Information Assurance Analysis - 695.741

This course exposes students to the world of information assurance analysis by discussing foundational concepts and frameworks that can be used to analyze various technologies, mediums, protocols and platforms. Analysis is a fundamental part of the information assurance process and effective implementation can inform policy, forensic and incident response procedures, and cyber security practices. Students will be able to perform analysis activities by using the theoretical knowledge gained on case studies, assignments, and hands-on labs resulting in a richer understanding for information assurance. Topics include the collection, use, and presentation of data from a variety of sources (e.g., raw network traffic data, traffic summary records, and log data collected from servers and firewalls). This data is used for a variety of analytical techniques, such as collection approach evaluation, population estimation, hypothesis testing, experiment construction and evaluation, and developing evidence chains for forensic analysis. The course will also cover Internet of Things (IoT’s), Artificial Intelligence, Mobile Application Security, addressing, Border Gateway Protocols (BGP), lookups, anonymization, Industrial Control Systems (ICS), as well as analyzing DNS, HTTP, SMTP, and TCP protocols. Students will primarily use SiLK, NetFlow, Wireshark, Splunk, Node-Red IoT framework, and TCPDump tools. Students will also be introduced to various IoT and ICS protocols; WNAN, ZigBee, EMV, and SIGFOX, as well as, CIP, MODBUS, DNP3, OPC, HART, BACnet, and ICCP, respectively.

Course Prerequisite(s)

EN.695.601 Foundations of Information Assurance. Familiarity with basic statistical analysis. EN.695.642 Intrusion Detection or EN.695.611 Embedded Computer SystemsVulnerabilities, Intrusions, and Protection Mechanisms is recommended.