Semester II: Cybersecurity Risk Management

Fall Semester / 10 Credits

Residency Module 2 (5 days) October 2023*

Semester 2: Cybersecurity Risk Management Focus

Network Security

(Tandon) – online only

This course begins by covering attacks and threats in computer networks. We cover the “kill chain” and how networks are compromised whether the attack is originating from a nation state or an unskilled lone attacker. The course continues with cryptography topics which establish the foundation for techniques providing for the defense of computer networks. Topics covered are block ciphers, stream ciphers, public key cryptography, RSA, Diffie Hellman, certification authorities, digital signatures and message integrity. After surveying basic cryptographic techniques, the course examines several secure networking protocols, including TLS, IPsec and wireless security protocols. The course moves on to discuss operational security techniques, including perimeter security, intrusion-detection systems, security monitoring and security in IPv6 networks. Students will read recent research papers on network security and apply the technology and techniques discussed in a lab component which includes: network mapping, exploitation, firewalls, SSL exploitation and wireless security.

Cybersecurity – The Evolving Regulatory Landscape (Cybersecurity Regulation II, Critical Infrastructure Protection & Information Sharing)

(Law) – blended-learning format

  • Cybersecurity Regulation II
  • Critical Infrastructure Protection & Information Sharing

Building on last semester’s course on the general regulatory forces shaping cybersecurity, this semester’s course drills down into two facets of the emerging cybersecurity landscape. The first part of the course will explore the relationship between the business world and sector-specific federal and state regulators addressing cybersecurity, including the Securities and Exchange Commission, the Department of Defense and financial regulators. The second part of the course is dedicated to exploring the cybersecurity-related regulation of critical infrastructure by federal authorities, principally the Department of Homeland Security, including information sharing initiatives.

Information Privacy Law Part II

(Law) – blended-learning format

Information Privacy Law Part II delves further into the laws regulating private sector use of personal information. U.S. privacy law is known for its “sectoral” approach and we begin by reviewing some of the laws targeted at particular sectors. We will also explore the EU’s General Data Protection Regulation, which recently took effect, considering its implications for US companies. The second part of this semester focuses on law enforcement access to personal information. We cover the basic constitutional and statutory limits on law enforcement access and then discuss some of the challenges to existing law created by the increasing extent to which everyday communications and activities create digital data trails.

Integrative Cybersecurity Management

(Law & Tandon integrated project)

The Integrative Cybersecurity Management course is driven by seminars and advising led by the Capstone Faculty Directors and Industry Capstone Mentors, resulting in a team-based project presented at the culmination of the program. The course requires students to build on their own professional experience and exposure to the academic content of the program to create a meaningful project that demonstrates their ability to take an integrated view of cybersecurity risk and strategy.

*Due to COVID-19 and resulting travel restrictions, future in-person residencies may be converted to remote instruction. We will share more information as it becomes available.

Program Overview and Coursework