This course has concluded and all grades have been posted.
Reminder that we have our last test on March 26th, in class. The test is made up of 12 Fill in the Blank, 28 Multiple Choice, 4 True or False, and 2 Short Answer questions.
The Test 2 Checklist is now complete.
I have started to work on the Test 2 Checklist and will advise once it is complete. For Test 2 you will be permitted to bring one 8.5 x 11 one sided hand-written "cheat sheet" with you to refer to during the test.
Assignment 3 is now available. It is due on March 19th by 23:59.
Assignment 1 and Test 1 have been marked. The histogram for the test mark distribution is here.
Assignment 2 is now available.
I have finalized Test 1, and it is comprised as follows: Fill in the Blank (9 points); Multiple Choice (27 points); True or False (9 points); and Short Answer (15 points).
The Test Checklist for Test 1 is now available here.
With respect to Assignment 1, I promised additional instructions for students living in residence. Please find them here.
Assignment 1 is now available. It will take some time to complete, so don't leave this to the last minute. Due date is February 10.
I fixed some issues with the dates on the Course Schedule page. If you have copied any deadlines into your calendar, please confirm they are correct. Apologies for the inconvenience.
Please read this page with details applicable to all my courses.
This course is an introduction to the fundamentals of Cybersecurity Risk Management.
Topics include the evolution of information security into cybersecurity, technical aspects of cybersecurity, threat vectors, security domains, standards, frameworks, critical infrastructure, and controls developed to manage cybersecurity risk. Cybersecurity ethics will also be covered.
Students will be required to complete a cybersecurity risk management related case study.
(These are at a high level, and put together with Bloom's Taxonomy in mind)
Gain insight into the root causes of information abuse
Learn how technology impacts these root causes
Have awareness of some of the early threats
Understand the core technologies which create risks in a computer system
Be able to identify the various threat vectors
Understand how social engineering works, and how it enables many of the cybersecurity related risks
Understand the various methods used to breach a computer system
Gain insight into the various dimensions (buckets of risk) of securing a computer system
Understand and be able to apply various best practices approaches to risk management
Have familiarity with important cybersecurity risk management frameworks, and NIST in particular
Appreciate the specific risks posed by computer systems used in critical infrastructure and how to mitigate them
Understand and be able to apply a series of different controls in the various security domains
Understand the ethical constraints of cybersecurity risk management
70ch overall in the BScCS program, including at least 12ch of CS courses at the 2000-level or higher.
Lectures and class discussions will be held on Mondays and Wednesdays from 14:30 to 15:50, in Hazen Hall 239.
These sessions will be in-person as a default, but we may mix it up with the occasional online meeting.
Please consult the CS 3473 Course Schedule page for details of the various meeting and deliverable deadline dates for the course. This page will be updated as we go along.
There is no required textbook for this course, but we will primarily refer to portions of the following books as we go along:
"Grubb": Grubb, Sam. How cybersecurity really works: a hands-on guide for total beginners. No Starch Press, 2021.
"Brooks": Brooks, Charles J., et al. Cybersecurity essentials. John Wiley & Sons, 2018.
"Kohnke": Kohnke, Anne, Dan Shoemaker, and Ken E. Sigler. The complete guide to cybersecurity risks and controls. CRC Press, 2016.
E-book versions of these books are available at the following link (UNB login required):
https://web.lib.unb.ca/reserves/index.php/viewReserves/77348
Additional reading materials and other reference resources, as well as any slides referred to during our meetings, will be listed/linked on the Course Schedule page.
The selected portions from these textbooks and the listed resources will constitute the primary source material for your learning and you should make time to read and understand them (or their identified sections), as we proceed through the course. This will lay a foundation of knowledge, with which you will then be able to complete the assignments, tests, and course project.
Please also note that some of the assigned reading will cover material that will not be explicitly covered in class, usually because it is straightforward and something which can be absorbed by reading about it. If after reading any of such assigned material you have questions, please do not hesitate to bring them up in class or reach out to me directly.
Assignments (3): 30 points
In class tests (2): 40 points
Term Project and Report: 30 points
Note that there is no final exam.
The term project report will be due on the last day of classes.
There will be 3 substantive assignments worth 10 points each. They will take time to complete. Don't leave them to the last minute.
Please consult the CS 3473 Course Schedule page for the release and due dates of assignments. Assignments must be submitted by email to the instructor, no later than 11:59 p.m. on the day they are due. Please ensure you use a descriptive subject line for the email (for example: CS 3473 Assignment 1).
All assignments must be done individually.
Two tests will be held in class on the dates set out on the CS 3473 Course Schedule page. Each test will be composed of a number of different types of questions, including multiple choice, true or false, fill in the blank, short answers, and questions requiring the holistic application of the knowledge gained during the course.
Requirements for this component are set out on the Term Project page.