnerabilities to known or postulated security threats in the operational environment. SCSE manages and balances system security risk across all protection domains spanning the entire system engineering life-cycle. The fundamental elements of cyber security will be explored including: human cyber engineering techniques, penetration testing, mobile and wireless vulnerabilities, network mapping and security tools, embedded system security, reverse engineering, software assurance and secure coding, cryptography, vulnerability analysis, and cyber forensics. After a fundamental understanding of the various cyber threats and technologies are understood, the course will expand upon the basic principles, and demonstrate how to develop a threat / vulnerability assessment on a representative system using threat modeling techniques (i.e. modeling threats for a financial banking system, autonomous automobile, or a power distribution system). With a cyber-resilience focus, students will learn how to identify critical use cases or critical mission threads for the system under investigation, and how to decompose and map those elements to various architectural elements of the system for further analysis. Supply chain risk management (SCRM) will be employed to enumerate potential cyber threats that could be introduced to the system either unintentionally or maliciously throughout the supply chain. The course culminates with the conduct of a realistic Red Team / Blue Team simulation to demonstrate and explore both the attack and defend perspectives of a cyber-threat. The Red Team will perform a vulnerability assessment of the prospective system, with the intention of attacking its vulnerabilities. The Blue Team will perform a vulnerability of the same system with the intention of defending it against cyber threats. A comparison will be made between the outcomes of both teams in order to better understand the overarching solutions to addressing the threats identified.

Upon completion of the course, students will be proficient with various elements of cyber security and how to identify system vulnerabilities early on in the system engineering lifecycle. They will be exposed to various tools and processes to identify and protect a system against those vulnerabilities, and how to develop program protection plans to defend against and prevent malicious attacks on large complex systems.

Graduate students will be given an additional assignment to write a draft Program Protection Plan (PPP) for the system that the class performed the threat analysis for. Program protection planning employs a step-by-step analytical process to identify the critical technologies to be protected; analyze the threats; determine program vulnerabilities; assess the risks; and apply countermeasures. A PPP describes the analysis, decisions and plan to mitigate risks to any advanced technology and mission-critical system functionality.

Prerequisite knowledge: Python

Technical - 3 Credits – Physical Systems Track

Description: This course engages students in diverse and varied national cybersecurity/information systems security problems, under an existing and very successful umbrella program called “INSuRE”, that enables a collaboration across several universities, Cyber professionals and cross-disciplined Cyber related technologies. Led by Stevens Institute of Technology, and made possible by a grant from the NSA and NSF, INSuRE has fielded a multi-institutional cybersecurity research course in which small groups of undergraduate and graduate students work to solve unclassified problems proposed by NSA, other US government agencies, and/or private organizations and laboratories. Students will learn how to apply research techniques, think clearly about these issues, formulate and analyze potential solutions, and communicate their results with sponsors and other participating universities.

Working in small groups under the mentorship of technical experts from government and industry, each student will formulate, carry out, and present original research on current cybersecurity / information assurance problems of interest to the nation. This course will be run in a synchronized distance fashion, coordinating activities with other INSuRE technical clients and sponsors, along with partnering universities which are all National Centers of Academic Excellence in Cyber Defense Research (CAE-R).

Examples of past research projects are noted below. These are representative of the types of projects that the various organizations have sponsored over prior semesters of the INSuRE program. The exact projects for any given semester are not provided until the start of the semester, and therefore the following list should be used as reference only.

• NSA: The Impact of Known Vulnerabilities on Layered Cyber Defensive Solutions
• NSA: Cryptographic Protocol Analysis and Verification
• NSA: Cloud Forensics
• NSA: Internet of Things (IoT) Forensics
• Argonne National Labs: Using Blockchain as a Device Authentication Framework for IoT
• Argonne National Labs: A Risk Based Approach Towards Vehicle Security Networks
• John Hopkins Applied Physics Lab: Software Assurance: Defect Localization
• Oak Ridge National Labs: Leverage User Interactions to Detect Malicious Behavior

Prerequisite knowledge: Students may come from computer science, computer engineering, information technology, or any related technical field (e.g., electrical engineering, information systems, math). Each student is expected to bring expertise, interest, and experience in at least one relevant Cyber related technical area. (If you are uncertain whether you have the necessary technical background to participate in this course, coordinate with the instructor prior to enrolling.) One of the following courses is required to insure an appropriate background in Cyber related technical areas: SIE 471 / 571, ECE 478/578, ECE 509, or MIS 416/516. (Other relevant coursework or professional work experience can also be used to fill the prerequisite requirements with the approval of the instructor.)

Technical - 3 Credits – Common Core Course

Description: The purpose of this course is to explore widely accepted security frameworks, industry standards, and techniques employed in engineering trustworthy secure and resilient systems. We will study and explore several National Institute of Standard and Technology (NIST) frameworks such as the Cyber Security Framework (CSF), the Risk Management Framework (RMF), and other standards. These widely adopted standards have been have been developed to ensure that the appropriate security principles, concepts, methods, and practices are applied during the system development life cycle (SDLC) to achieve stakeholder objectives for the protection of assets across all forms of adversity characterized as disruptions, hazards, and threats. We will also explore case studies within the Department of Homeland Security's (DHS) 16 Critical Infrastructure elements, to understand how government and private sector participants within the critical infrastructure community work together to manage risks and achieve security and resilient outcomes. Cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources regardless of the source.

Upon completion of the course, students will gain experience in understanding, assessing and complying with the various NIST and DHS frameworks and standards in order to proactively design security features into systems/products to prevent or minimize asset loss or compromise, and reduce system defects that can lead to security vulnerabilities that could render a system susceptible to exploitation. They will also learn how to develop systems that are more cyber resilient.

Prerequisite knowledge: A basic course in computing or computer applications (ECE 175, CSC127A, or equivalent) or consent of the instructor. Learners (including pre-med students and undergraduate biomedical, computer, electrical, systems engineering, and computer science students), trainees, fellows (including clinicians), graduate students, and scientists from all fields with interest in either biomedical and healthcare applications or computing are welcome.

NOTE: SIE 471 / 571 is recommended, but not a firm pre-requisite for enrollment in this course.