This syllabus is subject to change with notice. For the most recent updates see

https://purdue.brightspace.com

Catalog Description

This course will investigate the foundational ideas in the realm of cybersecurity.  We do so in order to become effective cybersecurity practitioners or simply informed cyberspace citizens.  This course will investigate the foundational ideas in the realm of cybersecurity. Security models that provide a basis for overarching security solutions are introduced to provide a foundation for future discussion. Risks and vulnerabilities are examined along with technical controls that can be used to mitigate them. The role of security policy and the incident management framework are examined.

Emphasis is placed on building a strong foundation for further study in the field.

Requisites

Prerequisites: C- or Better in CNIT 17600

Concurrent Prerequisites: None

Restrictions: None

Course Description and/or Theme

In this course students develop preliminary skills using the Linux command line to carry out security functions, such as system access control. They investigate

encryption tools, such as OpenSSL for hashing, symmetric key, and asymmetric key

cryptography. They use tools such as Wireshark to investigate network traffic and to carry out attacks against network protocols. They conduct risk analyses based on

current events in the real world and make policy recommendations based on their analyses.

This course is offered in a hybrid format with lectures being offered synchronously remotely through MS Teams (with option to access the content asynchronously later

through MS Teams, MS Stream, or on Brightspace). The labs are available via optional in person access to the labs.  The lab environment utilizes the virtual cluster and  can be accessed from anywhere through the use of the CIT VPN.  Students are

provisioned a pair of VMs to admin, either as individuals or with a partner. Using this virtual environment, students apply the concepts described above.

Course Audience

This is a required course for all CIT students. Due to the limited laboratory resources available, non-credit audits of this course are not allowed.

Course Manager/Professor

Name Office Phone Email Address Office Hours

Nicole Hands   MS Teams/Discord

Knoy 217 nhands@purdue.edu by appointment

Schedule appt using link: https://calendly.com/nhands_purdue

Course Instructors/Teaching Assistants

Name Lab Time Email Address Office Hours

TBD

Required Textbooks, Lab Manuals, and Supplies

Optional Textbook: Pfleeger & Pfleeger, 2015, Security in Computing 5th  Edition ISBN: 978-0134085043

The E-book is available for free from Purdue Libraries (Purdue career

account login required)

https://learning.oreilly.com/library/view/security-in- computing/9780134085074/

Supplemental Readings, as needed, will be supplied

Course Learning Outcomes

1. Generate contextualized security policy and governance decisions.

2. Implement technical controls (access management, cryptography, firewalls, etc.) to mitigate threats and vulnerabilities.

3. Analyze factors driving the need for cybersecurity and their associated risk.

Instructor Objectives

1. Design opportunities for students to grow and learn as Information Technology

professionals with special emphasis on helping students develop knowledge, skills, and abilities in security related competency areas.

Competencies for Cybersecurity Professionals:

As students in cybersecurity progress through their scholarly and professional experiences, they build a body of knowledge and skills that are represented by the following set of competencies.  Acquisition of this set of competencies is seen as the long-term goal for what a professional in the realm of cybersecurity should know and be able to do.

SECURELY PROVISION Specialty areas responsible for conceptualizing, designing, and building secure IT systems (i.e., responsible for some

aspect of systems development).

OPERATE AND MAINTAIN Specialty areas responsible for providing

support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.

PROTECT AND DEFEND Specialty areas responsible for identification,  analysis, and mitigation of threats internal to IT systems or networks.

INVESTIGATE Specialty areas responsible for investigation of cyber events and/or crimes of IT systems, networks, and digital evidence.

COLLECT AND OPERATE Specialty areas responsible for specialized denial and deception operations and collection of cybersecurity

information that may be used to develop intelligence.

ANALYZE Specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

虽 OVERSIGHT AND DEVELOPMENT Specialty areas providing leadership, management, direction, and/ or development and advocacy so that

individuals and organizations may effectively conduct cybersecurity work.

2. Provide reasonable feedback for students to increase student opportunities for learning

Course Requirements and Learning Assessment

Knowledge Theoretical and conceptual knowledge will be taught through a

combination of readings and lecture. This knowledge will be assessed through in-class activities, homework, and examinations.

Techniques Techniques and skills will be presented through the laboratory

section of the course. Skills will be assessed through hands-on- exercises and laboratory project reports.

Application The course will focus on the application of security related

technologies to a given business situation. Each laboratory report will include the application of security techniques and tools to

these situations and should detail the solutions’ ability to meet the needs of the scenario.

How Final Grades will be Determined (subject to change with notice)

Lecture/Examinations

Assessment Mechanism Weighting

Active Learning Activities  30%

Midterm Exam                       10%

Final Exam 10%

50%

Laboratory

Assessment Mechanism Weighting

Lab Check Off (Objective)   10%

Lab Peer Eval                 5%

Lab Reports (Written)       35%

Authentication/Setup Lab

Access Control Lab

Cryptography Lab

Phishing Lab

Networking Lab

SQL Injection Lab

Current Events Case Study

50%

Extra Credit Weighting

Max of 2% added to course

Total possible 102%

Grading Scale

Grade Scale

A      90%

B      80 %

C      70 %

D      60 %

F      < 60 %

I, W/WF

Plus/minus grades may be given within these ranges, but cutoffs for these are at the discretion of the instructor. They will be consistently applied once determined.

The base letter grade is a representation of your achievement in the course. A “plus” or a “minus” rewards effort. This is reflected by the completion of all assignments, consistent attendance in class, taking advantage of all extra credit, and other metrics of effort as appropriate.

Grading Notes and Comments

1. Note that it is possible to earn a passing score with a number of missing assignments.  Assessment is frequent in this course, and this allows for careful measurement of learning objectives. Among the benefits of frequent assessment is that a poor grade on any one assignment will not have a catastrophic effect on the overall semester grade. That being said, you must pass both the lecture and the lab section (I.e. greater than 60% of the available points in both halves of the course.

2. The Access Control Lab and the Cryptolab have particularly important and challenging  content  and  mastery  is  especially  important  with  these fundamental security topics. Therefore, during the Fall and Spring Semesters, the lab reports for these two labs can be resubmitted for regrading – assuming they met quality expectations on the first submission. Resubmissions must be made one (1) week from the date the previous submission’s grade is released

to the student. Due to the rapid pacing in the summer, there is no room for resubmissions. Therefore, attendance at office hours while working through these lab reports is highly recommended.

3. Minimum quality expectations are applied to determine if a resubmit is allowed for each task within the Access Control and Cryptography Labs. An attempt that enables the resubmission must either meet minimum quality expectations as defined in the net lab manual or must include documented extra effort on the student’s part to obtain assistance on a particular task. This assistance should come from the Laboratory TAs (any of the TA’s may play this role, not just the one whose lab section a student is enrolled in).

4. This assistance will either come from an office hour visit or from an email request for specific assistance. “I need help on the lab,” is not specific and will cause a delay in obtaining the necessary help. A more appropriate request would take a form similar to: “I am confused by what is meant by x in the lab manual on page 7. I could use help determining how to accomplish it. I have tried y and z (see screenshots) and they don’t seem to have worked (see error messages). Can you help me determine what I’m doing incorrectly?”

5. Make-up exams will only be offered to those students with a letter from the Office of the Dean of Students or under other documented extenuating circumstances.

6. In class/active learning assignments will be offered either as being done during class only, or as homework typically due the same day. Outside this window (which will be defined in Brightspace), there are no makeups for in class/active learning assignments. In the event that an in-class assignment is missed for an excused reason (serious illness, etc.), the assignment will be exempted from consideration in the final score for the semester.

7. Late work (labs and homework) will be accepted with a 30% penalty but must be submitted before the assignment has been scored. After the assignment

grades have been released, no late submissions are accepted.

8. There are no make-ups for checkoffs. If you have a documented need to miss a checkoff, an alternative assignment will be made available at the end of the semester which may be submitted for each excused missed checkoff (i.e.,

absence accompanied by a letter from the ODoS (Office of the Dean of Students) or Covid Quarantine verifying the need for absence).

9. Each student will have the option to replace their lowest checkoff grade

with the alternative assignment at the end of the semester. If a student

misses a checkoff for an unexcused reason, or just wishes to do better on a checkoff, this is the means by which that grade can be rectified. Only one  checkoff grade may be replaced in this way. (Note, this is in addition to

replacing missed checkoffs that are excused).

10. Students are given the opportunity to select whether to work on labs individually or in partners. The following lab policies apply to this choice:

a. Students who select to work alone may not later join another student to work with a partner

b. Students who select to work with a partner may later select to break up their group and work alone. This must be done at the transition

point between lab assignments and must be communicated to the other partner.

c. If either partner has contributed to the completion of the

assignment, then equal credit will be given to both partners.

d. Partners who worked together on a lab with a resubmission but who

have separated before making the resubmission may choose to submit

the resubmission individually or together. However, if both partners contributed to the modifications made to the original submission,

both partners will receive equal credit for the resubmission.

e. Students may select partners who are enrolled in a different lab

section. This will necessitate that students will ensure they have

time to work together on the lab outside of lab time or that one or the other partner is able to attend the other assigned lab section  (see attendance policy below for caveats about attending alternate  lab sections).

f. One laboratory or project report will be required per group. g. Only one member of the group should submit the lab project.

Laboratory projects should be submitted for plagiarism testing to

Brightspace and then for grading via Gradescope. All materials must be submitted by 11:59 PM of the due date to be considered “on time.”

11.Students who have previously enrolled in the course and have made lab

submissions are expected to work on labs individually due to cross

contamination issues resulting in prior semester student work potentially affecting the learning experiences of students who have not had prior

experience with the content. If there are questions about the rationale of this policy, direct questions to the course coordinator, Prof Hands.

12.Individuals who are retaking the course will not be permitted to turn in

work completed in a prior semester. First, assignments do change in subtle ways, and if you are taking the class again, you should take advantage of  the extra opportunities to increase achievement levels in mastery of the

course content.

13.Students who use work completed in prior semesters, whether their own or belonging to someone else, will receive a zero on the assignment and will be referred to the Dean of Students under the academic  dishonesty policies of the university.

14. ChatGPT and similar large language learning models (i.e. AI

models) are recognized as tools that can be used, like all tools,  for good or for ill. Where possible, the course will authorize the use of ChatGPT et.al to enhance student learning opportunities.

Using ChatGPT to do your work for you, however, is

counterproductive to the reason you are here at Purdue University - to learn.

15.     This technology has the potential to replace your roles in

future jobs unless you are able to differentiate your capabilities from those of ChatGPT. Use the opportunities to use this tool to

begin to articulate your value. What do you offer that ChatGPT

cannot? If you use the tool to do your work for you, then there is no value add.

16.     Students who utilize a tool such as ChatGPT to generate

assignment submissions will be considered to be engaging in

academic dishonesty and will be subjected to the university’s

policies for academic dishonesty. Assignment submissions will be measured against tools determining the use of such technology.

This is in addition to the standard plagiarism checkers that are used to ensure academic honesty as well. Because these tools are not perfect at detecting the use of these tools, multiple

detection tools will potentially be used. Students may appeal the judgement that they misused the tool.

17.     Incompletes will only be given under extenuating

circumstances.

18.In the event of a major campus emergency, course requirements, deadlines and grading percentages are subject to changes that may be necessitated by a revised semester calendar or other circumstances beyond the instructor’s control.

Course Policies

Be assured, if something is my fault, I will make it right. This applies to situations such as administrative technical problems (assignment submission was not visible,

deadline said am instead of pm, etc.). Mistakes happen, I try to own them and fix them. I try to be fair in all things and so if you find some situation distressing, take

preemptive comfort in knowing it will be addressed in a fair and consistent manner in

line with the course policies outlined here in the syllabus and with university policies defined by admin.

Attendance Policies

University Regulation - Students are expected to be present for every meeting of the classes in which they are enrolled.

Class attendance is essential to success in this course. “Attendance” can be defined as engagement synchronously or within the appropriate time window of

asynchronous access. Therefore, you are expected to be in attendance for all class meetings. In a synchronous class, it is reasonable for a student to expect some

assignments will only be allowed to be completed and submitted during regular

class meeting times. Attendance in synchronous labs is also required and some

laboratory scores are associated with being present in lab and can only be earned if present. Attendance in asynchronous course iterations is defined as completion

of learning activities and objectives by the due/date and time, and thus attendance in that respect is still required.

Synchronous lab attendance, however, is fluid in that any student may attend any

laboratory section and the TA will note their presence in lab during that time for any scored task during lab. This is true as long as there is a seat available for  every officially enrolled student in that section at the time of attendance. A

student may (and should) complete a weekly checkoff in an alternate lab section if they are aware ahead of time of the need to miss lab.

Please do not email the instructors stating that you will miss class for unexcused reasons. See the specific odos policy on the next page.

You may email the instructor if you need to miss class for reasons such as job

interviews, cyber competitions, athletic competitions, conference attendance, etc. These are considered appropriate reasons to miss class by class policy and are not handled by OdoS.

There are several, non-grade related consequences to failure to attend class:

1) I will not write you a recommendation letter for a job or grad school. How could I do that if I have never seen you?

2) Your learning opportunities will be greatly diminished.

3) Students who do not attend class consistently have earned one to two letter grades below their peers who do attend class consistently.

3) Your opportunities to build social connections with others in the major will be greatly diminished.

4) **I will not answer emails with questions that I explicitly answered in

lecture. Announcements of things such as due dates, changes to schedule, etc. are made in lecture. Details about exams, their format, content, expectations are described in lecture. If you choose not to attend, then you choose to not be informed about such things. You also choose the grade consequences associated with not being informed about such things. **

For any in person class component, students should stay home and contact the Protect Purdue Health Center (496-INFO) if they feel ill, have any symptoms  associated with COVID-19, or suspect they have been exposed to the virus.

ODOS (Office of the Dean of Students) Policy Statement re Attendance:

Only the instructor can excuse a student from a course requirement or responsibility. When conflicts can be anticipated, such as for many University-sponsored activities and religious observations, the student should inform the instructor of the situation as far in advance as possible. For unanticipated or emergency conflict, when advance notification to an instructor is not possible, the student should contact the instructor as soon as possible by email, through Brightspace or Teams, or by phone. When the student is unable to make direct contact with the instructor and is unable to leave word with the instructor’s department because of circumstances beyond the student’s control, and in cases of bereavement, quarantine, or isolation, the student or the student’s representative should contact the Office of the Dean of Students via email or phone at 765-494- 1747. Our course Brightspace includes a link on Attendance and Grief Absence policies under the University Policies menu.

1. If you become quarantined or isolated at any point in time during the

semester, in addition to support from the Protect Purdue Health Center, you will also have access to an Academic Case Manager who can provide you

academic support during this time. Your Academic Case Manager can be reached at [email protected] and will provide you with general guidelines/resources

around communicating with your instructors, be available for academic

support, and offer suggestions for how to be successful when learning

remotely. Importantly, if you find yourself too sick to progress in the course, notify your academic case manager and notify me via email or

Brightspace/Teams. We will make arrangements based on your particular

situation. The Office of the Dean of Students ([email protected]) is also available to support you should this situation occur.

2. Per the university Grief Absence Policy for Students, students will be

excused from class and given the opportunity to earn equivalent credit and to demonstrate evidence of meeting the learning outcomes for missed

assignments or assessments in the event of the death of a member of the  student’s family . There are specific approved absence durations based on location and relationship of the deceased. See

https://www.purdue.edu/advocacy/students/absences.html for additional information.

Quiz and Exam Policies

1. For Synchronous iterations of the class (i.e ., Spring and Fall semesters), Exams will be offered in person, during the regularly scheduled class time and classroom.

2. For Asynchronous iterations of the class (i.e., Summer semester), Exams will open at 12:01 am and will be available for ~24 hours (until 11:59pm the same day). Failure to take the exam during that window will require an ODoS

verified need to be absent or other excused absence reason.

Homework Policies and Quality Expectations

1. All assignments are to be handed in via Brightspace or Gradescope on the

specified due date at the specified due time .

2. Late assignments will be penalized as follows:

Late submission before assessment of work is completed: 越

25% credit deduction

After peers’ work has been assessed: 越 No credit

Extra Credit Possibilities and Policies

1. There are occasional opportunities to earn extra credit on laboratory projects for completing extension objectives. Please refer to the laboratory manual

for additional information. These are a measure of effort in the course and are required for rounding to a minus grade or for plus grades.

Re-Grading Policies

1. A student wishing to request a re-grade for any assignment, quiz, or exam

should return their paper with a written statement explaining the re-grade

request. Any re-grade request must be submitted no later than one week after the material was returned to the student.  Regrade requests for group

projects must be requested by all of the group members.

2. Any work returned for a re-grade may be totally re-graded, not merely those portions which the person wishes to be re-graded. Note, there is no

guarantee a student’s grade will not be lowered after a regrade, but

students can be assured they will not be lowered punitively. Upon regrade, it is possible that points that were previously erroneously granted will

need to be removed, just as points that were previously erroneously taken away might need to be replaced.

3. Discussion of corrected assignments, quizzes, and exams, as opposed to requests for re-grades, may be done during any office hour or by appointment.

4. According to University regulations, only final course grades can be

“appealed.” There is a formal Polytechnic and University timetable and

process for grade appeals. It must be followed exactly! If resolution cannot be achieved with the faculty member directly, questions about grade appeals  should be directed to the Department Head of Computer and Information

Technology or the Chair of the Purdue Polytechnic Grade Appeals Committee.

Lab Policies and Expectations

1. If you use CIT laboratories, you are responsible for any and all laboratory policies – including the security policies that govern your account.

Policies do change from time to time; therefore, you should review the Laboratory Manual at the beginning of each semester.  Use of the

laboratories can be temporarily or permanently suspended for policy violations.

2. In the event that your laboratory access is suspended for any laboratory or  network policy violation, this course will not extend deadlines or eliminate late penalties for assignments that could not be completed because of the

suspension.

3. Maintaining the cleanliness of the laboratory is an important

responsibility. If the lab is not properly maintained (e.g., trash picked  up, expansion and case screws properly reinstalled after altering hardware configurations) then the entire lab section will be subject to a 10% lab

grade penalty at the end of the course.

Course Evaluation

1. During the last two weeks of the course, you will be provided with an opportunity to evaluate this course and your instructor. Purdue uses an online course evaluation system. You will receive an official email from evaluation administrators with a link to the online evaluation site. You will have up to two weeks to complete this evaluation. Your participation is an integral part of this course, and your feedback is vital to improving education at Purdue University. It is strongly encouraged that you participate in the evaluation system.

Non-Discrimination Policies

1. Purdue University is committed to maintaining a community which recognizes and values the inherent worth and dignity of every person; fosters tolerance, sensitivity,  understanding,  and  mutual  respect  among  its  members;  and encourages each individual to strive to reach his or her own potential. In pursuit of its goal of academic excellence, the University seeks to develop

and nurture diversity. The University believes that diversity among its many members strengthens the institution, stimulates creativity, promotes the exchange of ideas, and enriches campus life. Purdue’s nondiscrimination policy can be found at http://www.purdue.edu/purdue/ea_eou_statement.html.

Use of Copyrighted Materials

1. All course materials are copyrighted by the instructor and may not be

republished or posted for public viewing. Notes taken in class are

considered derivative works and may not be republished or posted for public viewing.

2. Students are expected, within the context of the Regulations Governing

Student Conduct and other applicable University policies, to act responsibly and ethically by applying the appropriate exception under the Copyright Act  to the use of copyrighted works in their activities and studies. The

University does not assume legal responsibility for violations of copyright law by students who are not employees of the University.

3. A Copyrightable Work created by any person subject to this policy primarily to express and preserve scholarship as evidence of academic advancement or

academic accomplishment. Such works may include, but are not limited to,

scholarly publications, journal articles, research bulletins, monographs,

books, plays, poems, musical compositions, and other works of artistic

imagination, and works of students created in the course of their education, such as exams, projects, theses or dissertations, papers, and articles.

Academic Dishonesty (“Cheating”) Policies

Student Honor Pledge - “As a boilermaker pursuing academic excellence, I pledge to be honest and true in all that I<