Project

ODU EMSE Researchers Awarded NSA Grant for Cyber Security Curriculum Development

ODU Engineering Management and Systems Engineering researchers were awarded The National Security Agency CyberSecurity Core Curricula Development Grant to develop a course on CyberSecurity Risk Management to support the President’s Cybersecurity National Action Plan (CNAP). The course will be publicly available for educational institutions who wish to educate and prepare CyberSecurity graduates to fill Federal Government CyberSecurity positions.

Project Team

  • Dr. C. Ariel Pinto, Project Lead
  • Dr. Adrian V. Gheorghe, Project Co-Lead
  • Unal Tatar, Course Developer
  • Abdulrahman Alfaqiri, Course Developer
  • Omer F. Keskin, Course Developer
  • Omer I. Poyraz, Course Developer
  • Mark Guilford, Partnering Practitioner, ODU BCoET
  • Glenda Warner, Instructional Designer, ODU Center for Learning and Teaching

Send us an email at ERI@odu.edu

Project Status

Course Content

Below are the first 3 modules with the draft set of slides:

If you need more details, please send a note to ERI@odu.edu

Module 1 – Fundamentals of Cybersecurity Slides

  • Evolution of cybersecurity
  • Principles of cybersecurity
  • CIA – Confidentiality, Integrity, Availability
  • Vulnerabilities
    • People-Process-Technology based vulnerabilities
    • Zero-Day Vulnerability
  • Threats
    • Actors
    • Tools (Types of cyber-attacks (viruses, worms, Trojan, RAT, etc.) phishing, social engineering, ransomware)
  • Countermeasures
    • Cryptography, hashing, authentication, authorization, accountability

Module 2 – Fundamentals of Risk Management Slides

  • Definition
  • Quantitate vs Qualitative
  • Basics of risk and decision theory
    • Elements of probability theory
    • Value function
    • GRADUATE Utility function
    • GRADUATE Extreme event analysis
  • Risk Management Process

Module 3 – Risk Management Tools and Techniques Slides

  • RM Tools and Techniques
    • Preliminary Hazard Analysis (PHA)
    • Hazard and Operability Analysis (HAZOP)
    • Failure Mode and Effects Analysis (FMEA)
    • Fault Tree Analysis (FTA)
    • Cause and Consequences Analysis (CCA)
    • The principle of As Low As Reasonably Practicable (ALARP)
  • Integrating risk management concepts into cybersecurity risk assessments

Multidisciplinary Risk Management in CyberSecurity: Course Development

The aim of the project is to develop a modular course in Multidisciplinary Risk Management in CyberSecurity, and to provide syllabus, teaching materials such as presentations with instructor notes, student materials such as required readings and Web-based resources, case studies, and a website for dissemination of produced course materials.

The course will create a common understanding of CyberSecurity Risk Management for a diverse set of experts coming from various disciplines such as technical, social, economics, law, politics etc. to bridge the gap between strategic, operational and tactical level decision makers.

The project employs several innovative methods.

  • Multidisciplinary approach.
  • Input from a diverse set of cyber training professionals, students, and practitioners
  • Modular design appropriate for both undergraduate and graduate level programs
  • Gathering feedback after the development of each module

The course will be composed of three core modules:

Module 1 – Fundamentals of risk management, discusses specialized topics in risk analysis including common risk assessment tools & techniques (e.g. Preliminary Hazard Analysis (PHA), Hazard and Operability Analysis (HAZOP), Failure Mode and Effects Analysis (FMEA), Fault Tree Analysis (FTA), Cause and Consequences Analysis (CCA), The principle of As Low As Reasonably Practicable (ALARP)), basics of risk and decision theory, elements of probability theory, value function, utility function, enterprise risk, capability and operability risk, and extreme event analysis.

Module 2 – Applied standards and cyber risk management, discusses major cyber risk management standards (e.g. NIST SP 800-37 Rev. 1 – Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, NIST SP 800-39 – Managing Information Security Risk: Organization, Mission, and Information System View, ISO/IEC 27001 – Information Security Management System etc.).

Module 3 – Field skills on cyber risk management, prepares students to real work settings. Applications of cybersecurity risk management on emerging topics such as Internet of things, cloud systems, cyber insurance will be discussed along with traditional applications areas.


Project Phases

Requirements Analysis

Syllabi analysis:

  • Syllabi of similar courses at other universities are analyzed. Their methods and teaching materials are analyzed and compared. We identified which topics, standards, risk management tools, and techniques they use.

Job Postings Analysis:

  • Federal information and cyber security risk management job postings are retrieved from usajobs.gov.
  • Outputs of this analysis are the requirements of a cyber security risk management graduate to be able to get a job and fill the need of the federal positions.

HRCyber Survey Results:

  • We reviewed HRCyber cybersecurity workforce development survey results to identify what employers expect in terms of cyber security risk management from their employees.

Focus Group Meeting:

  • A Focus Group Meeting was held on Tuesday, May 9th, 2017, with a diverse set of cyber training professionals, and practitioners. The meeting was part of the requirements analysis phase of the project to verify the syllabi and job announcements analyses.
  • More information

Module Development

Course Design Plan – View:

  • Course Goals and Objectives
  • Course Syllabus – View
  • Module Objectives

 


Please give feedback by entering a comment below. Name, email, and website are not required

One Comment

Leave a Reply

Your email address will not be published.