Subject Outline PDF

Preview

Summary

SubjectOutline.pdf...

Description

SUBJECT OUTLINE 32548 Cybersecurity Course area

UTS: Information Technology

Delivery

Spring 2020; City

Credit points 6cp Requisite(s)

32524 LANS and Routing OR 49202 Communication Protocols

Result type

Grade and marks

Attendance: 1.5hpw (lecture), 1.5hpw (tutorial). Forms of attendance and mode of delivery in this subject have changed to enable social distancing and reduce the risks of spreading COVID-19 in our community. Recommended studies: a sound knowledge of computer systems and networking protocols

Subject coordinator Dr. Priyadarsi Nanda Room: CB11.8.209 Phone: (02) 9514 1853, email: [email protected] Consultation Hours: Thursday, 11.30 AM - 12.30 PM, at Microsoft Team session The Subject Coordinator may be contacted by email or phone if you have matters of a personal nature to discuss, e.g., illness, study problems, group problems, group re-assignment, or a request for an appointment outside the given consultation hours.

Teaching staff Lecturer: Dr. Priyadarsi Nanda Room: CB11.8.209 Phone: (02) 9514 1853; Email: [email protected] Lab Tutor: To Be Announced Prior to the Lab in Week-2 If you wish to discuss your questions or need further help with understanding concepts in this subject, please see the tutor during tutorial, participate in Microsoft Team session or contact him via email.

Subject description This subject consolidates the student's understanding of cyber security by considering security principles, methodologies and technologies from a technical and management perspective used in practice. The subject allows students to learn about and discuss various cyber attack techniques used in practice, and methods to defend against such attacks using industry standard tools and techniques. Topics include cyber attacks and defenses, web security, firewalls, intrusion detection systems along with security services such as confidentiality, integrity, authentication (CIA) and technologies such as IPSec, SSL, PGP and S/MIME.

Subject learning objectives (SLOs) Upon successful completion of this subject students should be able to: 1. Explain the major theories and principles that are used in the implementation of a secure network. 2. Explain the underlying algorithms used to construct Security Protocols 3. Identify and explain the major threats and their mitigation associated with cyber security. 4. Explain the major methodologies for secure networks and what threat they address. 5. Compare and contrast the technologies used in achieving security at various layers following OSI/TCP/IP layered structure.

17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 1 of 10

6. Implement and reflect on solutions for cyber security.

Course intended learning outcomes (CILOs) This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs): Socially Responsible: FEIT graduates identify, engage, and influence stakeholders, and apply expert judgment establishing and managing constraints, conflicts and uncertainties within a hazards and risk framework to define system requirements and interactivity. (B.1) Design Oriented: FEIT graduates apply problem solving, design thinking and decision-making methodologies in new contexts or to novel problems, to explore, test, analyse and synthesise complex ideas, theories or concepts. (C.1) Technically Proficient: FEIT graduates apply theoretical, conceptual, software and physical tools and advanced discipline knowledge to research, evaluate and predict future performance of systems characterised by complexity. (D.1)

Teaching and learning strategies This subject will be delivered as a series of interactive lectures and lab sessions. The subject relies heavily on UTS Canvas, therefore students are expected to check UTS Canvas regularly to access materials and weekly activities. Lectures are supported by PowerPoint slides, learning materials and strategies described in the Learning Guide. Students are required to read the lecture materials and answer online questions before the lecture. During the lecture, these online questions will be discussed, linking them to the lecture contents, and helping to focus the lecture time on topics that students have found most challenging. The lecture format will be interactive, and from time to time, students will be invited to discuss or present their ideas during the class. Not all of the weekly reading material will be covered during the lecture time. Hence, it is the student's responsibility to read all materials, including those that are not specifically covered during the lecture time. All materials given in the subject readings are examinable, even those not directly presented or discussed in lectures. Students will gain most from the class time by reading each week's preparation material in advance and clarifying any questions during the interactive lecture sessions, student consultation times and lab discussion times. During each week's lab session, students will perform a set of provided tasks. The tasks are closely related to the week's lecture topic. There will be discussion sessions during the lab where the lab instructor will pose questions related to the lab activities and students will work in groups to answer the questions by performing hands-on activities, engaging in group discussions, as well as looking through Internet resources. Students are expected to attend and participate in all lab activities, contribute to online discussions, complete assignments by their due dates and actively participate in groups for the group-based activities both in and out of class time. An average student aiming to pass the subject is expected to invest 9-10 learning hours each session week for this subject. The subject will be delivered as a 1.5 hour interactive lecture, followed by a 1.5 hour laboratory session.

Content (topics) This subject covers the fundamental issues involving cyber security, and latest developments on security protocols, technologies, standards and applications. The topics are categorised into: (1) Cyber security strategy, (2) Network level security, and (3) Application level security. 1. Cyber security strategy Strategy and Governance Cyber Threat Intelligence Secure coding principles 2. Network level security TCP/IP security Web security Operating Systems security 17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 2 of 10

Access control, Wireless and Mobile security 3. Application level security DoS and DDOS attack Mail security Intrusion Detection/Prevention Systems Firewalls, IPSec and IoT security

Program Week/Session

Dates

Description

1

27 Jul

Lecture: Subject Introduction and logistics Guest Lecture by Deloitte Experts: Cyber Threat Intelligence (CTI) Notes: Subject Introduction Information available on UTS Canvas. Also, you are expected to pre-read/view material available on Canvas. Your Lab/Tutorial activities will start from Week-2.

2

3 Aug

Guest Lecture by Deloitte Experts: Penetration Testing (Pen Test) Notes: Lab material at UTS Canvas

3

10 Aug

Guest Lecture by Deloitte Experts: Cybersecurity Policy and Governance Notes: Lab material at UTS Canvas Mini Quiz (on-line) with immediate feed back will be available to students before sensus date. This quiz will not be assessed.

4

17 Aug

Lecture: Web Security: Security Issues with Web Browser and Web Services Notes: Lab material at UTS Canvas

5

24 Aug

Lecture: TCP/IP Security Understanding security issues with TCP, IP, MAC and ARP protocols Notes: Lab material at UTS Canvas

17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 3 of 10

6

31 Aug

Lecture: Operating Systems Security, Windows and Linux Security Assessment Quiz-1 during lab session (On-line), 10% of assessment tasks Feedback will be provided to the students after the quiz in week 6. Notes: Lab material at UTS Canvas

7

7 Sept

Lecture: Key Management Protocols and Public Key Infrastructure Notes: Lab material at UTS Canvas

8

14 Sept

Mid Session StuVac, No Lecture and Lab activities

21 Sept

Lecture: Intrusion Detection and Prevention Notes: Lab material at UTS Canvas

9

28 Sept

Lecture: Email Security and VPNs Assessment, Quiz 2 during Lab Session, 10% of assessment tasks Feedback will be provided to the students after the quiz in week 9. Notes: Lab material at UTS Canvas

10

5 Oct

Lecture: Access Control, Wireless and Smart Device Security Notes: Lab material at UTS Canvas

11

12 Oct

Lecture: Secure Coding and Software Security Assessment Task 2 : Skills based assessment during lab session (On-line), 30% of assessment tasks Feedback will be provided to the students after 2 weeks from the completion of the assessment task-2

12

19 Oct

Lecture: Subject Revision and Final Exam information Notes: Assessment Task 4 : Research Project Report due, 10% of assessment tasks Feedback on Assessment Task 4 will be provided to the students after 2 weeks

17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 4 of 10

from the date of submission of the assessment task. essment task.

Labs are an integral part of this subject. Failure to attend labs will result in poor learning outcomes and poor final marks.

Assessment Assessment task 1: Quiz Intent:

The quizzes are designed to motivate continuous learning, analysis and recall the technical knowledge relevant to the subject concepts.

Objective(s): This assessment task addresses the following subject learning objectives (SLOs): 1, 2, 4 and 5 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1, C.1 and D.1 Type:

Quiz/test

Groupwork:

Individual

Weight:

20%

Task:

There are two quizzes, each worth 10% of the total mark for this subject. The quizzes will be held during tutorial/lab sessions.

Length:

20 to 30 minutes in duration

Due:

Quiz 1 : In class Week 6; Quiz 2 : In class Week 9.

Assessment task 2: Skills Based Assessment Intent:

The skills based assessment is for students to demonstrate practical skills in identifying and resolving network security issues as might be found in practice.

Objective(s): This assessment task addresses the following subject learning objectives (SLOs): 2, 3, 4, 5 and 6 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1, C.1 and D.1 Type:

Laboratory/practical

Groupwork:

Individual

Weight:

30%

17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 5 of 10

Task:

Students will undertake a skills based assessment to test their skills learned from the lab and tutorials.

Due:

Week 11

Assessment task 3: Final Exam Intent:

The exam will explore the extent of student knowledge and understanding throughout the subject.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs): 1, 2, 3 and 5 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1, C.1 and D.1

Type:

Examination

Groupwork:

Individual

Weight:

20%

Task:

The final exam will be an open book exam. The final exam will cover short answer-type questions. The material examined will cover Lectures Week 1 to Week 11.

Length:

2 hours

Due:

UTS Exam period

Assessment task 4: Research Project Intent:

This task is for students to demonstrate an understanding of a given security problem, and to design and implement a solution for the problem.

Objective(s): This assessment task addresses the following subject learning objectives (SLOs): 1, 2, 4, 5 and 6 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): C.1 and D.1 Type:

Project

Groupwork: Group, group assessed Weight:

10%

17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 6 of 10

Task:

A group of students will be allocated a research topic taken from current security-related topics. This task is for students to demonstrate an understanding of the problem, and to design and implement a solution for the given problem. A report comprising of the following security objectives must be produced: a. Which security goals are addressed? b. What design aspects are considered? c. Proper justification for the proposed solution c. Which security tools/software are used to implement the solution? d. Conclusion A detailed assessment brief will be provided via UTS Canvas

Length:

The maximum length of the report excluding appendix and references should not be more than 20 pages.

Due:

Week 12

Further For the group assignment students will be assessed as a team, which means each group member information: will normally receive the same mark. If you have trouble with the operation of your group, ask your tutor first for advice (preferably ask as a group). If some of the group feel that other members are not contributing the subject coordinator should be informed and a group meeting held to produce a solution. In extreme cases a group member may be asked by the subject coordinator to withdraw from the Subject, do extra work or accept a lower mark. No complaints about group operation will be considered after the assignment has been handed in.

Assessment task 5: Lab Submission Intent:

For students to demonstrate hands-on learning of cybersecurity concepts

Objective(s): This assessment task addresses the following subject learning objectives (SLOs): 2, 3, 4 and 5 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): C.1 and D.1 Type:

Laboratory/practical

Groupwork:

Individual

Weight:

20%

Task:

In most weeks, marks will be allocated to individual lab components which will be announced to students in the lab handout on UTS Canvas. There will be eight (8) different lab tasks.

Due:

Weekly, in class

17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 7 of 10

Examination material or equipment 1. The written exam is restricted open book: Students are permitted to bring one double-sided A4 page of handwritten notes into the examination room. 2. The skills exam is closed book. 3. The Quiz Tests are closed book computer based.

Minimum requirements In order to pass the subject, a student must achieve an overall mark of 50% or more.

Required texts 1. Chwan-Hwa (john) Wu & J. David Irwin, "Introduction to Computer Networks and Cyber Security", CRC Press, ISBN: 978-1-4665-7213-3. 2. William Stallings,"Network Security Essentials Applications and Standards" (5th Edition/ 6th Edition) ISBN-10: 0133370437, ISBN-13: 978-0133370430. 3. Wenliang Du, "Computer security: A Hands-on Approach", ISBN-13:978-1548367947.

Recommended texts 1. Eric Cole, "Network Security Bible" (2nd Edition) ISBN-10: 0470502495 | ISBN-13: 978-0470502495. Available as an ebook. 2. Behrouz A. Forouzan, "Cryptography and Network Security", ISBN: 978-0-07-287022-0, McGrawHill. 3. Michael T. Goodrich & Roberto Tamassia, "Introduction to Computer Security", ISBN-10: 0-321-31294-4, Pearson. 4. William Stallings & Lawrie Brown, "Computer Security", 4th edition, ISBN-10: 1-292-22061-9, Pearson, Global Edition 5. James Helfrich, "Security for Software Engineers", CRC Press, 2019, ISBN: 13:978-1-138-58382-5

References All additional reference materials will be posted on UTS Canvas.

Other resources UTS Canvas - canvas.uts.edu.au Canvas will be used as the major means of communication between subject co-ordinator, teaching staffs and students. Any change in schedule will be updated in Canvas. It is the responsibility of the student to read Canvas regularly. Canvas will be used to provide the lecture notes and the tutorials.

Graduate attribute development For a full list of the faculty's graduate attributes refer to the FEIT Graduate Attributes webpage. For the contribution of subjects taken in the Bachelor of Engineering (Honours) or Master of Professional Engineering to the Engineers Australia Stage 1 Competencies, see the faculty's Graduate Attributes and the Engineers Australia Stage 1 Competencies webpage.

Assessment: faculty procedures and advice Marking criteria Marking criteria for each assessment task will be available on the Learning Management System: UTS Online. Extensions When, due to extenuating circumstances, you are unable to submit or present an assessment task on time, please contact your subject coordinator before the assessment task is due to discuss an extension. Extensions may be granted up to a maximum of 5 days (120 hours). In all cases you should have extensions confirmed in writing. Special consideration If you believe your performance in an assessment item or exam has been adversely affected by circumstances beyond your control, such as a serious illness, loss or bereavement, hardship, trauma, or exceptional employment demands, you may be eligible to apply for Special Consideration. Late penalty 17/07/2020 (Spring 2020)

© University of Technology Sydney

Page 8 of 10

Work submitted late without an approved extension is subject to a late penalty of 10 per cent of the total available marks deducted per calendar day that the assessment is overdue (e.g. if an assignment is out of 40 marks, and is submitted (up to) 24 hours after the deadline without an extension, the student will have four marks deducted from their awarded mark). Work submitted after five calendar days is not accepted and a mark of zero is awarded. For some assessment tasks a late penalty may not be appropriate – these are clearly indicated in the subject outline. Such assessments receive a mark of zero if not completed by/on the specified date. Examples include: a. weekly online tests or laboratory work worth a small proportion of the subject mark, or b. online quizzes where answers are released to students on completion, or c. professional assessment tasks, where the intention is to create an authentic assessment that has an absolute submission date, or d. take-home papers that are assessed during a defined time period, or e. pass/fail assessment tasks. Querying results If you believe an error may have been made in the calculation of your result in an assessment task or the final result for the subject, it is possible to query the result with the Subject Coordinator within five (5) working days of the date of release of the result.

Academic liaison officer Academic liaison officers (ALOs) are academic staff in each faculty who assist students experiencing difficulties in their studies due to: disability and/or an ongoin...