Syllabus for CYB-521

FOUNDATIONS OF UTILITY CYBERSECURITY


COURSE DESCRIPTION

This course introduces foundational cybersecurity concepts applied to utilities as part of critical infrastructure. Topics covered include: fundamental security concepts and nomenclature; types of utility networks and systems including information technology (IT) and operational technology (OT), such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA); risk management concepts; the pairing of threats to defensive countermeasures; introduction to applicable standards and control frameworks; and presenting cybersecurity plans to decision makers. This course lays the foundation for the graduate certificate. It is recommended that this course be taken first.

COURSE TOPICS

COURSE OBJECTIVES

After completing this course, you should be able to:

CO1        Articulate the need for the appropriate cybersecurity defensive posture in a utility environment citing examples of “cyberattacks” today.

CO2        Identify fundamental concepts and define common industry terms used in relation to cybersecurity and utilities.

CO3        Map traditional information technology (IT) security view (protect confidentiality, integrity, and availability) to the reliability and safety views in the operational technology (OT) world.

CO4        Examine fundamental OT and IT utility architectures and scopes considering their convergence.

CO5        Map key network architectures and communications protocols to the related security implications found in both OT and IT.

CO6        Assess the linkage among assessment components involving risk mitigation, security capabilities, and controls applied to functional areas in a utility.

CO7        Evaluate OT and IT attack scenarios and threat vectors.

CO8        Categorize OT and IT systems by defining “security scopes” for utilities.

CO9        Apply cybersecurity processes to OT and IT operations.

CO10        Apply defenses to OT and IT attack scenarios in different types of utilities.

CO11        Articulate types of technical, management, and operational controls as defined by industry standards and cybersecurity frameworks.

CO12        List eight key frameworks, specifications, standards, guidelines, laws, regulations, and requirements related to cybersecurity, supply chains, and utilities.

CO13        Prepare scenario-based presentations to potential decision makers with supporting data of cybersecurity risk and mitigation strategies.

COURSE MATERIALS

You will need the following materials to complete your coursework. Some course materials may be free, open source, or available from other providers. You can access free or open-source materials by clicking the links provided below or in the module details documents. To purchase course materials, please visit the University's textbook supplier.

Required Textbook

ISBN: 978-0124201149

eBook ISBN: 978-0124201842

ISBN-13: 978-1430260820

eBook ISBN-13: 978-1430260837

COURSE STRUCTURE

Foundations of Utility Cybersecurity (CYB-521) is a three-credit, online course consisting of six modules. Modules include an overview, topics, learning objectives, study materials, and activities. Module titles are listed below.

ASSESSMENT METHODS

For your formal work in the course, you are required to participate in online discussion forums and complete written assignments and a final project. See below for details.

Consult the Course Calendar for due dates.

Promoting Originality

One or more of your course activities may utilize a tool designed to promote original work and evaluate your submissions for plagiarism. More information about this tool is available in this document.

Discussion Forums

This course requires you to participate in seven graded discussion forums. There is an ungraded but required Introductions Forum in Module 1.

Deadlines for posting discussion threads are given in the Course Calendar. For posting guidelines and additional help with discussion forums, please see the Online Student Handbook located within the General Information section of the course website.

Written Assignments

You are required to complete eleven written assignments. The written assignments are on a variety of topics associated with the course modules.

Final Project

For the final project, you are required to build a risk-based business case on one of the scenarios or a composite of several of the scenarios you created in Written Assignment 2. You will write a report as well as a PowerPoint presentation to the decision makers on needed cybersecurity investments. See the Final Project area of the course website for further details.

GRADING AND EVALUATION

Your grade in the course will be determined as follows:

All activities will receive a numerical grade of 0–100. You will receive a score of 0 for any work not submitted. Your final grade in the course will be a letter grade. Letter grade equivalents for numerical grades are as follows:

A

=

93–100

B

=

83–87

A–

=

90–92

C

=

73–82

B+

=

88–89

F

=

Below 73

To receive credit for the course, you must earn a letter grade of C or higher on the weighted average of all assigned course work (e.g., assignments, discussion postings, projects). Graduate students must maintain a B average overall to remain in good academic standing.

STRATEGIES FOR SUCCESS

First Steps to Success

To succeed in this course, take the following first steps:

Study Tips

Consider the following study tips for success:

ACADEMIC POLICIES

To ensure success in all your academic endeavors and coursework at Thomas Edison State University, familiarize yourself with all administrative and academic policies including those related to academic integrity, course late submissions, course extensions, and grading policies.

For more, see:

Copyright © 2016 by Thomas Edison State University. All rights reserved.