Course Duration: 12 weeks (3 hours per week of lecture and 2 hours per week of lab work)

Course Objectives:

• To understand the core principles and best practices in cybersecurity.
• To identify and analyze various types of cybersecurity threats and vulnerabilities.
• To gain practical skills in using cybersecurity tools and techniques.
• To develop an understanding of the ethical, legal, and policy aspects of cybersecurity.

Pre-requisites:

• Basic understanding of computer networks and operating systems.
• Basic programming knowledge (Python preferred).

---

Course Outline:

---

Week 1: Introduction to Cybersecurity

• Lecture:
  • Definition and Importance of Cybersecurity
  • Cybersecurity CIA Triad: Confidentiality, Integrity, Availability
  • Key Cybersecurity Concepts: Authentication, Authorization, Accountability
  • Overview of the Cybersecurity Landscape and Major Incidents
• Lab:
  • Setting up a virtual lab environment (e.g., VirtualBox, Kali Linux)
  • Introduction to basic Linux commands
• Assignment:
  • Research and report on a recent cybersecurity incident

---

Week 2: Threats and Vulnerabilities

• Lecture:
  • Types of Cyber Threats: Malware, Phishing, Social Engineering, Ransomware
  • Common Vulnerabilities and Exposure (CVE)
  • Vulnerability Assessment and Management
• Lab:
  • Introduction to the Common Vulnerabilities and Exposures (CVE) database
  • Basic vulnerability scanning using tools like Nmap
• Assignment:
  • Case study on the lifecycle of a vulnerability in a chosen software

---

Week 3-4: Network Security Basics

• Lecture:
  • Basics of Network Security: Firewalls, IDS/IPS, VPNs
  • Types of Attacks: DoS, DDoS, Man-in-the-Middle (MITM), ARP Spoofing
  • Network Security Protocols: SSL/TLS, HTTPS, IPSec
• Lab:
  • Using Wireshark for packet analysis and network monitoring
  • Configuring basic firewall rules on Linux
• Assignment:
  • Network analysis exercise with Wireshark

---

Week 5: Cryptography Essentials

• Lecture:
  • Overview of Cryptography: Symmetric vs Asymmetric Encryption
  • Hash Functions and Digital Signatures
  • Public Key Infrastructure (PKI)
• Lab:
  • Hands-on with hashing (e.g., MD5, SHA-256) and encryption (e.g., AES, RSA)
  • Introduction to OpenSSL for certificate creation
• Assignment:
  • Encrypt and decrypt messages using Python cryptography libraries

---

Week 6-7: Operating System Security

• Lecture:
  • Basics of OS Security: Access Control, Permissions, User Management
  • Linux Security: SELinux, AppArmor, File Permissions
  • Windows Security: User Account Control (UAC), Windows Defender, Group Policy
• Lab:
  • Configuring file and directory permissions in Linux and Windows
  • Introduction to SELinux and AppArmor
• Assignment:
  • Secure a basic Linux/Windows OS setup based on learned best practices

---

Week 8: Web Application Security

• Lecture:
  • Common Web Vulnerabilities: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF)
  • Secure Coding Practices and Input Validation
  • Introduction to OWASP Top 10
• Lab:
  • Web application security testing using OWASP ZAP or Burp Suite
  • Simulating basic attacks like SQL injection and XSS in a test environment
• Assignment:
  • Report on the OWASP Top 10 and mitigation techniques for each vulnerability

---

Week 9: Identity and Access Management (IAM)

• Lecture:
  • Authentication, Authorization, and Accounting (AAA)
  • Multi-Factor Authentication (MFA), Single Sign-On (SSO)
  • Access Control Models: Role-Based Access Control (RBAC), Mandatory Access Control (MAC)
• Lab:
  • Setting up and configuring MFA on different platforms
  • Implementing Role-Based Access Control in a small application
• Assignment:
  • Create a policy document outlining access control for a sample organization

---

Week 10: Incident Response and Forensics

• Lecture:
  • Incident Response Lifecycle: Preparation, Identification, Containment, Eradication, Recovery
  • Basics of Digital Forensics: Evidence Collection, Chain of Custody, Analysis
  • Introduction to Forensic Tools (e.g., Autopsy, FTK Imager)
• Lab:
  • Conducting a simple forensic analysis on a disk image using Autopsy
  • Performing basic incident response activities in a simulated environment
• Assignment:
  • Write an incident response plan for a hypothetical cyber incident

---

Week 11: Security Policies, Risk Management, and Compliance

• Lecture:
  • Risk Assessment and Management: Identifying, Analyzing, and Mitigating Risks
  • Security Policies and Standards (e.g., ISO 27001, NIST)
  • Compliance with GDPR, HIPAA, PCI-DSS, etc.
• Lab:
  • Conducting a basic risk assessment for a sample organization
  • Writing a sample security policy based on ISO/NIST guidelines
• Assignment:
  • Develop a simple risk management plan for an organization

---

Week 12: Ethical Hacking and Course Project

• Lecture:
  • Introduction to Ethical Hacking and Penetration Testing
  • Ethical and Legal Implications of Hacking
  • Course wrap-up and Q&A
• Lab:
  • Basic penetration testing with Metasploit on a test environment
  • Capturing the Flag (CTF) exercise
• Final Project:
  • End-to-end project where students must secure a small IT environment, identify vulnerabilities, and perform basic penetration testing.

---

Course Materials:

• Textbook: “Cybersecurity Essentials” by Charles J. Brooks, Christopher Grow, Philip Craig, Donald Short
• Supplementary Resources:
  • Practical Malware Analysis by Michael Sikorski and Andrew Honig
  • Hacking: The Art of Exploitation by Jon Erickson

Evaluation Criteria:

• Assignments and Labs: 40%
• Mid-term Exam: 20%
• Final Project: 30%
• Participation and Quizzes: 10%

---

This course provides a solid foundation in cybersecurity concepts, skills, and practical techniques. The hands-on labs and project-based assessments will enable students to apply their knowledge in real-world scenarios, preparing them for further specialization in cybersecurity.