This course offers an introduction to the field of cybersecurity, serving as the foundational course for students enrolled in the Master of Science (MS) in Cybersecurity program. It covers essential cybersecurity topics such as computer system architectures, critical infrastructures, cyber threats and vulnerabilities, cryptography, cryptographic protocol design, information assurance, network security, and risk assessment and management. Students will gain familiarity with key security concepts, technologies, and practices, building a solid foundation for advanced studies in cybersecurity. The course includes technical laboratory sessions to reinforce theoretical knowledge through practical application.
Module 1
This module focused on cyberattacks increasing globally, but there is a huge lack of cybersecurity personnel. The personnel is divided into administrative and technical responsibilities, with the former focusing on policy and administration and the latter on designing and maintaining security systems. Certifications such as CompTIA Security+ confirm important abilities in threat detection, security control implementation, and compliance. Security requires balancing confidentiality, integrity, and availability (CIA) with authentication, authorization, and accounting (AAA). Asset protection is provided by a variety of controls, including administrative, operational, technical, and physical safeguards.
During the lab, I realized that my email addresses had been linked to data breaches. It was alarming to observe the timeline of hacks, especially because some vulnerable applications are currently on my phone. I learned how little control we have over our personal data once it is committed to third parties. Although annoying, this exercise provided as a reminder of the dangers caused by weak or reused passwords, as well as the importance of activating multi-factor authentication. I did not receive any notification letters about these breaches, exposing the gaps in awareness and communication from affected institutions. Additionally, the presence of passwords in the hacked data was an immediate red flag, causing me to instantly reset those passwords and better strengthen my entire account.
Module 2
This modules reading focused on social engineering targeting human psychology rather than technology flaws. It entails constructing misleading settings to trick people into disclosing sensitive information or engaging in dangerous behavior. Attackers frequently use psychological principles such as authority, urgency, and trust to achieve their objectives. Common strategies include phishing, which involves fraudulent emails tricking users into disclosing personal information, and impersonation, in which attackers impersonate trustworthy businesses. Advanced approaches, such as typo squatting and business email compromise (BEC), target consumers by manipulating their online behavior in subtle ways. Physical security is similarly important. Fences, bollards, and security guards protect critical areas, while video cameras and sensors improve monitoring capabilities. Access control vestibules and locks ensure restricted entry, while Faraday cages prevent electromagnetic leaks. Measures to safeguard gear, such as laptop safes and steel mounts, deter theft.
The purpose of this project is to enhance your ability to identify phishing attacks by using an online phishing training tool. The training aims to develop user awareness of phishing tactics and strengthen your understanding of how to recognize and mitigate social engineering attacks. By completing this simulation, you also gain insight into the importance of education in improving personal and organizational cybersecurity. Through this project, I learned how to identify phishing attempts and understand the psychological tactics attackers use. The interactive training highlighted the importance of pausing, questioning, and verifying before acting. I now appreciate how user education is a vital defense against cyber threats, empowering individuals to protect themselves and their organizations.
Module 3
Module 3 focuses on cryptography, which secures data by hiding its meaning, while steganography conceals its existence. Transposition and substitution are cryptographic processes that use algorithms and keys to transform plaintext into ciphertext. It ensures data security, integrity, authentication, and protection throughout its life cycle. Cryptographic approaches include symmetric cryptography, which uses a single key, and asymmetric cryptography, which employs paired public and private keys. Variations include stream and block ciphers, sponge functions, and hashing, which verifies data integrity. Full-disk encryption and database encryption are examples of software-based encryption applications, while hardware-based methods include secure USBs, self-encrypting drives, and blockchain technology. Resource limits, flaws in configuration, and advanced attacks, such as downgrade attacks and collisions, all pose obstacles to cryptography. Emerging threats from quantum computing, which can break cryptographic techniques, highlight the importance of breakthroughs such as lightweight cryptography. Even as threats evolve, cryptography is vital in protecting digital assets.
This project presented the concept and application of steganography, which is the art of hiding information within other files to disguise its existence. The project used OpenPuff, a steganography tool, to supervise the process of embedding and then extracting a secret message from a carrier file. The steps involved writing a secret message, compressing it into a zip file, picking a carrier file (picture), and adding passwords for further security. The final step entailed reversing the process to extract the concealed message from the carrier file. The assignment demonstrated how sensitive information may be securely hidden and recovered using steganography. The carrier file remained intact even after the message was implanted, demonstrating the subtlety and effectiveness of this technique. The concealed message was successfully extracted, demonstrating the OpenPuff tool’s capability.
Reflection
Taking this course has been a transforming experience, providing both significant insights and lessons for future development. One significant takeaway is the dynamic nature of learning in this sector. As the course went, I noticed that the more I learnt, the more I discovered new topics for further investigation. This has taught me the value of being adaptable—what appears to be a firm understanding now may change as the industry advances. One thing I would improve upon is aligning learning modules with emerging trends and real-world incidents. This course taught me the importance of mixing formal learning with hands-on application. It is not only about knowing topics, but also about actively practicing them to build confidence and ready for future problems.