Applied Cyber Security
Date: June 23-24, 2014 | Tuition: $1,800 | Continuing Education Units (CEUs): 1.3
*This course has limited enrollment. Apply early to guarantee your spot.
Application Deadline »
In today’s world, organizations must be prepared to defend against threats in cyberspace. Decision makers must be familiar with the fundamental principles and best practices of cyber security to best protect their enterprises. In this course, experts from academia, the military, and industry share their knowledge to give participants the principles, the state of the practice, and strategies for the future.
Sessions will address information security, ethical and legal practices, and mitigating cyber vulnerabilities. Participants will also learn about the process of incident response and analysis. The content is targeted at ensuring the privacy, reliability, and integrity of information systems.
The majority of the course (about 75%) is geared toward participants at the decision-making level who need a broad overview, rather than those who are already deeply immersed in the technical aspects of cyber security (software development, digital forensics, etc.), although both groups will find the course valuable.
Cyber security is a very large subject. This course is only intended to cover the fundamentals of the current leading and pressing cyber security topics. The result is that we can cover many different approaches. We cover the introduction of a topic and after the fundamentals, you can explore further on your own. The goal is for participants to understand the utility of each topic, not to become specialists in any one subject.
Fundamentals: Core concepts, understandings, and tools (30%)
Latest Developments: Recent advances and future trends (20%)
Industry Applications: Linking theory and real-world (50%)
Lecture: Delivery of material in a lecture format (50%)
Discussion or Groupwork: Participatory learning (30%)
Labs: Demonstrations, experiments, simulations (20%)
Introductory: Appropriate for a general audience (30%)
Specialized: Assumes experience in practice area or field (60%)
Advanced: In-depth explorations at the graduate level (10%)
The participants of this course will be able to:
1. Secure both clean and corrupted systems, protecting personal data, securing simple computer networks, and safe Internet usage.
2. Understand key terms and concepts in cyber law, intellectual property and cyber crimes, trademarks and domain theft.
3. Determine computer technologies, digital evidence collection, and evidentiary reporting in forensic acquisition.
4. Incorporate approaches to secure networks, firewalls, intrusion detection systems, and intrusion prevention systems.
5. Examine secure software construction practices.
6. Understand principles of web security.
7. Incorporate approaches for incident analysis and response.
8. Incorporate approaches for risk management and best practices.
Who Should Attend
Seventy-five percent of the course is geared toward providing a basic framework for professionals making cyber security decisions in industry and government and individuals seeking to immerse themselves in the pressing issues of cyber security, giving them the information they need to make the best decisions for the defense of their organizations. About a quarter of the course covers more technical areas of interest to those with more engineering-focused backgrounds, such as software developers or those working in digital forensics. Although those with a computing background would be better prepared for the more technical topics, an engineering or computing background is not required to benefit from any of the sessions.
Please note that the exact nature and order of the topics is subject to change.
Introduction to Information Security Fundamentals and Best Practices
- Protecting Your Computer and its Contents
- Securing Computer Networks - Basics of Networking
- Compromised Computers
- Secure Communications and Information Security Best Practices
- Privacy Guidelines
- Safe Internet Usage
Ethics in Cyber Security & Cyber Law
- Intellectual Property
- Professional Ethics
- Freedom of Speech
- Fair User and Ethical Hacking
- Internet Fraud
- Electronic Evidence
- Forensic Technologies
- Digital Evidence Collection
- Evidentiary Reporting
- Layered Defense
- Surveillance and Reconnaissance
- Outsider Thread Protection
Secure Software & Browser Security
- Software Construction
- Software Design and Architecture
- Software Testing
- The New Universal Client
- The Web Model
- Cookies and Browser Storage
- HTML5 Security
Business Information Continuity
- Managing a Business Information Continuity Plan
- Vulnerabilities and Controls
- The Law and Business Information Continuity Plan
Information Risk Management
- Asset Evaluation and Business Impact Analysis
- Risk Identification
- Risk Quantification
- Risk Response Development and Control
- Security Policy, Compliance, and Business Continuity
Cyber Incident Analysis and Response
- Incident Preparation
- Incident Detection and Analysis
- Containment, Eradication, and Recovery
- Proactive and Post Incident Cyber Services
Please note that although not required, laptops are highly recommended for this course to perform the examples from the in-class exercises on your own machine. All participants will be able to follow the exercises without a computer.
Course schedule and registration times
View 2013 Course Schedule (subject to change)
Class runs 9:00 am - 5:00 pm on both days.
Registration is on Monday morning from 8:00 - 8:30 am.
Laptops are highly encouraged for this course.
chief technologist, vermont hitec
"I was fascinated by the material, and the professors and guest speakers were truly the best."
"I work in startup operations that are concerned about their intellectual property. This course provided an excellent overview of the risks and mitigations to losing these valuable assets."
secretary of crypto management department, national crypto institute
"Everyone involved in cyber security work should follow this course."
About the Lecturers
Dr. Williams is internationally recognized in the field of computational algorithms for large-scale particle simulators and has authored two books and over 100 publications. For the past eight years, his research has focused on architecting of large scale distributed simulation systems. He teaches graduate courses on Modern Software Development, Cyber-Physical Security, and Web System Architecting.
Abel Sanchez, Executive Director, Research Scientist, Laboratory for Manufacturing and Productivity, MIT
Dr. Abel Sanchez holds a Ph.D. from the Massachusetts Institute of Technology (MIT). His areas of expertise include the Internet of Things (IOT), Radio Frequency Identification (RFID), Simulation, Engineering Complex Software Systems, and Cyber-Physical Security. He teaches graduate courses in Information Engineering, cyber security, and Software Architecture. For the past six years, his research has focused on architecting large scale distributed simulation systems.
Cyber Systems Analysis, MIT Lincoln Laboratory
Andrew Martin, MA DPhil MBCS CEng CITP
University Lecturer in Software Engineering, Department of Computer Science, University of Oxford
Director, MSc in Software and Systems Security
Deputy Director, Software Engineering Centre
Dr. Andrew Martin engages in research and teaching in the area of Systems Security at the University of Oxford. He conceived the University's new cyber security Centre and helps direct it, leading the undertaking to be recognized as a Centre of Excellence in cyber security Research. He lectures as part of Oxford University's Software Engineering Programme, where he directs the Master of Science course in Software and Systems Security. He has a background in formal methods, but today devotes most of his time to issues of systems security in a distributed context, having published extensively on Trusted Computing technologies. His recent research explores how these technologies can be applied in grid and cloud computing contexts, as well as in mobile devices, to address the emerging security challenges. Dr. Martin has hosted several related international events in Oxford and speaks on the subject all over the world.
Director of the Cyber Security Centre (CSC), De Montfort University (DMU)
Dr. Tim Watson led the research team that recently delivered a network attack test data set to the UK MoD (Ministry of Defence), in collaboration with industry partners and using the cyber range developed in the CSC at DMU. He is currently working on a government funded project to develop novel techniques for cyberprotection of vehicles. Dr. Watson also acts as an advisor to a number of UK government bodies and as a panel member of the ISO UK national body, is working on ISO/IEC27000 standards for network security and digital forensics. With more than twenty years of experience in the computing industry and in academia, he has been involved with a wide range of computer systems on several high-profile projects and has acted as a consultant for some of the largest telecoms, power and oil companies. Tim is a regular media commentator on computer forensics and security.
Director, SBL (Software Box Ltd)
Visiting Lecturer, Cyber Security Centre, De Montfort University
Mr. Williamsí current areas of focus include the development of an interdisciplinary approach to Information Assurance and cyber protection; the creation and development of new forms of collaboration between government, industry and academia, and the development of new economic and business models for IT, Information Assurance and cyber protection in the context of 21st century computing. In addition, Colin is working on the development of a historiographical narrative for contemporary computing, crafted through the instrumentality of an interdisciplinary approach.
Colin regularly speaks, consults and writes on matters to do with Information Assurance, cyber security, business development and enterprise level software procurement, to public sector audiences and clients at home and abroad. He is a member of the Information Assurance Advisory Council Community of Interest.
Edward D. Wagner LTC, FA
CISSP, ISSMP, CISM, CRISC
Commander, North East Information Operations Command
Mr. Wagner is currently the Cyber Security Operation Center (CSOC) manager for TASC. He oversees the monitoring and incident response for all security events on the corporate network. Previously, he was a Project and Department Manager for Northrop Grumman. He was responsible for the Incident Response, Forensic and Malware Analysis support provided to Army Cyber Command and 1st IO Command. Mr. Wagner serves in the U.S. Army Reserves. He holds the rank of Lieutenant Colonel and is currently a Division G6 (Chief Information Officer). He commanded the North East Information Operations Center (NEIOC), a Battalion Command, at Ft Devens, MA. He is a guest lecturer at MIT and serves as an Advisory Board Member to the Geospatial Data Center. He is published in the book, "Cyber Infrastructure Protection", Strategic Studies Institute. He holds a BA in economics from VMI and a MA in economics from Virginia Tech.
Professor, Department of Computer Science, University of Memphis
Director, Center for Information Assurance
Director, Intelligent Security Systems Research Laboratory
Dr. Dasgupta has published more than 195 research papers in book chapters, journals, and international conferences. His work on "Password Immunizer" (based on Negative Authentication System) is under submission for patent. This research focuses on the user authentication that creates the Anti-P protection shield to filter out invalid access requests. This research can provide a robust solution in immunizing authentication systems (local, remote or online) by putting an additional layer of protection (invisible) to the user. Dr. Dasgupta is a senior member of IEEE/IEEE Computer Society and also a member of ACM and other societies.
This course takes place on the MIT campus in Cambridge, Massachusetts. We can also offer this course for groups of employees at your location. Please contact the Short Programs office for further details.
Links & Resources