Cyber & Cloud Security Program

This course will introduce students to the concept of professional practice. Students will be introduced to professional competencies, research skills, writing, and presentation skills. Students will develop an understanding of project-management skills, and the importance of ongoing professional education and certification.

This course will introduce students to the concept of professional practice. Students will be introduced to professional competencies, research skills, writing, and presentation skills. Students will develop an understanding of project-management skills, and the importance of ongoing professional education and certification.

This course will provide students with an introduction to professional ethics in the context of their role in cloud security. The primary focus will be the codes of ethics presented by relevant professional certification bodies such as ISC2, ISACA, and CSA STAR. Students will develop an understanding of the rationale behind these and other industry requirements as well as the legal and regulatory requirements that drive them. Students will gain an understanding of their responsibilities and accountabilities for legal, regulatory, security, privacy, governance, and policy requirements related to information management. Students will develop a solid working knowledge of professional ethics, obligations, and requirements. In addition to being an important component of industry certification exams, this foundation will enable them to behave appropriately and ensure compliance with applicable standards in the workplace and to practice good judgement throughout their careers.

This course introduces students to the many topics within information security theory necessary to understand why data and systems need to be secured and ways in which that gets achieved. At a high level, the course includes content related to identifying and implementing security objectives and control types through the application of various industry best practices and frameworks. This includes meeting legal and regulatory obligations through risk management techniques and use of available compliance tools.
The course covers fundamental information security topics and methodologies that are used to ensure secure cloud environment deployments and management.

This course introduces students to fundamental IT management programs required to maintain a secure computing environment and how they similarly relate to securing the virtual systems and data in the cloud. The management program content areas cover change, configuration, encryption key, disaster recovery/ business continuity, identity and access, incident, information, logging and monitoring, patch, risk, supplier, vulnerability, and performance management, as well as content around business transition, transformation, and continuous improvement. IT project management methods will also be discussed, as well as DevOps automation process designs.

This course introduces students to the fundamental concepts associated with physical security, computer security, and software security as it relates to both traditional cybersecurity and cloud security objectives. This includes understanding data centre security requirements and safety requirements such as those outlined by the Uptime Institute (data centre tiers) and ASHRAE technical committees (thermal guidelines). Similarly, the course will facilitate an understanding of security requirements related to operating systems, computer hardware (such as CPU, RAM, and hard disk drives), virtual device components (such as binary large object storage), and related file structures. Additionally, this course introduces the student to the critical software components of business systems such as applications and databases, as well as how their usage and placements affect the systems’ security.

This course introduces students to the fundamental concepts associated with network security of both physical and virtual devices and networks. This includes reference models (such as OSI and TCP/IP), cabling and network topologies (including VLANs), device types (such as IPS/IDS systems, VPNs, DLP, load balancers, firewalls, routers, switches, VNET peering, NSGs, etc.) and testing of those devices and configurations (using network-layer vulnerability scans and penetration tests). 

This course introduces students to the concept of data security and ways in which organizations’ most valuable assets can be protected. This includes concepts such as dat life-cycles and the effect this has on securing data, data classification, handling, retention, and destruction, as well as roles and responsibilities. In addition, various types of technical data protection methods will be introduced, such as anonymization, hashing, masking, obfuscation, tokenization, and digital rights management (DRM). 

This course introduces students to IT architecture concepts required to create secure system applications. This includes reviewing formal security models (such as Bell­ LaPadula, Biba, Clark-Wilson, Brewer-Nash, Graham-Denning, etc.), as well as looking at how those theoretical models get implemented on critical technology components (like computers, operating systems, applications, networks, and databases).

This course introduces students to cloud computing concepts necessary for understanding the deployment and use of common cloud technologies. This includes defining and describing cloud service models, characteristics, deployment models, and reference architectures in such a way that a student can choose the appropriate method for a new system when required. 

This course introduces students to other technologies critical to cloud environments that are used to facilitate the confidentiality, integrity, and availability of data in the cloud. This includes learning about virtualization, containerization, server-less implementations, and identity and access control systems. Additionally, various aspects of cryptography (such as definitions, types of ciphers, methods, symmetric and asymmetric algorithms, message integrity methods, public key infrastructure, and trusted platform modules) will be discussed from the perspective of the role they play in cloud environments. 

This course introduces students to the importance of business systems analysis and its role in developing secure systems. This includes learning how to characterize a system based on the criticality and classification of the data, as well as how to perform various typical business analysis processes such as building use cases, conducting feasibility studies, doing requirements analysis, and modeling secure solution designs.

This course introduces students to the concepts related to secure development of software required for maintenance of data confidentiality, integrity, and availability. This includes orienting students with different generations of development languages, as well as with techniques used to develop software securely (such as designing with failure in mind and secure recovery). Common security issues associated with software will be explored (such as those identified by OWASP), as well as how one goes about testing applications to confirm that they are secure (i.e. DAST/SAST, synthetic, transactions, and misuse cases). 

This course will introduce students to common system evaluation techniques used to either determine or confirm that they way in which data is being processed on the system is conducted securely. This includes learning about how systems are scoped for the purpose of assessments (including choosing appropriate test profiles). What is the value of an internal self-assessment, and the role of external assessors or auditors. 

This course provides students with Azure foundations, starting with  working  within the Azure portal and being introduced to common tools used in the Azure environment. Students will learn how to manage different Azure cloud services such as storage, security, networking, and compute cloud capabilities, and get hands-on experience creating virtual machines and virtual networks. The course will also focus on subscription and resource management required for tracking and estimating service usage and related costs, as well as identity management through which students will learn how to grant appropriate access to Azure AD users, groups, and services using role-based access control (RBAC).

This course provides students with AWS Solutions Architect foundational  concepts that will allow them to learn how to design available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS.

Students will learn how to architect and deploy secure and robust applications on AWS technologies, define solutions using architectural design principles based on customer requirements, and provide implementation guidance as necessary. The course will similarly yield an understanding of security features and tools that AWS provides and how they relate to traditional services.

This course introduces students to career preparation strategies. Students will be introduced to job search strategies, interviews and other career management strategies.