CS 151-05 Addressing Cyber Threats, Vulnerabilities

Computer and information security can be understood as a discipline dealing with risk to computer and information systems and the data they process. This class will cover the analysis, assessment, understanding and management of risk and its components (threat, threat actor, vulnerability, impact, likelihood) from a technical perspective as well as a managerial one: • Understanding the concepts of threat, threat actor, vulnerability, likelihood and impact in the context of risk. • Key technical and non-technical threats, vulnerabilities and risks:

• Hardware vulnerabilities (e.g. Spectre & Meltdown) and mitigations • Software vulnerabilities (OWASP Top 10) and mitigations • Network and Architecture vulnerabilities and mitigations • Threats, vulnerabilities, and risks related to physical factors, human factors, and human-computer interaction • The real world: where resources are limited and all the above factors interact

• Risk in an organizational context • Quantitative and qualitative methodologies (e.g. FAIR, threat modeling) to collect data on, and understand, risk and its components. • How to decide what (and how) to fix or address vulnerabilities, threats, and risks • How to manage threats, vulnerabilities, and risks. How to deal with risks, e.g. how to mitigate technical issues.