This repository contains a digitized version of the course content for the CYBR 4580/8950 Certification and Accreditation capstone course at the University of Nebraska at Omaha.
The class materials are best viewed at https://mlhale.github.io/CYBR4580-8950/
In this course, students will extend and apply their knowledge, accumulated from their undergraduate/graduate studies, towards defining, implementing, and assessing secured information systems. Students will demonstrate their ability to specify, apply, and assess different types of countermeasures at different points in a system or enterprise.
I have setup an online discussion board on slack.com for usage in this class. I can create some private channels for you to work in with your project teams (once created), but I want to be able to participate in your conversations - so please use the space on slack.
Go to https://cybr-4580-8950.slack.com and use your unomaha email address to register an account. This will give you access to the course discussion and project collaboration spaces. Use the the general channel, your project channel, or private messages. I expect all project-related communication to live in your slack channel. If you need my attention please use the @mlhale syntax to get my attention.
Please fill out the survey at: https://unomaha.az1.qualtrics.com/jfe/form/SV_1HsFEGLa9sTAnul so that Dr. Hale can best match you with your preferred project types.
| Dates | Week | Activity |
|---|---|---|
| January 7th | 1 | Course introduction. Cybersecurity is everywhere. |
| January 14th | 2 | Thoughts on Software Engineering. Produce and submit bids for review! |
| January 21st | 3 | Discuss bids with Dr. Hale, Bids Due January 25th! |
| January 28th | 4 | Problem assignment, work on proposals in groups |
| February 4th | 5 | Meet with Dr. Hale, work on proposals |
| February 11th | 6 | Milestone 1 due Febuary 15th, short presentations + Q/A, random order. Milestone 2 assigned. |
| February 18th | 7 | Continue milestone 1 presentations (as needed). Meet with Dr. Hale, work on projects. |
| February 25th | 8 | Meet with Dr. Hale, work on projects. |
| March 4th | 9 | Meet with Dr. Hale, work on projects. |
| March 11th | 10 | Meet with Dr. Hale, work on projects. |
| March 18th | 11 | (Spring Break) No class |
| March 25th | 12 | Milestone 2 due March 28th, short presentations + Q/A, random order. Milestone 3 assigned. |
| April 1st | 13 | Work on Milestone 3. |
| April 8th | 14 | Work on Milestone 3. |
| April 15th | 15 | Work on Milestone 3. |
| April 22nd | 16 | Final reports due! Final 25minute presentations + 5 minute Q/A, random order. |
| April 29th | 17 | Final presentations |
All classroom activities will take place in PKI room 263 unless otherwise noted ahead of time.
- Specific needs vary by project.
- You will need a laptop capable of running programming environments and/or needed dev/analysis tools.
The structure of the course accommodates two types of projects on two tracks.
In this project type, students will design, build, and secure a new full-fledged system or create a new, non-trivial, component for an existing system or product. Special attention will be paid towards open source environments. Relevant artifacts generated will include design documentation (use cases, architectures, interaction diagrams, etc), system/component code, unit/acceptance tests, and testing results.
In this project type, students will select an existing product or system and rigorously evaluate it using a combination of system, network, and software testing methods. Relevant artifacts generated will include reversed design docs (i.e. an understanding of how the product works), vulnerability surface analysis documentation, test cases, and analysis results.
Neither breaking nor making are necessarily more difficult than one another. Project difficulty is expected to be relatively uniform and tasking throughout the semester will be roughly equivalent in work hours, even if the nature of the work is quite different by type.
Students in this track will bid on, and be asked to perform research in directed areas under the supervision of an external partner, typically a national lab or federal agency. These will be directed projects with an external Technical Director that the group will report to. The undergrad students in this track will be working in conjunction with graduate students in the graduate capstone class.de, unit/acceptance tests, and testing results.
In this track students will select or be assigned an existing product or system to develop or evaluate. Projects may originate from external local companies or internal UNO organizations.
Students will follow certification and accreditation techniques using best practices and security controls from standards documents (such as the NIST 800-53).
- Capstone Milestone 1 rubric - Tentatively Due Feb. 15th
- Milestone 1 Team Evaluation Form
- Capstone Milestone 2 rubric - Tentatively Due Mar. 28th
- Capstone Final Milestone rubric - Tenteatively Due May 3rd, Final Presentation TBA
For team projects, please use the evaluation form below to assess your teammates. https://unomaha.az1.qualtrics.com/jfe/form/SV_cRTOOEVUU2nol01
Regardless of your Track you will do the following.
- Introduction to the course (optional)
- Project Selection and Bid process
- Team interaction and project management
- Agile methods for development and assessment
- Using collaboration tools
- Keeping track of efforts
- Intro to the class
- Review of software engineering (slides
- Software Architectures
- Software design principles
- Security in the Software development lifecycle
- Test-driven Development Practices
- Unit testing
- Acceptance criteria
- think-test-build-test-repeat
- Blackbox testing
- Review of certification and assessment
- Security controls, countermeasures, etc
- Standards Documents: NIST SP800-53, FIPS200, 800-33, etc
- Assessment tools
- Time to be creative
- See Projects area
- PLC Hacking
- Gary Roth
- Richard Tanner
- Daniel Ritter
- Forensic Tool Deficiency Analysis
- Casey Branan
- Preston Wells
- Brandon Franklin
- Analyzing and Penetration Testing an Amazon Echo Dot
- James Autry
- Matthew Sutton
- Tim Gekas
- Open Source Hypervisor Analysis and Evaluation
- Jesse Hembree
- Afnan Albokhari
- Data Loss Prevention System -- Private
- Leonora Gerlock
- DNS Intrusion Detection System
- Matthew Faltys
- Airlock - a P2P Encrypted Chat and Collaboration tool
- Darian Lepert
- Windows Native Plugin for SFTP interaction -- Private
- Chandler Huston
- Android Process inspector
- Paul Stratman
E-mail: [email protected] (please message me on slack instead of emailing)
- (10%) Participation score (meetings, short tutorial participation, etc)
- (10%) Project Proposal / Description
- (25%) Semester Project Milestone 1
- (25%) Semester Project Milestone 2
- (30%) Semester Project Milestone Final
Each project milestone will have a specific grading rubric that includes the core requirements for the project, any required intermediate milestone goals (such as short progress meetings with the instructor), the project due date, and the list of items that must be submitted. Each project will include a presentation component to be presented in class on the project due date. Projects build upon each other. The final Project is considered to be comprehensive. This means that there is no final exam. Final Project presentations will be presented according to the schedule
- Class Attendance: You do not have to attend class except on presentation days (see below). Given the course is one day a week, attendance is highly recommended. Missing a single class is equivalent to missing 2-3 classes of a normal course. If you miss class, you are responsible for getting the material – including any assigned project work. Not showing up for team work days and instructor meeting days WILL result in diminished participation score.
- Presentation Attendance (Mandatory): If you miss class on a presentation day you will receive a 0 on the presentation portion of the project grade unless you have a university-approved excuse or an approved extension (see below).
Students will work in groups. The instructor in this class will assign the groups. The capstone class is like the real world – you don’t always get to have your way! Each group will have five members, although obviously there may be an odd group or two depending on the class list. Students in Track 1 will have three undergraduates from CYBR 4580 and two graduate students from CYBR 8950. Students in Track 2 will have all five members from CYBR 4580.
Group projects will include an individual participation grade worth 60% of the total group points, e.g. a group may make a 100% on a particular project, but an individual with low participation in the group may make a 60%. Participation will be anonymously rated by other group team members and the instructor.
The instructor reserves the right to make a change to any team or any project during the course of the semester for any reason that may or may not be disclosed. Project rescoping will be performed in this event.
As part of UNO’s strategic initiatives, individuals or groups may be partnered with community organizations in Omaha for service learning through the center for community engagement. If community partners can be identified, student projects (group or individual) in the class may work towards meeting community needs. In the event of community projects, appropriate scoping will be considered to ensure that community needs can be met within the time constraints of the coursework.
Sometimes unforeseen events occur or development takes longer than expected. In such cases, project extensions will be allowed. To receive a project extension, individuals or groups must request an extension at least 24hours in advance of the project due date. Extension time frames are at the discretion of the instructor, but generally will not be longer than 1 week. Failure to request an extension 24 hours prior to the due date means that the work is due at the specified time. Late work without a requested extension will receive a 5% point reduction per day up to a total of 40%. Late work submitted 2 weeks after an original (or extended) due date will not be accepted.
Students with disabilities requiring special accommodations must contact disability services. Disability services may be reached by phone at (402) 554-2872 or by email at [email protected].
Students serving in the military requiring special accommodations (e.g. unit deployment) must contact the office of Military and Veteran Services by phone at (402) 554-2349 or by email at [email protected].
The university policies on cheating and plagiarism apply in this course. Except on designated group work, the expectation is that every student will do their own work. Students under suspicion of plagiarism for individual assignment submitted materials will be given an opportunity to defend themselves. If after defense the instructor still believes the work to be plagiarized the department chair will be notified and the grade evaluation for the assignment will be lowered to a value between 50% and 0% at the discretion of the instructor. If a second occurrence of plagiarism occurs, the student will receive an F for the course and the registrar’s office will be notified that the student is not permitted to withdraw from the course. In addition the department chair and dean will be notified.
The CS and IS programs in the College of IS&T are accredited through ABET (the Accreditation Board for Engineering and Technology. This organization occasionally requires that we keep samples of student work.
The instructor may retain a copy of your exams (with names and any other identifying information removed) for accreditation or pedagogy purposes, unless you specify otherwise in writing.
In addition, the instructor retains the right to use any code or project artifacts developed in the course for pedagogy, research, or service learning purposes. Student web project code developed in the course may be used in future secure project development courses, by the instructor for research purposes, or by designated stakeholders.
CYBR Capstone Copyright (C) 2016-2019 Dr. Matthew L. Hale
CYBER4580/CYBR 8950 and related works by Matt Hale are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent