Course

Vulnerabilities and Exploits

Faculty
Commerce & Business Administration
Department
Computing Studies & Information Systems
Course Code
CSIS 4480
Credits
3.00
Semester Length
15 Weeks
Max Class Size
35
Method(s) Of Instruction
Lecture
Seminar
Course Designation
None
Industry Designation
CCSP,CEH,CFCE,CHFI,CISA,CISM,CISSP,CRISC,GCFA,GCFE,GSEC,OSCP
Typically Offered
To be determined

Overview

Course Description
This course introduces students to the knowledge and skills on identifying, acknowledging, assessing, mitigating, and managing various vulnerabilities that pose a threat to the organization’s network and data in general. Topics include various types of vulnerabilities – injection, broken authentication and session management, broken access control, cross-site scripting (XSS), security misconfiguration, sensitive data exposure, insufficient attack, site request forgery (CSRF), using components with known vulnerabilities, and unprotected APIs, to name a few. Students will gain theoretical and hands-on experience in identifying and mitigating vulnerabilities, develop recovery policies and procedures to guide safe return to normal state, define accountability and responsibility, and work with security auditing processes to protect the data and network of the organization. This course is suitable for students who would like to gain overall knowledge on identifying and managing vulnerabilities and exploits associated with computer networks.
Course Content
  1. Cybersecurity threats and attack vectors
  2. Existing cybersecurity security protocols
  3. Security Posture Analysis
  4. Vulnerability Assessment
  5. Cybersecurity controls
  6. Cybersecurity attacks detection
  7. Cybersecurity attacks prevention
  8. Tools and systems that are used to strengthen and improve cybersecurity
  9. Cybersecurity policy development

 

Learning Activities

The methods of instruction for this course will include lectures, seminars, demonstrations, and hands-on assignments/projects.

Means of Assessment

Assesment will be in accordance with the Douglas College Evaluation Policy.

Assignments and labs

15% - 20% 

Quizzes

15% - 20% 

Midterm exam *

25% - 30% 

Final Exam *

25% - 30%

Total 

100% 

* Practical hands-on computer exam

In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).

Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.

 

Learning Outcomes

At the end of this course, the successful student will be able to:

  1. Identify the current vulnerabilities and threats in the cyberworld.
  2. Demonstrate the knowledge on the current exploits and their impact to confidentiality, integrity, and availability of data.
  3. Conduct a security posture analysis that includes a vulnerability assessment of current systems or organizations.
  4. Apply the risk management framework in securing computer systems.
  5. Use latest techniques and tools in securing computer systems.
  6. Design policies and standard operating procedures that will help prevent and/or mitigate vulnerabilities and exploits to the computer systems.
  7. Analyze ways to safely return to a normal state after an exploit.
  8. Define accountability and responsibility to protect the computer system.
Textbook Materials

The course will utilize various resources that discusses cybersecurity vulnerabilities such as the Open Web Application Security Project (OWASP), Information Security Management Controls, Certified Ethical Hacking and other relevant sources. Materials may also include instructor provided notes and resources and/or any textbook approved by the department.

Requisites

Prerequisites

Min grade C in any 2 of (CSIS 4440, 4450, 4470)

Corequisites

Courses listed here must be completed either prior to or simultaneously with this course:

  • No corequisite courses

Equivalencies

Courses listed here are equivalent to this course and cannot be taken for further credit:

  • No equivalency courses

Course Guidelines

Course Guidelines for previous years are viewable by selecting the version desired. If you took this course and do not see a listing for the starting semester / year of the course, consider the previous version as the applicable version.

Course Transfers

These are for current course guidelines only. For a full list of archived courses please see https://www.bctransferguide.ca

Institution Transfer Details for CSIS 4480
Alexander College (ALEX) ALEX CPSC 2XX (3)
Athabasca University (AU) AU COMP 3XX (3)
College of New Caledonia (CNC) CNC CSC 2XX (3)
Coquitlam College (COQU) No credit
Kwantlen Polytechnic University (KPU) No credit
Thompson Rivers University (TRU) TRU COMP 3XXX (3)
University Canada West (UCW) UCW CPSC 3XX (3)
University of Northern BC (UNBC) UNBC CPSC 3XX (3)
University of the Fraser Valley (UFV) UFV COMP 4XX (3)

Course Offerings

Summer 2024