Syllabus for CYB-421

CYBERSECURITY RISK ANALYSIS AND MANAGEMENT


COURSE DESCRIPTION

Cybersecurity Risk Analysis and Management introduces the fundamentals of cybersecurity risk analysis and management including threat and vulnerability identification/analysis, threat modeling, impact analysis, mitigation planning and tracking, as well as conceptual approaches, guidelines, standards, and security control frameworks. The course includes identification and classification of information assets, formulation of comprehensive risk assessments, development of threat models, and corresponding security plans to serve as frameworks for implementing measures aimed at protecting information assets and reducing security risks.

COURSE TOPICS

COURSE OBJECTIVES

After completing this course, students should be able to:

CO1        Articulate the importance of assessing and managing cybersecurity risk within an organization or company.

CO2        Examine key concepts, components, and supporting models and standards of a cybersecurity risk management program.

CO3        Utilize techniques for identifying and analyzing relevant threats, vulnerabilities, and exploits.

CO4        Integrate risk management laws of compliance, standards, best practices, and policies into organizational risk management activities.

CO5        Create and implement a cybersecurity risk mitigation strategy with supporting plans.

CO6        Communicate risk mitigation strategies to senior/executive leadership.

CO7        Defend an organizational or corporate cybersecurity risk program with supporting plans including business continuity, disaster recovery, and incident response.

COURSE MATERIALS

You will need the following materials to do the work of the course. The required textbook is available from the University’s textbook supplier, MBS Direct.

Required Textbook

ISBN-13: 978-1284055955

COURSE STRUCTURE

Cybersecurity Risk Analysis and Management is a three-credit online course, consisting of five modules. Modules include an overview, topics, learning objectives, study materials, and activities. Module titles are listed below.

ASSESSMENT METHODS

For your formal work in the course, you are required to participate in online discussion forums, complete written assignments, complete a presentation, complete lab activities, and complete a final project. See below for details.

Consult the Course Calendar for due dates.

Promoting Originality

One or more of your course activities may utilize a tool designed to promote original work and evaluate your submissions for plagiarism. More information about this tool is available in this document.

Discussion Forums

In addition to an ungraded Introductions Forum, you are required to participate in four graded online class discussions.

Communication with your mentor and among fellow students is a critical component of online learning. Participation in online class discussions involves two distinct activities: an initial response to a discussion question and at least two subsequent comments on classmates' responses.

All of these responses must be substantial. Meaningful participation is relevant to the content, adds value, and advances the discussion. Comments such as "I agree" and "ditto" are not considered value-adding participation. Therefore, when you agree or disagree with a classmate or your mentor, state and support your position.

You will be evaluated on the quality and quantity of your participation, including your use of relevant course information to support your point of view, and your awareness of and responses to the postings of your classmates. Remember, these are discussions: responses and comments should be properly proofread and edited, mature, and respectful.

Written Assignments

You are required to complete two written assignments. The written assignments are on a variety of topics associated with the course modules. For specific details refer to the individual course modules. Consult the Course Calendar for due dates.

Presentation

You are required to complete one presentation that focuses on key issues of supply chain cybersecurity risk and presents a procurement policy. The objective of this presentation is to convince leadership (the mentor) of the need for the policy to mitigate cyber risk in an electric utilities procurement activities. For specific details and requirements, consult Module 4 and refer to the Course Calendar for due dates.

Lab Activities

You are required to complete three lab activities. The lab activities are associated with the course modules. For specific details, please refer to the individual course modules. Consult the Course Calendar for due dates.

Final Project

You are required to complete one final project. This project provides you with an opportunity to apply competencies gained in the course to develop a complete risk management plan for a fictional company. By completing this project, you will have a deep understanding of risk management, its importance, and critical processes required when developing a formal risk management plan for an organization.

The sections of this final project will be developed and submitted in four stages. In Stages 2, 3 and 4, you will also incorporate any feedback received from your mentor when the previous stage is graded to improve the effectiveness of your overall project. Then, you will continue to add new sections. By the end of the course, you will submit a complete document that includes all of the sections and changes that resulted from feedback provided throughout the course. Part of the grading criteria for the final stage submission includes addressing previous feedback to improve the final project.

 

Be sure to reference the Final Project area of the course website for full requirements and instructions. Consult the Course Calendar for due dates.

GRADING AND EVALUATION

Your grade in the course will be determined as follows:

All activities will receive a numerical grade of 0–100. You will receive a score of 0 for any work not submitted. Your final grade in the course will be a letter grade. Letter grade equivalents for numerical grades are as follows:

A

=

93–100

C+

=

78–79

A–

=

90–92

C

=

73–77

B+

=

88–89

C–

=

70–72

B

=

83–87

D

=

60–69

B–

=

80–82

F

=

Below 60

To receive credit for the course, you must earn a letter grade of C or better (for an area of study course) or D or better (for a course not in your area of study), based on the weighted average of all assigned course work (e.g., exams, assignments, discussion postings).

STRATEGIES FOR SUCCESS

First Steps to Success

To succeed in this course, take the following first steps:

Study Tips

Consider the following study tips for success:

ACADEMIC INTEGRITY

Thomas Edison State University is committed to maintaining academic quality, excellence, and honesty. The University expects all members of its community to share the commitment to academic integrity, an essential component of a quality academic experience.

Students at Thomas Edison State University are expected to exhibit the highest level of academic citizenship. In particular, students are expected to read and follow all policies, procedures, and program information guidelines contained in publications; pursue their learning goals with honesty and integrity; demonstrate that they are progressing satisfactorily and in a timely fashion by meeting course deadlines and following outlined procedures; observe a code of mutual respect in dealing with mentors, staff, and other students; behave in a manner consistent with the standards and codes of the profession in which they are practicing; keep official records updated regarding changes in name, address, telephone number, or e-mail address; and meet financial obligations in a timely manner. Students not practicing good academic citizenship may be subject to disciplinary action including suspension, dismissal, or financial holds on records.

All members of the University community are responsible for reviewing the Academic Code of Conduct Policy in the University Catalog and online at www.tesu.edu.

Academic Dishonesty

Thomas Edison State University expects all of its students to approach their education with academic integrity—the pursuit of scholarly activity free from fraud and deception. All mentors and administrative staff members at the University insist on strict standards of academic honesty in all courses. Academic dishonesty undermines this objective. Academic dishonesty can take the following forms:

Plagiarism

Thomas Edison State University is committed to helping students understand the seriousness of plagiarism, which is defined as using the work and ideas of others without proper citation. The University takes a strong stance against plagiarism, and students found to be plagiarizing are subject to discipline under the academic code of conduct policy.

If you copy phrases, sentences, paragraphs, or whole documents word-for-word—or if you paraphrase by changing a word here and there—without identifying the author, or without identifying it as a direct quote, then you are plagiarizing. Please keep in mind that this type of identification applies to Internet sources as well as to print-based sources. Copying and pasting from the Internet, without using quotation marks and without acknowledging sources, constitutes plagiarism. (For information about how to cite Internet sources, see Online Student Handbook > Academic Standards > Citing Sources.)

Accidentally copying the words and ideas of another writer does not excuse the charge of plagiarism. It is easy to jot down notes and ideas from many sources and then write your own paper without knowing which words are your own and which are someone else’s. It is more difficult to keep track of each and every source. However, the conscientious writer who wishes to avoid plagiarizing never fails to keep careful track of sources.

Always be aware that if you write without acknowledging the sources of your ideas, you run the risk of being charged with plagiarism.

Clearly, plagiarism, no matter the degree of intent to deceive, defeats the purpose of education. If you plagiarize deliberately, you are not educating yourself, and you are wasting your time on courses meant to improve your skills. If you plagiarize through carelessness, you are deceiving yourself.

For examples of unintentional plagiarism, advice on when to quote and when to paraphrase, and information about writing assistance, click the links provided below.

Examples of Unintentional Plagiarism

When to Quote and When to Paraphrase

Writing Assistance at Smarthinking

Disciplinary Process for Plagiarism

Acts of both intentional and unintentional plagiarism violate the Academic Code of Conduct.

If an incident of plagiarism is an isolated minor oversight or an obvious result of ignorance of proper citation requirements, the mentor may handle the matter as a learning exercise. Appropriate consequences may include the completion of tutorials, assignment rewrites, or any other reasonable learning tool in addition to a lower grade for the assignment or course. The mentor will notify the student and appropriate dean of the consequence by e-mail.

If the plagiarism appears intentional and/or is more than an isolated incident, the mentor will refer the matter to the appropriate dean, who will gather information about the violation(s) from the mentor and student, as necessary. The dean will review the matter and notify the student in writing of the specifics of the charge and the sanction to be imposed.

Possible sanctions include:

Copyright © 2019 by Thomas Edison State University. All rights reserved.