· In the second paper you will apply the learning in this class to write recommendations for the organization and how your proposed solutions will reduce business risks and financial damage. You will upload a draft two weeks before the final version is due in the appropriate Blackboard Discussion folder for your Group. You will review peer and instructor comments and incorporate revisions as appropriate for your final version which will be graded. You will upload the final version in the appropriate Blackboard Main Discussion area forum so everyone in the class can learn from your research. Suggested length of paper: 6-8 pages doubled spaced. There is no penalty for longer papers.

· Requirements

o There is a 1,500 words, minimum requirement, per paper, for this assignment, no page limit. Be sure to follow APAv7 style. I’m more interested in how much you learn from conducting the research, select security technologies and craft interoperability. What you will not do is copy from a website, book, or other source and turn them in as your own work; this constitutes plagiarism. Papers found to be plagiarized are subject to loss of full credit and/or actions annotated in the Stevenson Academic Honesty Policy. Liberal use of tools such as Visio or Dia (network diagramming applications) is encouraged.

o  

CDF-281Syllabus Spring 2021 Rev. 1/6/2021 , Page 1

CDF-281: Advanced Network Defense

Spring 2021

INSTRUCTOR INFORMATION

Stuart Denrich
Stevenson telephone number:
Stevenson email: sdenrich@stevenson.edu

Best times for phone contact: any

Office location: by appointment
Office hours: by appointment.

COURSE INFORMATION

CDF-281: Advanced Network Defense

Section number: 21SSEM_CDF_281_OL1.
Credits: 3.
Prerequisite(s): CDF-251- A grade of C or better.
Classroom or Studio Location: On line via Bluejeans link – https://bluejeans.com/561072035
Scheduled Class Days and Time: Tuesdays and Thursdays, 2:00 to 3:15 pm
Course Description:

Investigates network defense with a primary focus on intrusion detection and firewall defense mechanisms. Security
issues in operating design and implementation, articulating the steps necessary for hardening the operating system with
respect to various applications, and the various concepts in network defense will be examined. Students will apply
essential security practices and methods to networks and deploy security tools.

This course does NOT fulfill a SEE requirement.

Instructional Methods Used in this Course: Lecture, and online discussions, quizzes, and case studies

Required and Recommended Texts, Manuals, and Supplies:
Required textbook: Chapple, Mike and Seidl, David (2020). CompTIA Cybersecurity Analyst (CySA+) Study
Guide.
ISBN: 978-1-119-68405-3 ISBN: 978-1-119-68411-4 (ebook.)

Chapple, Mike; Seidl, David. CompTIA CySA+ Study Guide Exam CS0-002 (p. iv). Wiley. Kindle Edition. ISBN:
978-1-119-34991-4 (e-book)

The CDF-271(Intrusion and Penetration Testing) course focuses on attacks aspects. This course focuses on defense
and recovery aspects. Although this course is not specifically taught for the CompTIA Cybersecurity Analyst
certification, the course and this book should help towards your preparation to take this certification exam. You
should also consult other supplemental materials and practice exams to prepare for this exam. Also check
www.cybrary.it and YouTube for many free learning and test preparation modules.

Important Note: Purchase of this required text book provides you with free online access to the Wiley Interactive
Learning Environment at: http://www.wiley.com/go/sybextestprep where you can register your product to gain free
access to the test bank, and flash cards related to the book and certification. Please make sure you have access to
this environment so you can perform the Quiz assignments and post results to Blackboard.

https://bluejeans.com/561072035

http://www.cybrary.it/

http://www.wiley.com/go/sybextestprep

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 2

Recommended Resources

• NIST 800-30r1 Guide for Conducting Risk Assessments –
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1

• NIST 800-53v4 Security and Privacy Controls for Federal Information Systems and Organizations –
free download from NIST: https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final

• NIST 800-53v5 is still in draft mode at the time of this writing and may be released any day.

• NIST 800-61r2 Computer Security Incident Handling Guide – free download from NIST:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2 DShield is a collaborative
firewell log correlation system (https://dshield.org)

• Insecure.org is a website maintained by Gordon Lyon, a network security expert who created nmap
(https://insecure.org/).

• Hakin9 offers free and paid resources, including courses and a magazine (https://hakin9.org/).

• Well Known Ports: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-
known_ports

Useful Videos

YouTube has many useful videos to supplement your learning. The following is a list of some helpful
videos:

1. Firewalls and Perimeter Security: https://youtu.be/g0vOS__iF8k
2. DMZ: https://youtu.be/8TaxrwDPEnw
3. Basic Kali Linux Commands: https://youtu.be/L8ct_W9PTo8
4. Set Up an Ethical Hacking Kali Linux Kit on the Raspberry Pi 3

B+ https://youtu.be/5ExWmpFnAnE
5. Common Network Attacks and Countermeasures https://youtu.be/DLiP7y51OAQ
6. Easy Wi-Fi Cracking Tutorial: https://youtu.be/L8ct_W9PTo8
7. Hacking Android Phones: https://youtu.be/WvIn-lRdlTs
8. Network Penetration Testing for Beginners (15 hours long): https://youtu.be/3Kq1MIfTWCE
9. Incident Response Plan: https://youtu.be/PhROeWMPBqU

COURSE OUTCOMES

Course Objectives/Learning Outcomes:

1. Understanding of Threat and vulnerability management
2. Software and Systems Security
3. Security Operations and Monitoring
4. Skills in Incident Response
5. Apply security concepts, frameworks, compliance in support of risk mitigation.
6. Assess the strengths and weaknesses of different types of network defense tools.

GRADING STANDARDS

Grading Scale:

Letter Grade Percentage Points QPA Points

A 93-100 4.0

A- 90-92 3.7

B+ 87-89 3.3

B 83-86 3.0

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1

https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2

https://dshield.org/

https://insecure.org/

https://hakin9.org/).

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports

https://youtu.be/L8ct_W9PTo8

https://youtu.be/L8ct_W9PTo8

https://youtu.be/WvIn-lRdlTs

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 3

B- 80-82 2.7

C+ 77-79 2.3

C 70-76 2.0

D 60-69 1.0

F 0-59 0.0

Passing standards are dependent on the catalog year in which you entered the University. For further information,
please look under “Academic Standing and Grading Information” in the “Academic Information” section of the
relevant catalog at http://www.stevenson.edu/academics/catalog/ .

Continuance and Progression Policies
You must receive a C or better in this course to continue in the Cybersecurity and Digital Forensics major.

Course Requirements:

Assessment Per-item weight Total Weight

Quizzes (15) 20 300

Case Study Papers (2) 200 400

Discussions (10) 20 200

LABs (20) 20 400

Final exam (1) 200 200

Total 1500

Final exam date, time, and location: The final exam will be administered in accordance with the University Final
Exam Schedule.

COURSE POLICIES

Late Work Policy:

Students are required to complete all scheduled activities within the appropriate course week. Students
failing to do so by the stated deadline will lose all points associated with the uncompleted work. A
grade of zero (0) for the assignment. Discussion forums and quizzes will no longer be available after
their due dates.
Students will not receive credit for assignments submitted late or missed exams without prior approval

of the instructor. Extensions will only be provided in extreme circumstances.

Extra Credit:

There is no extra credit in this course.

Communication Policy:

• I will respond to the course questions and emails within 48 hours per program policy. In many cases it
will be sooner but keep this mind when reviewing work for the module. Waiting until the last minute
may result in you not receiving a response before the assignment is due.

• Graded work will be returned within 5 days of the assessment due date. That means if the assessment is
due on Monday you will have your work returned by Friday evening.

Stevenson University Catalogs

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 4

• Announcements are posted on an as-needed basis. If there is something that the entire class needs to
know I will post an announcement in that regard with an accompanying email. Please check for
announcements each time you login.

• If you have a question about the course, please post it in the discussion board. If you know the answer to
a question, please don’t hesitate to help your classmates by providing your answer. I will review
question area daily, and provide an answer when appropriate. For questions or concerns of more
personal nature, you may send me an e-mail. Once the course is underway, I will check e-mail every
day. When sending an e-mail, please always include the class number (CDF 281) in the subject
header and a cell phone number in case answering your questions would be far too complicated to
explain in an e-mail.

• All students should be signing on to their Stevenson email account and visiting Blackboard for
announcements daily.

• Course emails and discussion posts will be answered within 24-48 hours Monday – Friday. Emails sent
on Saturday or Sunday may not be answered until Monday. It is recommended that you post course
related questions in the Blackboard Q&A area. If you need information related to a test or assignment,
plan ahead and submit your questions well ahead of the due date.

• Feedback on assignments and grades will be posted within 5 days after the assignment is due. For
example, if an assignment is due on Monday night, September 5, you should see a grade by Sunday
morning, September 11.

Submission of Assignments or Projects:

Students who are unable to attend class due to illness or quarantine may request deadline extensions for
assignments. When possible, these requests should be made prior to the assignment due date and must
be made within twenty-four hours of the due date. Faculty will make reasonable modifications to
support these requests.

Students who are unable to attend class in person may request alternate assignment parameters for
assignments that would generally require in-person attendance (example: class presentations,
performances). When possible, these requests should be made prior to the assignment due date and must
be made within twenty-four hours of the due date. Faculty will make reasonable efforts to support these
requests.

Online Course Netiquette:

• For online discussions, please use the same etiquette you would use in any professional discussion.

• Show respect for your classmates even if you need to strongly disagree with them when evaluating
and critiquing their point of view.

• Argue ideas in a civil and respectful manner in order to arrive at the truth and grow intellectually.

• Critique the ideas of your classmates in a respectful and constructive manner, always respecting the
person.

• Be professional.

• Always use standard written English and not text message or chat style abbreviations or emojis.
Respect the privacy of your classmates by not sharing their written postings outside the class

Class Participation:

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 5

• Students are expected to login to the Blackboard course website two to three times a week if they wish
to be successful. Failure to login and participate in activities throughout the week could result in
students doing poorly in the course.

In Classroom and Studio Policies: Please do not use your mobile devices in class. If you have to make or accept
a call, please step out of the classroom to do so.

Submission of Assignments or Projects: Student assignments will be submitted and grades/feedback returned
via the course’s Blackboard classroom.

Attendance

Each student is responsible for his or her own class attendance and regular attendance is expected. Every student
is responsible for the material covered or the skills exercised during scheduled classes. Grades will be based on
demonstrated achievement of the objectives of the course, not on attendance in class as such. Although attendance
alone does not determine grades, students should be aware that grades may depend on class activities,
experiments, discussions, or quizzes for which consistent attendance is necessary. Students who stop attending
and fail to officially withdraw from a class will be given a grade of “FX” which calculates as an “F” in the GPA.

Course-Specific Attendance

Lectures, topic discussions, Final exam and Panel Discussions will be conducted in-class. Missing a class may
negatively affect your grade, to the extent that you miss the lectures, topic discussions, final exam, Panel
Discussions, and in-class guidance.

UNIVERSITY GUIDELINES

Diversity and Inclusion Statement:

Stevenson University commits itself to diversity as it relates to awareness, education, respect, and practice at every
level of the organization. The University embraces people of all backgrounds, defined by, but not limited to,
ethnicity, culture, race, gender, class, religion, nationality, sexual orientation, gender identity or expression, age,
physical ability, learning differences, and political perspectives. The University believes its core values are
strengthened when all of its members have voice and representation. The resulting inclusive organizational climate
promotes the development of broad-minded members of the University who positively influence their local and
global communities.

Standards of Academic Integrity:

Stevenson University expects all members of its community to behave with integrity. Honesty and integrity provide
the clearest path to knowledge, understanding, and truth – the highest goals of an academic institution. For students,
integrity is fundamental to the development of intellect, character, and the personal and professional ethics that will
govern their lives and shape their careers. Stevenson University embraces and operates in a manner consistent with
the definitions and principles of Academic Integrity as set forth by the International Center for Academic Integrity.

Students are expected to model the values of academic integrity (honesty, trust, fairness, respect, responsibility, and
courage) in all aspects of this course.

Students will be asked to assent to and to uphold the University Honor Pledge:

“I pledge on my honor that I have neither given nor received

unauthorized assistance on this assignment/exam.”

Suspected violations of the Academic Integrity Policy will be reported and investigated as outlined in the Policy
Manual, Volume V.

Communication:

Each student has been given a Stevenson University email address. It is expected that

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 6

students will check their SU email account and Blackboard every day to look for important announcements and
information. Students are responsible for information sent to their Stevenson University email address and/or
posted on their courses’ Blackboard sites.

Campus Closure:

Should SU experience an unplanned closure during the semester for any reason, faculty will continue to provide
instruction to students through Blackboard and/or via email. If students foresee a problem with internet access,
they should speak with their instructor at the beginning of the semester. Please keep in mind that SU computers
or computer laboratories may be impacted by whatever conditions led to the closure, which means that students
must let instructors know if they are relying solely on the University’s computers (i.e. if students do not have
computers of their own). If at any time students have a problem with internet access, it is their responsibility to
contact the instructor immediately. It is acceptable to leave a voice mail for the instructor if in person or
internet/email communication is not possible.

COVID-19:

SU is following all state and local guidelines with regard to COVID-19 and prioritizing the health and safety of
our community. Students requiring accommodations related to COVID-19 must contact the Office of Disability
Services by calling (443) 352-5320 or emailing ODS@stevenson.edu. Students who do not have documented
medical conditions but would like to be considered for temporary adjustments should contact the Director of
Student Support, Tess Gills, at tgillis@stevenson.edu or (443) 352-5549. Students exhibiting any symptoms of
the virus should not attend class and should report their symptoms to the SU Wellness Center immediately.
Students should also notify faculty, who will make reasonable arrangements for the completion of missed work.
Additional information about ODS and the SU Wellness Center appears below and on the SU Portal.

Health and Hygiene Protocols:

Unless otherwise accommodated, students are expected to comply with all SU regulations regarding physical distancing,
face coverings, and hygiene. Failure to do so may result in disciplinary action per campus policy. Students are also
encouraged to review the Keep Stevenson Safe communications and Stevenson Social Compact. As a general rule, the
following protocols should be followed:

Physical distancing 

Face covering 

Hygiene/Hand washing 

No large gatherings 

When possible, if students are not able to attend class in person due to possible illness and or quarantine, they should
notify faculty prior to the start of the class session. If it is not possible to contact faculty prior to class, students should
contact faculty within twenty-four hours to ensure that they are able to take advantage of alternate assignments and
extensions without academic penalty. Students should also follow all SU processes for reporting suspected or confirmed
COVID-19 illness as posted on the Ready for fall 2020 page and SU Portal.

For classes where physical distancing may not be possible for the entire class period, temperature checks may be required
before students can enter the classroom, laboratory, or studio. Temperature check policies as posted on the Provost’s
Office Portal will be followed, student privacy will be protected, and health information will not be recorded or shared.
Students not permitted to attend class in person will not be penalized and alternate assignments and/or make-up work will
be provided.

A seating chart will be created for each class for the purpose of facilitating contact tracing. Students are expected to
adhere to this seating chart and to refrain from moving any classroom furniture.

Please visit the University’s Ready for fall 2020 page for additional resources and information. During the semester,
should any updates or changes to these policies occur that may have implications for classroom practices or instruction,
information will be posted to the course Blackboard site and the Provost’s Office Portal.

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 7

ACADEMIC SERVICES AND RESOURCES

Disability Services:

Stevenson University will make reasonable accommodations for qualified students with documented disabilities. The
Office of Disability Services (ODS) facilitates equal access for students who self-identify as having a disability and who
provide appropriate documentation. If you are a student with a disability who needs accommodations in this class,
please contact the Office of Disability Services by calling (443) 352-5320 or emailing ODS@stevenson.edu to set up an
appointment. Once approved, students should send their accommodation memos to professors as soon as possible.
Accommodations are not retroactive. Students can learn more about the Office of Disabilities Services on the ODS page
of the SU Portal.

Academic Link:

The John L. Stasiak Academic Link, Stevenson.edu/alink, provides free remote subject and writing tutoring for many
classes. If you are having difficulty with or would benefit from discussing the material with an upper level peer, seek
assistance early in the semester. Tutoring often makes a difference in a student’s grade. To view the tutoring schedule
and sign up for an appointment, go to stevenson.go-redrock.com. For assistance email alink@stevenson.edu, text (410)

9300.-2309, or call (443) 394-753

SU Library:

The SU Library provides extensive electronic and print resources to support your coursework. Research Guides and
databases can be found on the library home page, as well as brief tutorials to assist you in using these resources. A
professional librarian is always available to help you find the best information sources for your needs. For more
information about library services, please visit: http://stevenson.libguides.com/stevensonlibrary

Online Learning Resources:

Hoonuit, available through Blackboard, is an online learning resource available to all Stevenson students that provides
video tutorials for instruction on a wide variety of topics. Please contact your instructor for problems with course
content, including links and exams/quiz resets in Blackboard. For technical help with Blackboard, click on the Eesysoft
blue question mark in your Blackboard course for help resources or to submit an email help request. Step by step
directions are included on the following link: https://isd4su.com/bbhelp/. For problems with e-mail, login information,
or other technical issues contact Tech Connection by submitting a ticket at https://helpdesk.stevenson.edu

The Wellness Center:

Stress is a normal part of being a student. However, if personal, emotional, or physical concerns are interfering with
your ability to be successful at Stevenson, please call the Wellness Center at 443-352-4200 to make an appointment.
More information about the Wellness Center can be found on the Wellness Center Portal page and Wellness Center
webpage.

STEVENSON EDUCATION EXPERIENCE (SEE) LEARNING GOALS AND OUTCOMES

SU Goal No. 1: Intellectual Development (ID)

The SU graduate will use inquiry and analysis, critical and creative thinking, scientific reasoning, and quantitative
skills to gather and evaluate evidence, to define and solve problems facing his or her communities, the nation, and the
world, and to demonstrate an appreciation for the nature and value of the fine arts.

SU Goal No. 2: Communication (C)

The SU graduate will communicate logically, clearly, and precisely using written, oral, non-verbal, and electronic
means to acquire, organize, present, and/or document ideas and information, reflecting an awareness of situation,
audience, purpose, and diverse points of view.

SU Goal No. 3: Self, Societies, and the Natural World (SSNW)

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 8

The SU graduate will consider self, others, diverse societies and cultures, and the physical and natural worlds, while
engaging with world problems, both contemporary and enduring.

SU Goal No. 4: Experiential Learning (EL)

The SU graduate will connect ideas and experiences from a variety of contexts, synthesizing and transferring learning
to new, complex situations.

SU Goal No. 5: Career Readiness (CR)

The SU graduate will demonstrate personal direction, professional know-how, and discipline expertise in preparation
for entry into the workplace or graduate studies.

SU Goal No. 6: Ethics in Practice (EIP)

The SU graduate will practice integrity in the academic enterprise, professional settings, and personal relationships.

For more information about the SU learning outcomes and goals, please see the Stevenson catalog.

Time Commitment & Class Participation

I cannot emphasize enough the need for time management and personal discipline when it
comes to online courses. A copy of the schedule, readings and other assignments should be in
view during some portion of the student’s daily routine. Posting them on a refrigerator or wall
may be a good idea. Forgetting to submit them on time is not an acceptable excuse.

Students are responsible for communication with their instructor. There should be no delay in
asking questions, expressing concern about the clarity of concepts or requesting feedback on
assignments.

Students are responsible for all material in the reading assignments unless otherwise noted by
the instructor.

The student should be aware that an online class requires roughly the same amount of time a
student would spend in a traditional classroom setting. The very nature of distance instruction
makes consistent participation even more prominent. Be realistic and plan to spend about 4
clock hours per week for every credit hour you take. You are expected to complete all the
learning activities and maintain active presence in the class. To accomplish this you should:
• Log in to BlueJeans for the assigned class times.
• log on course web site regularly throughout the week
• complete and submit assignments on time
• manage time carefully and insert blocks of time into your weekly schedule to work on this
course
• ask for help whenever necessary
• read what your peers have written and post your comments
• communicate with the instructor or peers through e-mail

Syllabus Updates

Note that the syllabus may need to be adapted to class needs. Therefore, occasionally,
changes in the schedule of the course or a specific assignment may occur and are
announced by email and with a course announcement. It is your responsibility to MAKE

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 9

SURE YOU MONITOR YOUR STEVENSON.EDU MAIL ACCOUNT REGULARLY. You will be
responsible for this information.

Case Study Assignment:

Why do a case study? – Your success will primarily come from being able to apply your knowledge and skills
to particular situations and problem solving. A case study will allow you to analyze an actual breach, discuss
what happened, how and why it happened, and then propose solutions and controls based on your learning in
this class.

Logistics of the Case Study

Each student will choose an actual breach for which adequate publicly available information is available. You
will post your choice in the appropriate Blackboard Discussion folder. You may choose any breach from
this website or any other breach incident of your choice (look at the Archive for incidents older than 24
months): https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

However, each student must choose an organization no one else has chosen. Two students cannot choose the
same organization. This is because you will read each other’s work within a group in order to learn from each
other as well as learn to provide constructive critiques of other people’s work.

The case study will be divided into TWO papers.

• In the first paper you will research the organization (introduce the organization, its mission, organizational
structure and mission critical systems), and analyze the breach (what happened, how, and why), and the
financial damage. You will upload a draft two weeks before the final version is due in the appropriate
Blackboard Discussion folder for your Group. You will review peer and instructor comments and incorporate
revisions as appropriate for your final version which will be graded. You will upload the final version in the
appropriate Blackboard Main Discussion area forum so everyone in the class can learn from your research.
Length of paper: 1,500 word minimum (6-8 pages doubled spaced, not including images, charts, etc). There is
no penalty for longer papers.

• In the second paper you will apply the learning in this class to write recommendations for the organization and
how your proposed solutions will reduce business risks and financial damage. You will upload a draft two
weeks before the final version is due in the appropriate Blackboard Discussion folder for your Group. You will
review peer and instructor comments and incorporate revisions as appropriate for your final version which will
be graded. You will upload the final version in the appropriate Blackboard Main Discussion area forum so
everyone in the class can learn from your research. Suggested length of paper: 6-8 pages doubled spaced.
There is no penalty for longer papers.

• Requirements

o There is a 1,500 words, minimum requirement, for this assignment, no page limit. Be sure to follow APAv7
style. I’m more interested in how much you learn from conducting the research, select security technologies
and craft interoperability. What you will not do is copy from a website, book, or other source and turn them in
as your own work; this constitutes plagiarism. Papers found to be plagiarized are subject to loss of full credit
and/or actions annotated in the Stevenson Academic Honesty Policy. Liberal use of tools such as Visio or Dia
(network diagramming applications) is encouraged.

o Deliverables – Professionally written, Two(2), 6-8 page papers

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 10

Peer Review: You will be placed in a peer review group in Blackboard. You will upload your drafts in the
appropriate peer review folder and provide constructive comments to all peer paper drafts in your Group.
These comments should be threads below the paper for which you are providing comments. Comments must
be a minimum of 4 sentences, which share your suggestions for the author to improve the draft paper.

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 11

COURSE SCHEDULE INFORMATION

Course Calendar: Course Calendar is subject to change. The dates below represent start dates for the week. This course meets Tuesdays and Thursdays.

Week Week

Begin

Date

Topic(s) Reading(s) –
should be done

before class

Assignment(s)

Panel Discussions are done in-class. Quizzes, Papers and Peer Review are done

asynchronously outside the class. Final exam is done in class.

1 1/25 Introductions, Cybersecurity Models, Context Video

Chapter 1

Become familiar with class elements; Blackboard, textbook e-book, lab site. Watch video:
https://youtu.be/TPzpHVY8Xwo and come prepared to participate in class discussions.

Quiz

2 2/1 Defending Against Cybersecurity Threats

(February 4 – Last day to drop a class)

Chapter 2 By 2/6/2020 post organization name for your Case Study in the appropriate Blackboard

Discussion Folder. Make sure someone has not chosen organization. First come first served.

Quiz

Discussion 1

Lab

3 2/8 Reconnaissance and Intelligence Gathering Chapter 3 Quiz

Discussion 2

Lab

4 2/15 Vulnerability Management program

Analyzing Vulnerability Scans

Chapter 4 & 5

Quiz

Discussion 3

Lab

5 2/22 Policy and compliance Chapter 16 First Draft of First Paper Due 2/24/2020..

Quiz

Discussion 4

Lab

6 3/1 Cloud Security Chapter 6 Quiz

Discussion 5

Lab

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 12

Week Week
Begin
Date
Topic(s) Reading(s) –
should be done
before class

Assignment(s)
Panel Discussions are done in-class. Quizzes, Papers and Peer Review are done
asynchronously outside the class. Final exam is done in class.

7 3/8 Infrastructure Security and controls Chapter 7 Quiz

Discussion 6

Lab

8 3/15 Identity and Access Management Chapter 8 Final Version of First Paper Due 3/22/2021

Quiz
Lab

9 3/22 Software and Hardware Development security Chapter 9 Quiz

Discussion 7

Lab

10 3/29 Security Operations and monitoring Chapter 10 Quiz

Lab

Discussion 8

11 4/5

Building and Incident Response Program

(April 9 – Last day to withdraw from class with a
“W”)

Chapter 11 Quiz

Discussion 9

Lab

12 4/12 Analyzing Indicators of Compromise Chapter 12 First Draft of Paper Two Due 4/5/2021

Quiz
Lab

13 4/19 Performing Forensic Analysis Chapter 13 Quiz

Discussion 10

Lab

14 4/26 Containment Eradication and recovery Chapter 14 Final Version of Paper Two Due 5/4/2021

Quiz

Discussion 11

Lab

15 5/3 Risk Management

Panel Discussion of All Case Studies

Chapter 15 Quiz

Lab

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 13

Week Week
Begin
Date
Topic(s) Reading(s) –
should be done
before class

Assignment(s)
Panel Discussions are done in-class. Quizzes, Papers and Peer Review are done
asynchronously outside the class. Final exam is done in class.

16 5/10 ***Final Exam Week*** Final

Late Work Policy:
Attendance
• Each student is responsible for his or her own class attendance and regular attendance is expected. Every student is responsible for the material covered or the skills exercised during scheduled classes. Grades will be based on demonstrated achievemen…

Course-Specific Attendance

• Lectures, topic discussions, Final exam and Panel Discussions will be conducted in-class. Missing a class may negatively affect your grade, to the extent that you miss the lectures, topic discussions, final exam, Panel Discussions, and in-class guidance.

Diversity and Inclusion Statement:

• Stevenson University commits itself to diversity as it relates to awareness, education, respect, and practice at every level of the organization. The University embraces people of all backgrounds, defined by, but not limited to, ethnicity, culture, ra…

Standards of Academic Integrity:

• Stevenson University expects all members of its community to behave with integrity. Honesty and integrity provide the clearest path to knowledge, understanding, and truth – the highest goals of an academic institution. For students, integrity is funda…
• Students are expected to model the values of academic integrity (honesty, trust, fairness, respect, responsibility, and courage) in all aspects of this course.

Students will be asked to assent to and to uphold the University Honor Pledge:
“I pledge on my honor that I have neither given nor received
unauthorized assistance on this assignment/exam.”

• Suspected violations of the Academic Integrity Policy will be reported and investigated as outlined in the Policy Manual, Volume V.

Communication:
Each student has been given a Stevenson University email address. It is expected that

• students will check their SU email account and Blackboard every day to look for important announcements and information. Students are responsible for information sent to their Stevenson University email address and/or posted on their courses’ Blackboa…

Campus Closure:

• Should SU experience an unplanned closure during the semester for any reason, faculty will continue to provide instruction to students through Blackboard and/or via email. If students foresee a problem with internet access, they should speak with the…

COVID-19:

• SU is following all state and local guidelines with regard to COVID-19 and prioritizing the health and safety of our community. Students requiring accommodations related to COVID-19 must contact the Office of Disability Services by calling (443) 352-…

Health and Hygiene Protocols:

• Unless otherwise accommodated, students are expected to comply with all SU regulations regarding physical distancing, face coverings, and hygiene. Failure to do so may result in disciplinary action per campus policy. Students are also encouraged to r…

Physical distancing 
Face covering 
Hygiene/Hand washing 
No large gatherings 

• When possible, if students are not able to attend class in person due to possible illness and or quarantine, they should notify faculty prior to the start of the class session. If it is not possible to contact faculty prior to class, students should …
• For classes where physical distancing may not be possible for the entire class period, temperature checks may be required before students can enter the classroom, laboratory, or studio. Temperature check policies as posted on the Provost’s Office Por…
• A seating chart will be created for each class for the purpose of facilitating contact tracing. Students are expected to adhere to this seating chart and to refrain from moving any classroom furniture.
• Please visit the University’s Ready for fall 2020 page for additional resources and information. During the semester, should any updates or changes to these policies occur that may have implications for classroom practices or instruction, information…

ACADEMIC SERVICES AND RESOURCES
Disability Services:

• Stevenson University will make reasonable accommodations for qualified students with documented disabilities. The Office of Disability Services (ODS) facilitates equal access for students who self-identify as having a disability and who provide approp…

Academic Link:

• The John L. Stasiak Academic Link, Stevenson.edu/alink, provides free remote subject and writing tutoring for many classes. If you are having difficulty with or would benefit from discussing the material with an upper level peer, seek assistance early…

SU Library:

• The SU Library provides extensive electronic and print resources to support your coursework. Research Guides and databases can be found on the library home page, as well as brief tutorials to assist you in using these resources. A professional librari…

Online Learning Resources:

• Hoonuit, available through Blackboard, is an online learning resource available to all Stevenson students that provides video tutorials for instruction on a wide variety of topics. Please contact your instructor for problems with course content, incl…

The Wellness Center:

• Stress is a normal part of being a student. However, if personal, emotional, or physical concerns are interfering with your ability to be successful at Stevenson, please call the Wellness Center at 443-352-4200 to make an appointment. More information…

STEVENSON EDUCATION EXPERIENCE (SEE) LEARNING GOALS AND OUTCOMES
SU Goal No. 1: Intellectual Development (ID)

• The SU graduate will use inquiry and analysis, critical and creative thinking, scientific reasoning, and quantitative skills to gather and evaluate evidence, to define and solve problems facing his or her communities, the nation, and the world, and to…

SU Goal No. 2: Communication (C)

• The SU graduate will communicate logically, clearly, and precisely using written, oral, non-verbal, and electronic means to acquire, organize, present, and/or document ideas and information, reflecting an awareness of situation, audience, purpose, and…

SU Goal No. 3: Self, Societies, and the Natural World (SSNW)

• The SU graduate will consider self, others, diverse societies and cultures, and the physical and natural worlds, while engaging with world problems, both contemporary and enduring.

SU Goal No. 4: Experiential Learning (EL)

• The SU graduate will connect ideas and experiences from a variety of contexts, synthesizing and transferring learning to new, complex situations.

SU Goal No. 5: Career Readiness (CR)

• The SU graduate will demonstrate personal direction, professional know-how, and discipline expertise in preparation for entry into the workplace or graduate studies.

SU Goal No. 6: Ethics in Practice (EIP)
The SU graduate will practice integrity in the academic enterprise, professional settings, and personal relationships.
For more information about the SU learning outcomes and goals, please see the Stevenson catalog.
Time Commitment & Class Participation
Syllabus Updates
Case Study Assignment:

• Why do a case study? – Your success will primarily come from being able to apply your knowledge and skills to particular situations and problem solving. A case study will allow you to analyze an actual breach, discuss what happened, how and why it hap…

Logistics of the Case Study

• Each student will choose an actual breach for which adequate publicly available information is available. You will post your choice in the appropriate Blackboard Discussion folder. You may choose any breach from this website or any other breach incide…
• However, each student must choose an organization no one else has chosen. Two students cannot choose the same organization. This is because you will read each other’s work within a group in order to learn from each other as well as learn to provide co…

The case study will be divided into TWO papers.

•  In the first paper you will research the organization (introduce the organization, its mission, organizational structure and mission critical systems), and analyze the breach (what happened, how, and why), and the financial damage. You will upload a…
•  In the second paper you will apply the learning in this class to write recommendations for the organization and how your proposed solutions will reduce business risks and financial damage. You will upload a draft two weeks before the final version i…
•  Requirements
• o There is a 1,500 words, minimum requirement, for this assignment, no page limit. Be sure to follow APAv7 style. I’m more interested in how much you learn from conducting the research, select security technologies and craft interoperability. What you…

o Deliverables – Professionally written, Two(2), 6-8 page papers

• Peer Review: You will be placed in a peer review group in Blackboard. You will upload your drafts in the appropriate peer review folder and provide constructive comments to all peer paper drafts in your Group. These comments should be threads below th…

Fortnite Data Breach

9

Fortnite Data Breach

Dajon Copes

Stevenson University

02/28/21

Epic Games Company is an American company whose headquarter is in Cary, North Carolina. Tim Sweeney founded the company in 1991, and it has grown to have over forty offices globally. The company was formerly known as Potomac Computer systems, which was later changed to Epic MegaGames, Inc. in 1992, and that name was then simplified as Epic Games. The organization is a software and video game developer company, and currently, it is known to be the leading company in providing 3D engine technologies and interactive entertainment. The organization developed Fortnite, which is a video game played online back in 2017. Fortnite video games are availed into three different game modes, which shared the same game engine and game mode: Fortnite Save the World, Fortnite Battle Royale, and Fortnite Creative (Engine, 2008). In this paper, we will first analyze Epic Games’ organizational structure and mission. Then we will succinctly discuss and analyze the data breach their Fornite video game experienced in 2019.

Epic Games “Fortnite” Mission and mission-critical system

Epic Games’ mission, which is the company that developed the Fortnite video game, is the creation of funs games that people would like to play and then to build the tools and art that are needed to bring those particular games into life. One of the critical systems used by Epic Games in developing Fortnite was the Unreal engine, it was the operating system used in Fortnite development, and Tim Sweeney was the person who developed that operating system. When developing Fortnite Unreal, engine 4 was used in deepening the approach of role-playing so that the life of the game would be extended, and the art style could be switched to more of a cartoonish style instead of a dark theme which was used initially (Games, 2017).

Organization Structure

The company uses a functional organizational structure where the company is divided into functional areas such as finance, marketing, and IT. This company’s structure is structured so that all the heads of those departments report to the CEO who is Tim Sweeney. Functional heads of those departments include Joe Babcock (CFO), Kim Libreri (CTO), Tim Johnson (HR director), and Adam Sussman (president). Employees with similar experience and skills usually are grouped in this kind of structure so that workflow can become efficient. The structure’s hierarchy is simple to understand, and the employees only have to answer to one manager, hence making it very easy to ensure that each employee is accountable for the kind of decision it has made in a workplace.

Analysis of the Fortnite data breach

In late 2018 the Epic Games Company had experienced a data breach that had affected Fortnite users’ accounts. Fortnite had become one of the most popular online video games. It amassed over 350 million users across the world. According to Superdata research firm Epic Games had managed to generate $296 million, which was a revenue they got from Fortnite in April 2018. The data breach that had taken place in accounts of Fortnite users left them with their debit cards or linked credit cards being stolen (Moran et al., 2017). The hackers used the information stolen from the Fortnite users’ accounts to make fraudulent in-game purchases; they then sold the accounts. In-game purchases were loaded up in the accounts they sold on the dark web for-profits and accounts for over 200 million Fortnite users had been breached.

Epic Game Company, who were the developers of Fortnite, acknowledged that there was a flaw in the login systems of Fortnite in early 2019. They said that as a result of that flaw, the hackers could impersonate the users of those accounts, therefore giving them the leeway to purchase currency of the in-game using the debit or credit cards found in those accounts. Epic Game Company acknowledged such an occurrence after a cyber-security firm called Check Point had successfully exploited Epic Game’s security vulnerability that was old and unsecured. In November 2018, Epic Games were notified about their vulnerability by Check Point, and Epic Games only acknowledged the flaw after two months.

The hacking took place when the cybercriminals sent phishing emails with fake logins to the many Fortnite users who ended up clicking those links sent, and token technology was later used in hacking their accounts. Check Point researchers concluded that the webpage which was created in 2004 was the one that gave the hackers a small window of opportunity for hacking the accounts of the Fortnite users. The web page was open to attacks such as cross-site scripting, especially when a malicious code was injected into the website. The page that was compromised had a URL of Epic Game, making it even more difficult for the users to suspect that something malicious was going on.

The reason hackers attacked the Fortnite video game because that video had gained a popularity that was immense and skyrocketing every year; with over 350 million players globally, the game became a very target lucrative for cyber-criminals. Hackers were found to score millions of dollars annually by selling Fortnite accounts comprised in different underground forums such as the dark web. After researchers had tallied several low-end and high-end Fortnite accounts in sales auctions for three months, they found that the average sales of Fortnite high-end accounts every week were found to be $25000, which was estimated to be around $1.2 million every year (Cai et al., 2019).

According to Night Lion security researchers, the black market for selling and buying Fortnite accounts that were stolen was found to be very lucrative and expensive. Fortnite accounts value was found to centralize around in-game character “skin,” which was a digital costume; V-Bucks was the Fortnite currency used by the players of Fortnite video game the in-game accessory. The skin was very rare, and it was worth a lot. It was found to be the most valuable, with an average of approximately $2500 for each account. The Fortnite accounts were mostly hacked through password cracking and brute force, and the most known underground password cracker used for hacking was referred to as “DonJuji.” According to reports, Fortnite high-end cracking tools averaged between 15000-25000 checks every minute, and in seconds the rough estimates of account cracking were found to be 500.

The underground marketplace for Fortnite accounts was found to be very organized, and they even had return policies and customer services. Community Checkup, which consists of five “judges,” are the ones tasked with overseeing all the activity taking place in the underground market for Fortnite accounts so that they can keep track of buyers, sellers, and scammers who may decide to break the bylaws of that community (Schöber & Stadtmann, 2020). Generally, the video game industry was very profitable in the underground market, and those were some of the reasons hackers decided to hack into the Fortnite users’ accounts.

Financial damage

As a result of the Fortnite video game’s data breach, a lawsuit action was being formed against Epic Games. Franklin D Azar & Associates (FDAzar), a U.S law firm, was preparing the lawsuit. It had launched a campaign where it requested all the Fortnite users who had been affected by the breach to call them and join them in strengthening the lawsuit against Epic Games. The lawsuit was to seek injunctive relief and monetary damages on behalf of Fortnite users whose accounts had been compromised. During the lawsuit, the claim against Epic Game was that a person was only allowed to be part of the lawsuit if he or she had a Fortnite account. The debit or credit card that was linked to that account had incurred charges without authorization. Over 100 people were part of the lawsuit.

The financial damages that Epic game had due to Fortnite users’ accounts’ hacking were very high since the company also received two class-action lawsuits from different clients who used their services. As a result of the data breach, the players who paid for fraudulent charges that had appeared in their debit and credit cards linked to Fortnite ensured that they canceled the credit and debit cards linked with their Fortnite accounts. This meant that Epic Game ended up losing a lot of income since customers shy away from buying some of the services they offered, such as V-Bucks. The underground market where Fortnite accounts were sold prevented Epic Games from realizing their full revenue since the hackers who cracked the passwords of their players sold the skin at very high prices at the expense of Epic Games.

The data breach that occurred in late 2018 made Fortnite revenue for Epic Game to drop by 25%. This was seen because in 2018, it had a revenue of $2.4 billion, and in 2019 it dropped to $1.8 billion (Moritz et al., 2020). As much as that was still a lot of money, Fortnite was a top-rated video game, and the fact that its revenue dropped by a whopping 25% sent a very bad signal to Epic Game. The most worrying trend during that year (2019) is that the digital spending in video games was reported to have reached its peak during that year, with a total of $109 billion was reported to have been spent in digital games. This meant that the data breach experienced by Fortnite led to a significant loss of revenue, especially in a year in which Fortnite, which was the most popular game worldwide, was expected to scope the high number of profits, as a result of the high rate of spending in digital video games services. The financial damage that the data breach had left to Epic Game was very worrying since the fear of the data breach occurring again was something some of their clients were worried about. If proper security mechanisms were not put in place, the cybercriminals would strike the game company again.

To conclude, Epic Game was a company that was very strategic in terms of its game development since it gave the users some of the experiences they longed for when it came to the gaming industry. The organizational structure of Epic Games is simple and straight-forward since it ensured that employees were categorized according to the levels of their ability, and that made them give out maximum output. The data breach that Epic Games experienced through their video game Fortnite showed that the game industry was very attractive, especially to cyber-criminals. It also showed how weak security mechanisms were put in place by Epic Game to ensure that their clients’ data are 100% safe. The hackers seemed to have identified some of the strategies of cracking passwords of Fortnite players without them even noticing that their passwords were hacked.

This showed how much cyber-security was something that a business should take very seriously, especially when dealing with clients’ data, which also had their credit and debit information. As a recommendation, Fortnite should opt to adapt to the usage of a cloud infrastructure, where they will give a third-party the right to protect their clients’ data. This would help since many cloud providers have invested a lot of money in cyber-security. They are continually coming up with new ways of detecting cyber-attacks even before they occur.

References

Cai, J., Wohn, D. Y., & Freeman, G. (2019, October). Who Purchases and Why? Explaining Motivations for In-game Purchasing in the Online Survival Game Fortnite. In Proceedings of the Annual Symposium on Computer-Human Interaction in Play (pp. 391-396).

Engine, U. (2008). Epic Games Inc.

Games, E. (2017). Inc. Unreal Engine 4. Internet: https://www. unrealengine. com/what-is-unreal-engine-4,[May 10, 2017].

Moran, G., Clausen, M., Libreri, K., Wilson, J., Harris, A., Ellis, P., … & Kladis, B. (2017). Fortnite: from husk till dawn!. In ACM SIGGRAPH 2017 Computer Animation Festival (pp. 10-10).

Moritz, K. H., Schöber, T., & Stadtmann, G. (2020). Product differentiation in video games: A closer look at Fortnite’s success (No. 419). Discussion Paper.

Schöber, T., & Stadtmann, G. (2020). Fortnite: The business model pattern behind the scene. European University Viadrina Frankfurt (Oder) Department of Business Administration and Economics Discussion Paper, (415).

Case Study Assignment:

Why do a case study? – Your success will primarily come from being able to apply your knowledge and skills to particular situations and problem solving. A case study will allow you to analyze an actual breach, discuss what happened, how and why it happened, and then propose solutions and controls based on your learning in this class.

Logistics of the Case Study

Each student will choose an actual breach for which adequate publicly available information is available. You will post your choice in the appropriate Blackboard Discussion folder. You may choose any breach from this website or any other breach incident of your choice (look at the Archive for incidents older than 24 months):

U.S. Department of Health and Human Services Office for Civil Rights- Breach Portal

All Data Breaches in 2019 & 2020 – An Alarming Timeline

However, each student must choose an organization no one else has chosen. Two students cannot choose the same organization. This is because you will read each other’s work within a group in order to learn from each other as well as learn to provide constructive critiques of other people’s work.

The case study will be divided into TWO papers.

·

Paper One (1)

· In the first paper you will research the organization (introduce the organization, its mission, organizational structure and mission critical systems), and analyze the breach (what happened, how, and why), and the financial damage. You will upload a draft two weeks before the final version is due in the appropriate Blackboard Discussion folder for your Group. You will review peer and instructor comments and incorporate revisions as appropriate for your final version which will be graded. You will upload the final version in the appropriate Blackboard Main Discussion area forum so everyone in the class can learn from your research. Length of paper: 1,500 word minimum (6-8 pages doubled spaced, not including images, charts, etc). There is no penalty for longer papers.

· Paper Two (2)

· In the second paper you will apply the learning in this class to write recommendations for the organization and how your proposed solutions will reduce business risks and financial damage. You will upload a draft two weeks before the final version is due in the appropriate Blackboard Discussion folder for your Group. You will review peer and instructor comments and incorporate revisions as appropriate for your final version which will be graded. You will upload the final version in the appropriate Blackboard Main Discussion area forum so everyone in the class can learn from your research. Suggested length of paper: 6-8 pages doubled spaced. There is no penalty for longer papers.

· Requirements

· There is a 1,500 words,
minimum
requirement, per paper, for this assignment, no page limit. Be sure to follow APAv7 style. I’m more interested in how much you learn from conducting the research, select security technologies and craft interoperability. What you will not do is copy from a website, book, or other source and turn them in as your own work; this constitutes plagiarism. Papers found to be plagiarized are subject to loss of full credit and/or actions annotated in the Stevenson Academic Honesty Policy. Liberal use of tools such as Visio or Dia (network diagramming applications) is encouraged.

·

· Deliverables – Professionally written, Two (2), 6-8 page papers

CDF-281: Advanced Network Defense

Stuart Denrich M.S.

Peer Review: You will be placed in a peer review group in Blackboard. You will upload your drafts in the appropriate peer review folder and provide constructive comments to all peer paper drafts in your Group. These comments should be threads below the paper for which you are providing comments. Comments must be a minimum of 4 sentences, which share your suggestions for the author to improve the draft paper.

Syllabus Checklist 2016-17 OAA Rev. 6/7/16, Page 1

CDF-281 Syllabus Spring 2021 Rev. 1/6/2021 , Page 6