RIS520 Course Outline

Course Code: RIS520
Course Name: Risk Management Emergent Technologies
Offered Date: Fall - 2021 | Other versions
Print Outline
Course Description:

A security professional must be able to test whether the network, services and applications in use by an organization are secure. This testing is done through the practice of penetration testing, known colloquially as ethical hacking, and practiced more thoroughly as red team exercises. Knowing where vulnerabilities are likely to reside, how attackers are likely to exploit them, and how to go about searching for weaknesses are invaluable skills.  This subject will introduce students to the methods, tools, planning and implementation of security assessment of information technology systems.  Particular attention will be paid to the methodologies used in the execution of a penetration test according to accepted practices in the information security industry.

Credit Status: 1 credit in the IFS program.
Prerequisite: RIS420
Mode of Instruction: Two periods interactive lecture and two periods practical exercise development and group discussion per week (four periods total)
Learning Outcomes:
On successful completion of this course, the student will be able to:
  1. Develop a successful penetration test using standard methodologies to discover vulnerabilities in a system
  2. Explain the ethical and privacy responsibilities of a professional penetration tester to follow professional guidelines
  3. Determine the scope and timing of a penetration test according to client requirements to complete an engagement in a timely and professional manner
  4. Assess a networked computer system for exploitable vulnerabilities to gather information for a final penetration testing report
  5. Make use of well known attacks to exploit discovered vulnerabilities to gather information for a final penetration testing report
  6. Recommend security improvements for a networked computer system to be included in a final penetration testing report
  7. Compose a professional report containing results and recommendations to improve the security posture of a client
 
Employability Skills:

    •  Communicate clearly, concisely and correctly in the written, spoken and visual form that fulfils the purpose and meets the needs of the audience.|    •  Respond to written, spoken, or visual messages in a manner that ensures effective communication.|    •  Execute mathematical operations accurately.|    •  Apply a systematic approach to solve problems.|    •  Use a variety of thinking skills to anticipate and solve problems.|    •  Locate, select, organize, and document information using appropriate technology and information systems.|    •  Analyze, evaluate, and apply relevant information from a variety of sources.|    •  Show respect for diverse opinions, values, belief systems, and contributions of others.|    •  Interact with others in groups or teams in ways that contribute to effective working relationships and the achievement of goals.|    •  Manage the use of time and other resources to complete projects.|    •  Take responsibility for one's own actions, decisions, and consequences.|
Topic Outline:
 
  • Comparison: Penetration Testing, ethical hacking, red teaming
  • Ethics and privacy issues in penetration testing
  • Methodologies and metrics of a penetration test
  • Penetration test management
  • Determining scope, timelines, and other requirements
  • Information gathering
  • Vulnerability identification and verification
  • System compromise and privilege escalation
  • Maintaining access and covering tracks
  • Reporting results and making recommendations
  • archiving data and cleaning up

Prescribed Text(s):
The Hacker Playbook 3: Practical Guide To Penetration Testing
by Peter Kim
Independently published (May 2 2018)
ISBN-13: 978-1980901754

The Penetration Testing Execution Standard
http://www.pentest-standard.org/index.php/Main_Page
The Mitre Attack Framework
https://attack.mitre.org/
Reference Material:

  • Day, Kevin. Inside the Security Mind. Prentice Hall, 2003. ISBN: 0-13-111829-3
  • Information Technology Security and Risk Management by Jill Slay and Andy Koronios, publisher - Wiley 2006 (ISBN: 0-470-80574-9)
Supply:

  • 2 GB or larger USB Stick
  • Raspberry PI B+
  • 2 x 8B or larger MicroSD cards
  • USB hard drive
Promotion Policy:


Achieve a weighted average of 50% or greater on assessments

Achieve a weighted average of 50% or greater on practical tests


http://www.senecacollege.ca/about/policies/student-progression-and-promotion-policy.html

Grading Policyhttp://www.senecacollege.ca/about/policies/grading-policy.html

A+ 90%  to  100%
A 80%  to  89%
B+ 75%  to  79%
B 70%  to  74%
C+ 65%  to  69%
C 60%  to  64%
D+ 55%  to  59%
D 50%  to  54%
F 0%    to  49% (Not a Pass)
OR
EXC Excellent
SAT Satisfactory
UNSAT Unsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecacollege.ca/about/policies/academics-and-student-services.html) or at Seneca's Registrar's Offices. (https://www.senecacollege.ca/registrar.html).


Evaluation:

Type of Assessment Weighting
Labs 30%
Projects 40%
Practical tests 30%
Total 100%
Approved By:
Suzanne Abraham
Cheating and Plagiarism:
Seneca upholds a learning community that values academic integrity, honesty, fairness, trust, respect, responsibility and courage. These values enhance Seneca's commitment to deliver high-quality education and teaching excellence, while supporting a positive learning environment. Ensure that you are aware of Seneca's Academic Integrity Policy which can be found at: http://www.senecacollege.ca/about/policies/academic-integrity-policy.html Review section 2 of the policy for details regarding approaches to supporting integrity. Section 2.3 and Appendix B of the policy describe various sanctions that can be applied, if there is suspected academic misconduct (e.g., contract cheating, cheating, falsification, impersonation or plagiarism).

Please visit the Academic Integrity website http://open2.senecac.on.ca/sites/academic-integrity/for-students to understand and learn more about how to prepare and submit work so that it supports academic integrity, and to avoid academic misconduct.
Discrimination and Harassment:
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecacollege.ca.
Accomodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Accessibility Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.