Cybersecurity Courses

This comprehensive course examines core and evolving concepts in the business fundamentals of successful technology-based companies including Business Plan Development & Strategies, Marketing, Product & Process Development processes, Intellectual Property, Accounting, Finance, and Operations. Students will learn the fundamentals essential to understanding all aspects of a business and will be able to converse in some depth in each of the areas studied upon completion. Other topics will include Supply Chain Management, Stage-Gate Development Cycles, Balances Scorecards, Blue Ocean Strategy, and Disruptive Technologies.

This course provides an overview of the domains, concepts, and elements and reviews current and emerging trends in Cybersecurity. Students will learn the National Institute of Standards and Technology (NIST) Cybersecurity Framework considering IT systems components, operating systems concepts, basic data analysis, and networking concepts including networking technologies and protocols. Real-world examples will be used to cover significant types of security incidents and their impact and remediation. Fundamental security design principles, information assurance fundamentals, and the significance of cryptography. Readings in different media will be used to demonstrate how quickly the threat and vulnerability landscape is changing across different industries.

In their first fall term, Cybersecurity students are required to complete one semester of the professional development Seminar and Workshops course, Cybersec 501. This course engages industry leaders in a speaker series on applied financial technology and entrepreneurship. 

Course requirements include completion of three (3) professional development workshops, including the sessions Achieving Objectives in Organizations and Time Management.  Students may choose the third workshop from the offerings provided by Pratt's professional development program for master's students. 0 units.

Rapid progress in global digital transformation and connectivity requires us to think and act differently in the cyber domain. National security, economic security, and business interests are impacted by vulnerable information systems. Domestic and international cyber-crime is on the rise. Hostile governments infiltrate public and private sector systems with relative impunity causing billions of dollars in financial damage and undermining public trust and confidence. Our notion of privacy is also changing. Students will explore cybersecurity through a non-technical lens by studying  U.S. government responsibilities, law, and public policy as they relate to selected topics including finance, health care, and trade. Students will also gain an understanding of privacy, cybersecurity standards manifested in public policy, and how cybercrime is prosecuted.

Understanding and measuring the risk involved with real and potential cybersecurity threats and vulnerabilities are fundamental for an organization or enterprise to invest in and to protect its information and operational infrastructure, its constituents, its relationships, and its reputation. Students will learn and apply various modeling techniques to identify and quantify risk and how they are used to determine the value and criteria for managing that risk. Risk management concepts and standards will be explored including its essential elements, effective governance, understanding the appetite for risk, and the need for developing appropriate policies and procedures to mitigate risk. These concepts and standards will be addressed across different industries and environments.

Current and emerging technologies and processes to monitor, detect and respond to security incidents in systems, networks, and clouds will be covered including automation and analytics. Best practices for developing effective incident response plans, including regulatory and legal considerations, will be studied. Also studied is how to build resilience into development, manufacturing, or other business processes in the case of an incident.

The use of machine learning and AI is becoming more prevalent for collecting and analyzing data as its consolidation increases in value. Cyberattacks seek to steal, deny access, misrepresent (such as deepfakes), or compromise the privacy of information. Students will explore the power of machine learning and AI’s use in enhancing Cybersecurity tools across the NIST Framework and also in detecting and exploiting vulnerabilities in timeframes and ways heretofore unthinkable.

Since the early 2000s, researchers and a variety of adversaries, ranging from cyber criminals to nation-states, have turned their attention to discovering and exploiting vulnerabilities in industrial control systems (ICS), which control infrastructures ranging from electricity grids to manufacturing facilities. Every 60 seconds a business will have a cybersecurity breach. Some of the breaches are just hackers testing their skills, other breaches focus on extracting sensitive information or planting viruses to cause financial and business disruptions to companies and critical infrastructure. In today’s industrial environments, it is not a question of “if” a company will be breached, it is the question of “when”. Enacting a business continuity plan during a cyber event will help companies contain and understand the impacts of the breach or effects on operations. When companies know how to respond internally to maintain operations and have defined and clear roles of stakeholders, the whole event can be contained and limit the losses incurred. The key to having an effective plan and implementation is training and practice. Building an effective business continuity plan means testing the response and identifying best practices.

With the rapid adoption of the emerging technologies being delivered by major Cloud Providers and Software as a Service (SaaS) providers, security capabilities must keep pace by creating methods to provide assurance of the confidentiality, integrity, and availability of critical business processes leveraging cloud workloads. This course will provide students with practical and operational knowledge of industry-accepted cloud security practices and strategies for managing the evolving cloud risk landscape.

An Introduction to designing and implementing a secure architecture design in an organization by using zero trust networks, cloud networks and hybrid networks.  Data protection and security design principles, models, industry leading standards, and modern core network  technologies will be covered.  Guidelines and frameworks on how an organization can protect their data from external and internal threats.

Students will examine the life cycle of a cybersecurity program from development, administration, evaluation, and improvement processes. Operational and strategic roles including the chief information security officer (CISO) in a representative security team will be studied and current and evolving areas where the team is placed in the enterprise. Best practices and models for how a security team’s performance can be measured will be learned with some real-world examples.

This course will explore the everyday tasks and procedures that the IT security team employs to manage user and admin identities for authentication and access management. Students will learn the latest technologies and practices for multi-factor authentication, single sign-on, and real-time privileges administration and what are the best practices for different use cases.

Most cybersecurity attacks and breaches are due to social engineering techniques like phishing to obtain user identities and access privileges to circumvent an enterprise’s defense mechanisms and to access sensitive data and control systems. The student will study these techniques and current and emerging practices to prevent or minimize unintentional user errors or deliberate illegal insider threats. How to create an effective security awareness program and integrate it all relevant business processes will be one of the key topics covered.

Course examines issues of cybersecurity and privacy. Focuses on roles that different government organizations play in protecting cybersecurity. Course also examines the issues raised by the government's acquisition and storage of information in the interests of national security. Examines the intersection between commercial privacy and cybersecurity, business planning and government surveillance in the global economy, focusing on the US and the EU, with particular attention to the tensions that have arisen in the aftermath of the Snowden revelations of NSA surveillance activity, various large scale cybersecurity breaches and questions as to the trustworthiness of technology.

 This course will introduce the benefits that offensive cybersecurity operations (ethical hacking) can provide in protecting an organization from malicious attackers.  The student will be familiarized with methodologies for conducting ethical hacking of an external, internal and cloud environment.  The course will cover the Tactics, Techniques, Procedures (TTPs) that adversaries use when attacking an organization (Red Team) and provide processes that defenders can use to protect the organization (Blue Team). Hands-on ethical hacking exercises to develop the skills taught will be through the use of virtual cyber ranges. 

Introduction to Cybersecurity Threat Intelligence (CTI) and analysis functions in an organization. The course will familiarize the student with the role of intelligence, CTI and how disparate information/data is analyzed to identify threat adversary intentions and activity that may cause risk to the business. Students will learn the skills necessary to write cyber threat reports from their analysis of Tactics, Techniques and Procedures (TTP’s) and Indicators of Compromise (IOC’s) utilized by threat actors.