Cybersecurity Minor
- RIT /
- Rochester Institute of Technology /
- Academics /
- Cybersecurity Minor
Overview for Cybersecurity Minor
With the prevalence of mobile computing, the advantages of cloud computing, the ubiquity of computing in general, and the issues of securing big data caused by the world-wide explosion of eBusiness and eCommerce today, secure computing environments and appropriate information management have become critical issues to all sizes and types of organizations. Therefore, there is a vital and growing need for all computing professionals to have a foundation in the issues critical to information security and how they apply to their specific disciplines. The minor consists of two required courses and three electives chosen by the student from the computing security advanced course clusters. There are many elective course choices to provide flexibility. Therefore, the minor provides any computing major outside of the computing security degree program with basic knowledge of the issues and technologies associated with computing security and allows students the opportunity to select a set of security electives that are complementary to their majors. Before beginning the minor in students must possess prerequisite knowledge that can be obtained from various programming sequences and courses in calculus and discrete math.
Notes about this minor:
- This minor is closed to students majoring in cybersecurity or any combined accelerated degree (BS/MS) that includes the BS in cybersecurity.
- Posting of the minor on the student's academic transcript requires a minimum GPA of 2.0 in the minor.
- Notations may appear in the curriculum chart below outlining pre-requisites, co-requisites, and other curriculum requirements (see footnotes).
- At least nine semester credit hours of the minor must consist of specific courses not required by the student’s degree program.
The plan code for Cybersecurity Minor is COMPSEC-MN.
Curriculum for 2024-2025 for Cybersecurity Minor
Current Students: See Curriculum Requirements
Course | |
---|---|
Prerequisites | |
Students must complete one of the following two-course programming sequences: | |
CPET-121 | Computational Problem Solving I This is the first course in a two-course sequence in computational problem solving of engineering and scientific problems. The problems solved will stress the application of sequence, selection, repetitive, invocation operations, and arrays. The development of proper testing procedures to ensure computational accuracy will be stressed. Students, upon successful completion of this course, will be able to analyze introductory engineering and scientific problems, design, code, test, and document procedural software solutions. Lec/Lab 4 (Fall, Spring). |
CPET-321 | Computational Problem Solving II This is the second course in a two-course sequence in computational problem solving of engineering and scientific problems. This course will focus on object-oriented coding solutions and will cover the following topics: objects & classes, inheritance, pointers & dynamic memory allocation, data structures, and advanced controls and constructs. (Prerequisites: CPET-121 or equivalent course.) Lab 2, Lecture 2 (Fall). |
or | |
CSCI-141 | Computer Science I This course serves as an introduction to computational thinking using a problem-centered approach. Specific topics covered include: expression of algorithms in pseudo code and a programming language; functional and imperative programming techniques; control structures; problem solving using recursion; basic searching and sorting; elementary data structures such as lists, trees, and graphs; and correctness, testing and debugging. Assignments (both in class and for homework) requiring a pseudo code solution and an implementation are an integral part of the course. An end-of-term project is also required. Lec/Lab 6 (Fall, Spring). |
CSCI-142 | Computer Science II This course delves further into problem solving by continuing the discussion of data structure use and design, but now from an object-oriented perspective. Key topics include more information on tree and graph structures, nested data structures, objects, classes, inheritance, interfaces, object-oriented collection class libraries for abstract data types (e.g. stacks, queues, maps, and trees), and static vs. dynamic data types. Concepts of object-oriented design are a large part of the course. Software qualities related to object orientation, namely cohesion, minimal coupling, modifiability, and extensibility, are all introduced in this course, as well as a few elementary object-oriented design patterns. Input and output streams, graphical user interfaces, and exception handling are covered. Students will also be introduced to a modern integrated software development environment (IDE). Programming projects will be required. (Prerequisites: CSCI-141 with a grade of C- or better or equivalent course.) Lec/Lab 6 (Fall, Spring, Summer). |
or | |
CSEC-123 | Software Development and Problem Solving I A first course introducing students to the fundamentals of computational problem solving. Students will learn a systematic approach to problem solving, including how to frame a problem in computational terms, how to decompose larger problems into smaller components, how to implement innovative software solutions using a contemporary programming language, how to critically debug their solutions, and how to assess the adequacy of the software solution. Additional topics include an introduction to object-oriented programming and data structures such as arrays and stacks. Students will complete both in-class and out-of-class assignments. Lab 6 (Fall, Spring). |
CSEC-124 | Software Development and Problem Solving II A second course that delves further into computational problem solving, now with a focus on an object-oriented perspective. There is a continued emphasis on basic software design, testing & verification, and incremental development. Key topics include theoretical abstractions such as classes, objects, encapsulation, inheritance, interfaces, polymorphism, software design comprising multiple classes with UML, data structures (e.g. lists, trees, sets, maps, and graphs), exception/error handling, I/O including files and networking, concurrency, and graphical user interfaces. Additional topics include basic software design principles (coupling, cohesion, information expert, open-closed principle, etc.), test driven development, design patterns, data integrity, and data security. (Prerequisite: C- or better in SWEN-123 or CSEC-123 or GCIS-123 or equivalent course.) Lab 6 (Fall, Spring, Summer). |
or | |
GCIS-123 | Software Development and Problem Solving I A first course introducing students to the fundamentals of computational problem solving. Students will learn a systematic approach to problem solving, including how to frame a problem in computational terms, how to decompose larger problems into smaller components, how to implement innovative software solutions using a contemporary programming language, how to critically debug their solutions, and how to assess the adequacy of the software solution. Additional topics include an introduction to object-oriented programming and data structures such as arrays and stacks. Students will complete both in-class and out-of-class assignments. Lab 6 (Fall, Spring). |
GSCI-124 | Software Development and Problem Solving II |
or | |
IGME-105 | Game Development and Algorithmic Problem Solving I This course introduces students within the domain of game design and development to the fundamentals of computing through problem solving, abstraction, and algorithmic design. Students will learn the basic elements of game software development, including problem decomposition, the design and implementation of game applications, and the testing/debugging of their designs. (This course is restricted to GAMEDES-BS Major students.) Lec/Lab 6 (Fall, Spring). |
IGME-106 | Game Development and Algorithmic Problem Solving II This course furthers the exploration of problem solving, abstraction, and algorithmic design. Students apply the object-oriented paradigm of software development, with emphasis upon fundamental concepts of encapsulation, inheritance, and polymorphism. In addition, object structures and class relationships comprise a key portion of the analytical process including the exploration of problem structure and refactoring. Intermediate concepts in software design including GUIs, threads, events, networking, and advanced APIs are also explored. Students are also introduced to data structures, algorithms, exception handling and design patterns that are relevant to the construction of game systems. (Prerequisites: C- or better in IGME-105 or equivalent course and student standing in the GAMEDES-BS program.) Lec/Lab 6 (Fall, Spring). |
or | |
ISTE-120 | Computational Problem Solving in the Information Domain I A first course in using the object-oriented approach to solve problems in the information domain. Students will learn to design software solutions using the object-oriented approach, to visually model systems using UML, to implement software solutions using a contemporary programming language, and to test these software solutions. Additional topics include thinking in object-oriented terms, and problem definition. Programming projects will be required. Lec/Lab 6 (Fall, Spring). |
ISTE-121 | Computational Problem Solving in the Information Domain II A second course in using the object-oriented approach to solving problems in the information domain. Students will learn: basic design principles and guidelines for developing graphical user interfaces, and use of the Event Model to implement graphical interfaces; algorithms for processing data structures; multithreading concepts and use of the Multithreading Model to design and implement advanced processing methods. Additional topics include the relational model of information organization, and the Client-Server model. Individual implementation projects are required. A team implementation exercise is used to provide students an opportunity to apply basic software development and project management practices in the context of a medium-scale project. (Prerequisites: ISTE-120 or NACA-161 or equivalent course.) Lec/Lab 6 (Fall, Spring). |
or | |
ISTE-123 | Software Development and Problem Solving I |
ISTE-124 | Software Development and Problem Solving II |
or | |
SWEN-123 | Software Development and Problem Solving I A first course introducing students to the fundamentals of computational problem solving. Students will learn a systematic approach to problem solving, including how to frame a problem in computational terms, how to decompose larger problems into smaller components, how to implement innovative software solutions using a contemporary programming language, how to critically debug their solutions, and how to assess the adequacy of the software solution. Additional topics include an introduction to object-oriented programming and data structures such as arrays and stacks. Students will complete both in-class and out-of-class assignments. Lab 6 (Fall, Spring). |
SWEN-124 | Software Development and Problem Solving II A second course that delves further into computational problem solving, now with a focus on an object-oriented perspective. There is a continued emphasis on basic software design, testing & verification, and incremental development. Key topics include theoretical abstractions such as classes, objects, encapsulation, inheritance, interfaces, polymorphism, software design comprising multiple classes with UML, data structures (e.g. lists, trees, sets, maps, and graphs), exception/error handling, I/O including files and networking, concurrency, and graphical user interfaces. Additional topics include basic software design principles (coupling, cohesion, information expert, open-closed principle, etc.), test driven development, design patterns, data integrity, and data security. (Prerequisite: C- or better in SWEN-123 or CSEC-123 or GCIS-123 or equivalent course.) Lab 6 (Fall, Spring, Summer). |
Student must complete one of the following courses in discrete mathematics:‡ | |
MATH-131 | Discrete Mathematics This course is an introduction to the topics of discrete mathematics, including number systems, sets and logic, relations, combinatorial methods, graph theory, regular sets, vectors, and matrices. (Prerequisites: MATH-101, MATH-111, NMTH-260, NMTH-272 or NMTH-275 or a Math Placement Exam score of at least 35.) Lecture 4 (Fall, Spring). |
MATH-190 | Discrete Mathematics for Computing This course introduces students to ideas and techniques from discrete mathematics that are widely used in Computer Science. Students will learn about the fundamentals of propositional and predicate calculus, set theory, relations, recursive structures and counting. This course will help increase students’ mathematical sophistication and their ability to handle abstract problems. (Co-requisites: MATH-182 or MATH-182A or MATH-172 or equivalent courses.) Lecture 3, Recitation 1 (Fall, Spring). |
MATH-200 | Discrete Mathematics and Introduction to Proofs This course prepares students for professions that use mathematics in daily practice, and for mathematics courses beyond the introductory level where it is essential to communicate effectively in the language of mathematics. It covers various methods of mathematical proof, starting with basic techniques in propositional and predicate calculus and set theory, and then moving to applications in advanced mathematics. (Prerequisite: MATH-182 or equivalent course.) Lecture 3, Recitation 4 (Fall, Spring). |
Required Courses | |
Choose one of the following: | |
CSEC-102 | Information Assurance and Security Computer-based information processing is a foundation of contemporary society. As such, the protection of digital information, and the protection of systems that process this information has become a strategic priority for both the public and private sectors. This course provides an overview of information assurance and security concepts, practices, and trends. Topics include computing and networking infrastructures, risk, threats and vulnerabilities, legal and industry requirements for protecting information, access control models, encryption, critical national infrastructure, industrial espionage, enterprise backup, recovery, and business continuity, personal system security, and current trends and futures. Lecture 3 (Fall, Spring). |
CSEC-140 | Introduction to Cybersecurity This course will introduce many fundamental cybersecurity concepts. The course will teach students to think about information systems using an adversarial mindset, evaluate risk to information systems, and introduce controls that can be implemented to reduce risk. Topics will include authentication systems, data security and encryption, risk management and security regulatory frameworks, networking and system security, application security, organizational and human security considerations, and societal implications of cybersecurity issues. These topics will be discussed at an introductory level with a focus on applied learning through hands-on virtual lab exercises. Lecture 3 (Fall, Spring). |
Electives | |
Choose four of the following: | |
CSCI-462 | Introduction to Cryptography* This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication. Students cannot take and receive credit for this course if they have credit for CSCI-662. (Prerequisites: (CSCI-243 or SWEN-262 or CSEC-202) and (MATH-190 or MATH-200) or equivalent courses.) Lecture 3 (Fall, Spring, Summer). |
CSEC-201 | Programming for Information Security This course builds upon basic programming skills to give students the programming knowledge necessary to study computing security. Students will be introduced to network programming, memory management, and operating system calls along with associated security concepts. Specific focus will placed on understanding the compilation process and on the relation between high-level programming concepts and low-level programming concepts, culminating in identifying and exploiting memory corruption vulnerabilities. (Prerequisites: (CSEC-101 or CSEC-140) and (CSCI-142 or GCIS-124 or GCIS-127 or CSCI-242) or equivalent courses.) Lecture 3 (Fall, Spring). |
CSEC-362 | Cryptography and Authentication* As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course introduces encryption techniques and their application to contemporary authentication methods. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and (MATH-131 or MATH-190) or equivalent courses.) Lecture 3 (Fall, Spring). |
CSEC-380 | Principles of Web Application Security This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and NSSA-245 or equivalent courses.) Lecture 3 (Spring). |
CSEC-461 | Computer System Security This course will discuss the areas of liability, exposure, opportunity, ability and function of various weaknesses in computer security. The course will cover forms of attack and the methods to detect and defend against them. The issues and facilities available to both the intruder and administrator will be examined and evaluated with appropriate out-of-class laboratory exercises to illustrate their effect. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and NSSA-221 and NSSA-245 or equivalent courses.) Lab 2, Lecture 2 (Spring). |
CSEC-462 | Network Security and Forensics This course investigates the many facets of network security and forensics. Students will examine the areas of intrusion detection, evidence collection, network auditing, network security policy design and implementation as well as preparation for and defense against attacks. The issues and facilities available to both the intruder and data network administrator will be examined and evaluated with appropriate laboratory exercises to illustrate their effect. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and NSSA-245 or equivalent courses.) Lab 4, Lecture 3 (Spring). |
CSEC-464 | Computer System Forensics This course focuses on the fundamental incident response and computer forensics procedures for computer systems. Students will follow the forensics procedures and use forensically-sound tools to uncover the activities of computer users (deleted and hidden files, cryptographic steganography, illegal software, etc.). Students will also technologies to gather and preserve this evidence to ensure admissibility in court. (Prerequisites: (CSEC-101 or CSEC-102 or CSEC-140) and NSSA-221 or equivalent courses.) Studio 3 (Fall, Spring). |
CSEC-465 | Network and System Security Audit This course will provide students with an introduction to the processes and procedures for performing a technical security audit of systems and networks. Students will explore state-of-the-art auditing techniques and apply appropriate tools to audit systems and network infrastructure components. In addition, students will write and present their audit reports on vulnerabilities as well as recommendations to fix any problems discovered. (Prerequisites: NSSA-221 and NSSA-245 or equivalent courses.) Lecture 3 (Fall, Spring). |
CSEC-467 | Mobile Device Security and Forensics This course will be an in-depth study of security, incident response, and forensics as applied to the hardening and protection of mobile devices. Students will learn issues specific to the security of and vulnerabilities of mobile devices as well as forensics tools and incident response techniques used to reveal activities and information related to mobile devices. (Prerequisites: (CSEC-102 or CSEC-140) and (GCIS-124 or GCIS-127 or CSCI-142 or CSCI-140 or CSCI-242) or equivalent courses.) Lec/Lab 3 (Fall). |
CSEC-468 | Risk Management for Information Security The three key elements of risk management will be introduced and explored. These are risk analysis, risk assessment, and vulnerability assessment. Both quantitative and qualitative methodologies will be discussed as well as how security metrics can be modeled, monitored, and controlled. Several case studies will be used to demonstrate the risk management principles featured throughout the course. Students will work in teams to conduct risk assessments on the selected case study scenarios. They will develop mitigation plans and present the results of their analysis both in written reports and oral presentations. (Prerequisites: CSEC-101 or CSEC-102 or CSEC-140 or equivalent course and at least 3rd year standing.) Lecture 3 (Fall). |
CSEC-470 | Covert Communications Covert communications have been employed in the past in traditional information warfare. Today with huge amounts of digital information exchanged in our cyber space and covert communication will become a potential tool for information warfare inside the space. Students will be introduced to the history, theory, methodology and implementation of various kinds of covert communications. Students will explore future techniques and uses of covert communications. More specifically students will explore possible uses of covert communications in the management of botnets. Students will conduct research in this topic area and will write a research paper on their research. Students will be required to submit their paper for publication in a peer-reviewed venue. (This course is restricted to INFOSEC-BS students with 4th year standing.) Lecture 3 (Fall). |
CSEC-471 | Penetration Testing Frameworks & Methodologies The process and methodologies employed in negotiating a contract, performing a penetration test, and presenting the results will be examined and exercised. Students will be exposed to tools and techniques employed in penetration testing. Assignments will explore the difficulties and challenges in planning for and conducting an assessment exposing potential vulnerabilities. Students will develop a metric used to evaluate the security posture of a given network and will develop a coherent and comprehensive report of their findings to present to their client. Particular attention will be paid to the ramifications of the findings toward the security of the targets. (Prerequisites: This course is restricted to students in GCCIS with at least 3rd year student standing.) Lec/Lab 3 (Spring). |
CSEC-472 | Authentication and Security Models Access control and authentication systems are some of the most critical components of cybersecurity ecosystems. This course covers the theory, design, and implementation of systems used in identification, authentication, authorization, and accountability processes with a focus on trust at each layer. Students will examine formal models of access control systems and approaches to system accreditation, the application of cryptography to authentication systems, and the implementation of IAAA principles in modern operating systems. A special focus will be placed on preparing students to research and write about future topics in this area. (Prerequisites: CSEC-362 or CSCI-462 or equivalent course.) Lec/Lab 3 (Fall, Spring). |
CSEC-473 | Cyber Defense Techniques Students will study, build, defend and test the security of computer systems and networking infrastructure while potentially under attack. Students will gain an understanding of standard business operations, timelines and the value of risk and project management. Techniques as related to security guidelines and goals will be studied. Aspects of legal requirements, inheriting existing infrastructure, techniques for backup and recovery of data and systems will be examined. (Prerequisites: This course is restricted to students in GCCIS with at least 3rd year student standing.) Lec/Lab 3 (Fall). |
CSEC-476 | Malware Reverse Engineering This course provides an overview of basic concepts, techniques, and tools of malware reverse engineering. Students will learn how to perform reverse engineering to discover hidden software functions and hidden network communication techniques and protocols. Students will also learn techniques to protect against software reverse engineering. (Prerequisites: (CSCI-462 or CSEC-362) and (CSEC-202 or CSEC-466) or equivalent courses.) Lec/Lab 3 (Spring). |
CSEC-577 | Disaster Recovery Planning and Business Continuity Security and network professionals are increasingly being called upon to apply their knowledge to the development of disaster recovery and business continuity plans. This course will explore DRP/BC in depth using current tools and techniques. Business requirements will be analyzed from the budget, business needs and risk management perspective. Experience gained from at least one co-op is required. (Prerequisites: CSEC-101 or CSEC-102 or CSEC-140 or equivalent course and at least 3rd year standing.) Lecture 3 (Spring). |
CSEC-520 | Cyber Analytics and Machine Learning The course provides students an opportunity to explore methods and applications in cyber analytics with advanced machine learning algorithms including deep learning. Students will learn how to use machine learning methods to solve cybersecurity problems such as network security, anomaly detection, malware analysis, etc. Students will also learn basic concepts and algorithms in machine learning such as clustering, neural networks, adversarial machine learning, etc. Students taking this course should have the 4th year status and completed MATH-190 Discrete Math, MATH-251 Probability and Statistics I, and MATH-241 Linear Algebra. (Prerequisites: MATH-190 and MATH-241 and MATH-251 or equivalent courses and at least 4th year standing.) Lecture 3 (Fall). |
CSEC-569 | Wireless Security The goal of this course is to provide the students with an understanding of wireless communication concepts and principles of wireless networks along with their vulnerabilities and security protocols. In addition, the students will gain practical experience via a series of wireless system administration and attack/defense lab activities, and a software-defined radio project to explore mechanisms for analyzing and/or securing modern wireless networks. The course begins with a primer on wireless security concepts from a physical-layer perspective. It then covers and discusses various generations of security protocols for IEEE 802.11 (Wi-Fi) systems, security of cellular networks, security of wireless protocols for Internet-of-Things (IoT), and other selected trending topics (e.g., connected vehicles security). (Prerequisites: (NSSA-245 and (CSCI-462 or CSEC-362)) or (CMPE-361 and CMPE-480 and (CMPE-570 or CMPE-670)) or equivalent courses.) Lab 2, Lecture 2 (Spring). |
CSCI-455 | Principles of Cybersecurity This course provides a broad introduction to cybersecurity principles and practices, and emphasizes policies and mechanisms for building secure and trusted computer systems. It will cover cybersecurity principles, policies and mechanisms; core knowledge areas of data, software, component, connection, system, human, organizational and societal security; and crosscutting concepts of confidentiality, integrity, availability, risk, adversarial thinking, and systems thinking. Topics in privacy, and legal and ethical aspects will also be emphasized. Presentations, reports and projects are required. Students cannot take and receive credit for this course if they have credit for CSCI-655.
This course requires the knowledge of computer science theory and concepts of computer systems. (Prerequisites: CSCI-250 and (CSCI-262 or CSCI-263) or equivalent courses.) Lecture 3 (Spring). |
CSCI-464 | Xtreme Theory A fast paced, informal look at current trends in the theory of computing. Each week is dedicated to a different topic and will explore some of the underlying theory as well as the practical applications of the theory. Sample topics may include: quantum cryptography, networks and complex systems, social welfare and game theory, zero knowledge protocols. Students will be evaluated on homework assignments and a final presentation. Offered every other year. (Prerequisites: (MATH-190 or MATH-200) and (CSCI-140 or CSCI-142 or CSCI-242 or SWEN-124 or CSEC-124 or GCIS-124 or GCIS-127) or equivalent courses.) Lecture 3 (Fall). |
CSCI-531 | Introduction to Security Measurement The course will introduce students into the algorithmic foundations and modern methods used for security evaluation and tools design. It will combine a theoretical revision of the methods and models currently applied for computer security evaluation and an investigation of computer security through the study of user’s practice. The students will be required to complete a few homework assignments, to deliver a class presentation and to implement a team project. Students cannot take and receive credit for this course if they have credit for CSCI-734. (Prerequisites: CSCI-351 or (4003-420 and 4003-440) or equivalent courses.) Lecture 3 (Fall). |
CSCI-532 | Introduction to Intelligent Security Systems The course will introduce students to the application of intelligent methodologies in computer security and information assurance systems design. It will review different application areas such as intrusion detection and monitoring systems, access control and biological authentication, firewall structure and design. The students will be required to implement a course project on design of a particular security tool with an application of an artificial intelligence methodology and to undertake its performance analysis. Students cannot take and receive credit for this course if they have credit for CSCI-735. (Prerequisites: CSCI-331 or CSCI-351 or equivalent course.) Lecture 3 (Spring). |
SWEN-331 | Engineering Secure Software Principles and practices forming the foundation for developing secure software systems. Coverage ranges across the entire development lifecycle: requirements, design, implementation and testing. Emphasis is on practices and patterns that reduce or eliminate security breaches in software intensive systems, and on testing systems to expose security weaknesses. (Prerequisites: SWEN-261 and (SWEN-488 or SWEN-498 or SWEN-499 or CSEC-499 or CSCI-488 or CSCI-499 or CMPE-499) or equivalent course.) Studio 3 (Fall, Spring). |
* Students can choose to complete either course, not both towards the elective requirement.
† An equivalent calculus sequence may be determined by the minor advisor.
‡ An equivalent discrete mathematics sequence may be determined by the minor advisor.
Contact
- Liz Martin
- Academic Advisor
- Advising
- Golisano College of Computing and Information Sciences
- 585‑475‑2189
- ejhics@rit.edu
Department of Cybersecurity