Cyber Security Doctoral Deegre Program - Course Description

COURSE DESCRIPTIONS

CSA 680 Advanced Research Methodology
This advanced course consists of two parts. During the first part of the course the theories of inference underlying most statistical methods are introduced. This part of the course also covers how new approaches to research methods, data analysis, and statistical theory are developed. With this foundation, we introduce (and reinvent) a wide variety of known statistical solutions to a wide range of social science data problems. We also show how it is easy to conceive original approaches and new statistical estimators when required. The specific models introduced are chosen based on students' research topics. The second part of this advanced course is about qualitative data collection, which addresses both theoretical and practical dimensions of conducting qualitative research. Data collection concerns are embedded within the larger processes of qualitative research methods and must be considered in holistic ways. For example, data collection decisions are inherently tied to particular epistemological stances and theoretical orientations as well as to the research focus. In addition, data collection processes are interwoven with analysis and often occur simultaneously. Postgraduate students will acquire the knowledge and methodological skills that are part of qualitative research methods for application within their academic program, for writing a dissertation and/or for their future career. The course is designed with flexibility so that you will be able to develop projects that will suit your own academic and professional needs. Credits: ECTS: 6 US: 3. Prerequisite: None.

CSA 681 Advanced Cyber Security Standards and Policies
The course teaches students about cyber security standards and policies at advanced level. Cyber security standards and policies enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. The course will cover the most widely used security standard today know as ISO 27001. Other security standards and policies for IT infrastructure protection will also be taught. In addition, risk assessment and risk management will be incorporated in the course. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 682 Advanced Telecommunication and Data Communication
This advanced course teaches students about fundamentals of the technology, transmission systems, voice communication systems, messaging systems, and public switched telephone network. Student will also learn about fundamentals of data communications, conventional digital and data networks, local area networks, broadband network infrastructure and services, wireless networking with the emphasis on mobility, video and multimedia networking, the Internet and World Wide Web, network convergence. The course also covers regulation such as Telecommunications Act of 1996 as well as certain issues. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 686 Advanced Information Security
The course teaches students about information security as well as information assurance at advanced level. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Information security is concerned with the confidentiality, integrity and availability of data and systems regardless of the form the data may take: electronic, print, or other forms. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security. The course also teaches about physical, electromagnetic (TEMPEST) and personal security. Physical security refers to protection of information systems. Personal security refers to personal security clearance and screening, their scope of action, ect. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 690 Advanced Mobile Devices Security
The advanced course teaches students about mobile devices security. Mobile devices security relates to the security of personal information stored on smartphones. Smartphones, used as communication tools and a means of planning and organizing professional (work) and private life are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like SMS, MMS, Wi-Fi networks, and GSM. There are also attacks that exploit software vulnerabilities from both the web browser and operating system. There are also are forms of malicious software that rely on the weak knowledge of average users. Different security counter-measures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end-users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable applications. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 691 Advanced Law in Cyber Crime
This advanced course examines law, legal policies and their issues that exist and are used today when dealing with cyber crime. The course examines comparative legal approach to the problem of cybercrime. It addresses basic issues in comparative criminal law, and explores the key concepts of cyberspace and cybercrime. It also addresses some of the most prominent topics in the substantive law of cybercrime (e.g., unauthorized access to computers and files, malicious code such as viruses and worms, intellectual property offenses such as economic espionage and copyright piracy, fraud, "hate speech," and pornography). Major issues in the procedural law of cybercrime (e.g., surveillance technologies and legal standards for interception of electronic communications and evidence-gathering), as well as transnational legal issues are also examined. Cybercrime sentencing issues and predictions for the control of cybercrime are examined at the end of the course. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 692 Advanced Digital Forensics
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The advanced course explores digital forensics, its history, forensic process, application, legal considerations and branches. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence. Digital forensics investigations have a variety of applications. The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved: a) computer forensics, b) network forensics, c) database forensics and d) mobile device forensics. Computer forensics pertains to legal evidence found in computers and digital storage media. Network forensics relates to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Database forensics relates to the forensic study of databases and their metadata. Mobile device forensics relates to recovery of digital evidence or data from a mobile device. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 693 Advanced Industrial Network Security
This course teaches students about industrial network security at advanced level. Students will study about industrial network, its protocol, how it operates, application characteristics of an industrial control system, as well as a variety of common compliance controls. Students will learn to identify why security controls should be implemented, where they should implemented, how they should be implemented, and how they should be used. Topics covered include how secure enclaves are established, monitored, anomaly and threat detection, standards and regulations applicable to industrial network security, as well as common mistakes and pitfalls that occur within industrial control system. Credits: ECTS: 6 US: 3. Prerequisite: None.

CSA 684 Advanced Computer and System Intrusion
The advanced course teaches students about computer and system intrusion, types of intrusion, its detection as well as prevention systems and its classifications. In addition methods and tactics used in prevention of the intrusion will be covered. The course will also cover the following topics: hacking, E-Crime (or cyber crime) and e-Discovery. Hacking involves finding out weaknesses in a computer or computer network. Classifications, tools and techniques of hacking are covered. E-Crime or (or cyber crime) refers to any crime that involves a computer and a network. E-Discovery refers to discovery in civil litigation, which deals with the exchange of information in electronic format. Electronic information is considered different from paper information because of its intangible form, volume, transience and persistence. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 683 Advanced Corporate Network Security
The advanced course consists of three parts. The first part of the course teaches students about network security whose main purpose is to secure the network, and protect and oversee operations being done. Network security is involved in organizations, enterprises, and other types of institutions. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Students will be introduced to the provisions and policies that are an integral part of network security. Network administrator adopts those provisions and policies in order to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. This also involves the authorization of access to data in a network. The course introduces students to intrusion detection system and intrusion prevention systems and their main differences. The second part of the course teaches students about wireless security. The risks to users of wireless technology have increased as the service has become more popular. Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. The most common types of wireless security are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). The course emphases that wireless security policies should be defined by enterprises in order to prevent unauthorized access to important resources. The third part of the course teaches students about Internet security. Internet security involves browser security and network security on a more general level as it applies to other applications or operating systems on a whole. Objective of Internet security is to establish rules and measures in order to use it against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud. Topics covered in the course include: a) Types of security (network layer security, IPsec Protocol, security token, E-mail security); b) Firewalls (their role, types, ect.); c) Malicious software and antivirus; d) different types of attack; e) security management of Web applications and Web services; ect. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 685 Advanced Cryptography Development
Cryptography is the study of information hiding and verification. It includes the protocols, algorithms and strategies to securely and consistently prevent or delay unauthorized access to sensitive information and enable verifiability of every component in a communication. A review of the historical development of cryptographic methods and cryptanalysis tools is provided. The advanced course covers encryption programming and decoding, conventional encryption model, classical encryption techniques - substitution ciphers and transposition ciphers, cryptanalysis, stereography, stream and block ciphers. When information is transformed from a useful form of understanding to an opaque form of understanding, this is called encryption. When the information is reverted back into a useful form, it is called decryption. Data encryption protect data from prying eyes, prevents unauthorized users from transmitting confidential data to the wrong party or performing any modifications to the data. Data encryption works through a coding process to prevent documents, email messages, and other types of information from being accessed by unauthorized users. Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on (or sectors of) hard drives and removable media, email messages, or in the form of packets sent over computer networks. The encryption program can be included in an email client or can be a stand-alone infrastructure. The encryption process, which is known in IT programming as an algorithm, is responsible for the conversion of data that is encrypted. The data is then accessed through an encryption key that the end user uses to access and read the data. The course will cover types of algorithms and methods of encryption. Credits: ECTS: 8 US: 4. Prerequisite: None.
CSA 696 Preparation for a doctoral dissertation (1st phase)
The candidate is assigned a provisional supervisor who will help him/her to identify a suitable dissertation topic. The candidate submits an outline containing problem definition, research questions, methodology adopted and references consulted. The candidate presents his/her work in dedicated seminars. Credits: ECTS: 6 US: 3. Prerequisite: None.

CSA 695 Advanced Cyber Surveillance
This advanced course introduces students to cyber surveillance, a technique for monitoring computer activity, which includes monitoring of date stored on a hard drive or being transferred over computer networks. Cyber surveillance operates on data networks. Cyber surveillance also includes gathering and analyzing information recorded. Students will be also introduced to surveillance and security as a study, surveillance theories as well as with types of cyber surveillance. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 699 Advanced Malicious Software Development
The advanced course teaches students about malicious software also known as malware as well as its development. It is software designed to disrupt computer operation, gather sensitive information, and gain unauthorized access to a computer system. Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. Students will be introduced to distributed firewalls and some types of malicious programs (for example SMART HDD). Distributed firewalls are host-resident security software applications that protect the enterprise network's servers and end-user machines against unwanted intrusion. They offer the advantage of filtering traffic from both the Internet and the internal network. This enables them to prevent hacking attacks that originate from both the Internet and the internal network. Construction of malicious software will be explained, how they function and spread as well as how anti-malicious software and hardware work. Credits: ECTS: 8 US: 4. Prerequisite: None.

CSA 697 Conference participation and/or publication of a research in a relevant peer-reviewed journal.
Credits: ECTS: 14 US: 7. Prerequisite: None. CSA 698 Doctoral dissertation – writing of the final version
Students will devote this semester to completing their dissertations. During this time the candidates are requested to present their work in dedicated seminars/workshops. Candidates can submit their dissertations after three academic years. Credits: ECTS: 30 US: 15. Prerequisite: None.

CSA 700 Doctoral dissertation – oral defense
Upon approval by the Supervisor and Defense Committee the candidate defends the dissertation and fulfills all requirements for obtaining the AUBiH doctoral degree. Credits: ECTS: 30 US: 15. Prerequisite: CSA 698 Doctoral dissertation – writing of the final version.