SWENG 5180: Cyber Risk Management

This 7-week course provides students with foundation in Cyber Risk Management, aligned with the National Institute of Standards and Technology (NIST) RMF 800-37R2, and uses NIST SP800-53A, the assessment of security and privacy controls in information systems and organizations.

Students will learn the skills need to perform regular risk assessments, define Risk, Risk scoring and identify gaps.

  • Assign NIST security controls and countermeasures
  • Use of Risk Assessment Tools
  • Develop a NIST Risk Management Framework
  • Identify KPIs and KRIs for Risk Management
  • Integrate Risk Management Strategy into Business Functions

Students will conduct a Cyber Risk Management exercise on a fictional company, with the culmination of applying to either their company, or a fictional company on their own, followed by a peer review.

Topics Covered

  • Perform a complete risk assessment.
  • Inventory companies most critical information assets.
  • Assign a data owner and custodian to an information asset.
  • Assign classification values to critical information assets.
  • Prioritize risk remediation efforts as a result of performing a risk assessment.
  • Evaluate risk management models for use in their own organization.

SWENG 5179: Foundations of Cyber Operations

The United States may be facing the most serious economic and national security challenge of the 21st century; our government and private sector networks and information are being exploited via cyber operations activities at an unprecedented scale by a growing array of state and non-state actors. The evolution of increasingly complex network structures creates critical interdependencies that lead to expanded cyber operations opportunities and increased vulnerabilities. Therefore, we must train our cyber work force so that they may take action to protect the critical components upon which our economy, government and national security are based by an adversary that utilizes a wide array of network exploitation, disruption or destruction techniques. In order to appropriately defend these complexities and interdependencies in a cyber environment, students must become familiar with foundational network security methods and concepts, and protocols, Cybersecurity principles, and knowledge of cyber threats and vulnerabilities.

In this 7-week course, students from all educational disciplines and professional backgrounds will have hands-on experience using PSU Weblabs to learn fundamental concepts designed to help familiarize them with the potential cyber operations that they may encounter on a daily basis.

Topics Covered

  • To better understand Network Security and Technical Concepts
  • Application, Data and Host Security
  • Malware Analysis
  • Identification, Authentication, and Authorization in Modern Operating Systems

SWENG 5178: Principles of Cyber Law & Policy

Cyber activities and cyber operations are subject to a diverse array of U.S. federal laws, state laws, constitutional law, and regulatory policies, as well as international laws that together comprise a framework of law called Cyberlaw. Individuals, businesses, and governments involved in any aspect of cyber operations (“cyber actors”) must have a clear understanding of cyber technology platforms (cyberspace) and the legal and policy background (cyberlaw) to ensure that cyber activities and operations (“cyber actions”) are conducted within, but not beyond, the maximum limits of legal authority.

In this 7-week course, students again will work hands-on with PSU Weblabs to learn fundamental and mid-range concepts designed to help ensure that the cyber operations in which they participate are consistent with the laws and values of the society they serve.

Topics Covered

  • Overview of Cyberspace and the Intersection of Law & Policy
  • Cyber Governance in the U.S.
  • Legal Foundations of Cyber Law & Policy
  • The Cyber Threat-Response Network

SWENG 5172: Certified Information Systems Security Professional (CISSP) Exam Preparation*

*Optional fourth course

This 30-hour course consists of face-to-face lecture, classroom discussion, and practice exams. At the end of the course, the instructor will review with students how to schedule the CISSP exam and provide links to practice tests to prepare.