CYBR 625, Business Continuity Plan and Rec:

What to do when the poop hits the fan is the subject of Business Continuity Planning.  The difference between and event and an incident was explored and defined as were the various vulnerabilities (hearken back to CYBR 610, Risk Management Studies) that can overtake a business or enterprise.  With this in mind, students were required to develop a business continuity plan for a small veterinarian business.  Contingencies were required to be developed for various “what if” scenarios that were developed from the risk management study done for the animal hospital.  The course centered on recovery plan development, implementation and ultimately the restoration of the business.

CYBR 615, Cybersecurity Governance and Compliance:

Governance is a contemporary term that is becoming more and more prevalent.  It is not enough for corporations to be managed – the ever growing legal considerations and their ramifications and the size of corporations (some are bigger than small countries) make governance necessary.  Course discussions included the importance of compliance with laws, regulations, policies and procedures as a means of minimizing risk through mandated security and control measures.  One of these control measures is found in the audit process.

CYBR 610, Risk Management Studies:

The course required students to identify assets, including tangible (desks, computers, buildings) and nontangible (reputation, customer data, etc.), their associated vulnerabilities (physical loss, compromised data or  inaccurate data) and associated risks (theft, tampering, information disclosure) for each.  Each asset was assigned a dollar value, probability value for the vulnerability with the risk to the asset calculated.  Modes and methods for the vulnerabilities and risk avoidance were investigated.  Obtaining management by-in from less than enthusiastic management (due to costs, not convinced of risk, etc.) to implement risk management strategies (making a persuasive argument) was discussed.

CYBR 525, Ethical Hacking and Response:

Unexpectedly, this course does not teach one how to hack into information systems.  Hacking into a system requires knowledge of associated vulnerabilities, the tools to exploit these vulnerabilities and a desire to breach the system.  Instead, the course provides discussion and research on a number of vulnerabilities associated with the various information systems, including computer operating systems, software, web pages, wireless and internet.  Tools used by hackers to detect and exploit vulnerabilities are the same tools used by IT security professionals to detect and correct these vulnerabilities.

CYBR 520, Human Aspects of Cyber Security:

Human aspects of cybercrime was developed during this course.  The concepts of human frailty were discussed along with how these vulnerabilities are used against the public at whole for all forms of con jobs.  Implementation of these con jobs in cyber security is no different.  The students were required to convince a total stranger to lend them their cell phone so they could call their professor and leave a message.  Other tricks to get the public to provide personal data were also developed and discussed.  Finally, this course required the students to develop a term paper that was reviewed by other students.

CYBR 515, Security Architecture and Design:

This was an interesting course.  It caused the students to design an information technology network for a mythical company.  The network included various layers, wireless and internet systems, firewalls, and the various servers one would normally encounter.  During the course of the semester, we were required to revise the original drawing based upon what we learned regarding network security.  For instance, place a firewall for the email server.  During the course, we were required to investigate the various servers for their abilities and protections they offered.  Finally, we were required to develop a power point presentation outlining the equipment and solutions to the various security issues.

CYBR 510, Physical, Operations, and Personnel Security:

This was an introductory course on security in general.  This course had a lot of homework assignments.  Each week we were required to participate in the discussion forums, write in a journal and complete a written assignment.  The course centered on management of security professionals, primarily physical security, however, the concepts are the same for IT security.  Organizational planning, including selection of the right people, motivation of the work force and elimination of unsuitable or unfit personnel were discussed.  Training of personnel was covered.  Different security modes, proprietary and contract security, was discussed.  Development of security systems, both physical and information technology, was presented.  Finally, an introduction to crisis management was made.

CIS 608, Information Security Management:

This course involved a lot of group assignments learning the basics about the management of information security systems.  These systems include access to control systems, and network and software security.  Management interaction between different departments and levels, including implementation of risk management principals was presented, also by group assignments.  Aspects of protection mechanisms and business continuity modeling, as well as legal and ethical issues were investigated by the assignments.

CIS 607, Computer Forensics:

This was by far the most interesting of the courses that I took.  I devoured the text and worked every example problem.  I found it intriguing that data can be erased and yet it remains.  The investigative techniques and crime scene and evidence quarantining were delved into in great detail.  Some of the assignments required the completion of police reports.  The homework example problems required real investigative techniques to determine which evidence to collect and how to process it.

CIS 537, Introduction to Cyber Ethics:

This course required me to investigate the basic concepts of ethics in general, including professional codes of ethics, especially as they pertain to the management of information systems.  Some of the pitfalls of ethics were examined including compliance with laws intended to protect citizens and the need to conduct certain business transactions.  Some of these transactions may involve the risk of releasing personnel information, whereas, some may require criminal investigations.  The issue of free speech in the cyber and how it can affect a seemingly innocuous entity (worker providing selfies on Facebook and employer finding out).  Responsibilities of IT personnel with regards to uncovering unethical behavior was discussed at great length.