Computing Security Bachelor of science degree
Computing Security
Bachelor of science degree
de869fff-81e4-4ced-b945-da5537da8b93 | 128855
Overview
Preserve information assets, identify computer security vulnerabilities, and understand the forensics needed to prove an attack occurred, from identifying its origin and assessing the extent of the damage to designing strategies that ensure data recovery.
The computing security degree at RIT is a cybersecurity degree that provides students with a solid foundation in programming and mathematics and an extensive selection of advanced topics from the areas of the network and system security, digital forensics and malware, software security, data security, and privacy, to cyber analytics and intelligence.
The scope of computer systems and networks and the span of these systems increases in organizations every day. At the same time, industry and society's dependence on these technologies is growing dramatically, as is the creation of malicious software that attacks computing systems and networks. Therefore, computing security has become a major concern for organizations large and small to ensure their business success and continuity. The result is an increased and urgent demand for security professionals and technologies that can secure and protect from relentless attack digital assets of an organization as well as the hardware and software infrastructures that house the information.
The BS degree in computing security produces professionals who understand people and processes that impact information security. In addition to possessing state-of-the-art knowledge in protecting digital assets of large or small organizations, graduates will be able to proactively identify security vulnerabilities in software, hardware, and infrastructure, and provide and implement actionable solutions that are satisfactory to the organization. Graduates will also be able to collect digital forensic evidence to reveal network and data breach incidents, attribute the attackers or origin, assess the extent of the damage or loss of information, and design strategies that ensure data are protected from future attacks.
The BS in computing security provides students with a solid foundation in computer science and mathematics during the first two years of the program. Starting the third year, students can select an in-depth study in various aspects of computing security including network and system security, malware and digital forensics, software security, and security evaluations and management.
Plan of study
Students complete core courses, advanced courses, and cooperative education. Core courses include a programming sequence, an ethics course, a computer networking and system administration sequence, and foundation courses in computer and network security. Advanced courses allow students to design the focus of their information security course work.
Cooperative education
Cooperative education is a required component of the major. Co-op is full-time, paid, professional experience that enables students to work in a variety of organizations – from small- or medium-sized businesses to large international companies or law enforcement organizations – that require computer systems or computer networks. These may be security-centric businesses (law enforcement agencies, security auditors) to users of information technology (manufacturing companies, school districts, health care). Co-op provides real-world experience and a competitive edge when applying for jobs after graduation.
To help facilitate finding a co-op position the Co-op and Career Services Office at RIT maintains job listings from companies that are looking for co-op students to work for them. Students may find co-op employment anywhere in the US or Internationally. To be eligible for co-op, students must have completed their freshman and sophomore year course requirements and must have completed the CSEC 99 Co-op Seminar. Transfer students usually must complete one year of academic work at RIT before becoming eligible to go out on co-op, however, exceptions will be considered on a case by case basis.
Typically, the first co-op occurs during the summer following the second year. The second co-op is designed to be taken during the summer after your third year but can be taken during an academic semester. Co-op allows a student to gain work experience, apply concepts taught in class, and bring lessons learned from the workplace back into the classroom thereby enriching their educational experience. Students must complete the co-op requirement prior to completing their course work. To enroll in CSEC 499 Undergraduate Capstone, both co-ops must be completed.
Advanced electives
Students complete six advanced security elective courses. These elective expand their knowledge in one of several disciplines of security, including network and systems security, digital forensics and malware, security software, and security management.
Students can create customized clusters for their special interests provided compositions of clusters are vetted by their academic advisor and the Undergraduate Program Director. Courses in a customized cluster should be on the list of approved advanced elective courses of Computing Security. To be counted as a cluster course, a GCCIS course not on the list of advanced elective courses of Computing Security needs to be approved by the Undergraduate Program Director on a case by case basis, or simply such a course can be counted as a free elective for students.
Industries
Typical Job Titles
| Computer Security Analyst | Cyber Security Engineer |
| Information Security Analyst | Junior Security Engineer |
| Malware Analyst | Network Engineer |
| Security Analyst | Site Reliability Engineer |
| Systems Engineer |
Latest News
-
June 18, 2019
!['Three students standing ']()
Students combine hardware and attacking skills at cybersecurity competition
A team of RIT students from different computing disciplines came together last semester to place third in the 2019 MITRE Collegiate eCTF (embedded capture-the-flag) cybersecurity competition.
-
May 7, 2019
![Student poses in front of green wall.]()
Cybersecurity competitions help graduate land job at IBM’s X-Force Red
The main topic of conversation during Scott Brink’s co-op interviews was almost always about cybersecurity competitions. Luckily, Brink has thousands of hours invested in hacking competitions from his time at RIT. Brink, a 2019 graduate of RIT’s computing security program, credits those cybersecurity competitions and student clubs with helping him succeed in the major.
-
April 27, 2019
![Man sings with microphone.]()
RIT students let their talent roar at second-annual Dr. Munson’s Performing Arts Challenge
This year’s Imagine RIT: Creativity and Innovation began Friday evening, with scores of university students letting their talent shine in front of an appreciative crowd during Dr. Munson’s Performing Arts Challenge. First place went to The Roar’s for a rousing rendition of “Feeling Good,” which the band patterned after a Michael Bublé performance of the song.
Curriculum
Computing security, BS degree, typical course sequence
| Course | Sem. Cr. Hrs. | |
|---|---|---|
| First Year | ||
| CSEC-101 |
Fundamentals of Computing Security
An introduction to the fundamental issues, concepts and tools common to all areas of computing security. Topics include identifying attackers and their motivations. Essential techniques will be introduced covering the areas of anti-virus, monitoring, virtual machines, account control, and access rights management. Various security models will be investigated. Concept areas such as confidentiality, integrity, availability and privacy will be studied.
|
3 |
| CSCI-141 |
Computer Science I
This course serves as an introduction to computational thinking using a problem-centered approach. Specific topics covered include: expression of algorithms in pseudo code and a programming language; functional and imperative programming techniques; control structures; problem solving using recursion; basic searching and sorting; elementary data structures such as lists, trees, and graphs; and correctness, testing and debugging. Assignments (both in class and for homework) requiring a pseudo code solution and an implementation are an integral part of the course. An end-of-term project is also required.
|
4 |
| CSCI-142 |
Computer Science II
This course delves further into problem solving by continuing the discussion of data structure use and design, but now from an object-oriented perspective. Key topics include more information on tree and graph structures, nested data structures, objects, classes, inheritance, interfaces, object-oriented collection class libraries for abstract data types (e.g. stacks, queues, maps, and trees), and static vs. dynamic data types. Concepts of object-oriented design are a large part of the course. Software qualities related to object orientation, namely cohesion, minimal coupling, modifiability, and extensibility, are all introduced in this course, as well as a few elementary object-oriented design patterns. Input and output streams, graphical user interfaces, and exception handling are covered. Students will also be introduced to a modern integrated software development environment (IDE). Programming projects will be required.
|
4 |
| MATH-181 |
Project-based Calculus I
This is the first in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers functions, limits, continuity, the derivative, rules of differentiation, applications of the derivative, Riemann sums, definite integrals, and indefinite integrals.
|
4 |
| MATH-182 |
Project-based Calculus II
This is the second in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers techniques of integration including integration by parts, partial fractions, improper integrals, applications of integration, representing functions by infinite series, convergence and divergence of series, parametric curves, and polar coordinates.
|
4 |
| MATH-190 |
Discrete Mathematics for Computing
This course introduces students to ideas and techniques from discrete mathematics that are widely used in Computer Science. Students will learn about the fundamentals of propositional and predicate calculus, set theory, relations, recursive structures and counting. This course will help increase students’ mathematical sophistication and their ability to handle abstract problems.
|
3 |
| NSSA-241 |
Introduction to Routing and Switching
This course provides an introduction to wired network infrastructures, topologies, technologies, and the protocols required for effective end-to-end communication. Basic security concepts for TCP/IP based technologies are introduced. Networking layers 1, 2, and 3 are examined in-depth using the International Standards Organization’s Open Systems Interconnection and TCP/IP models as reference. Course topics focus on the TCP/IP protocol suite, the Ethernet LAN protocol, switching technology, and routed and routing protocols common in TCP/IP networks. The lab assignments mirror the lecture content , providing an experiential learning component for each topic covered.
|
3 |
| YOPS-10 | RIT 365: RIT Connections |
0 |
LAS Perspective 1 (ethical) |
3 | |
LAS Perspective 2 (artistic) |
3 | |
First Year Writing |
3 | |
Wellness Education* |
0 | |
| Second Year | ||
| CSEC-099 |
Cooperative Education Seminar
This course helps students prepare for co-operative education employment (“co-op”) by developing job search strategies and material. Students will explore current and emerging aspects of the Computing Security field with employers, alumni and current students who have already been on co-op. Students are introduced to RIT’s Office of Career Services and Cooperative Education and learn about professional and ethical responsibilities for their co-op and subsequent professional experiences. Students will work collaboratively to build résumés and to prepare for interviews.
|
0 |
| CSEC-201 |
Programming for Information Security
This course builds upon basic programming skills to give students the programming knowledge necessary to study computing security. Students will be introduced to network programming, memory management, and operating system calls along with associated security concepts. Specific focus will placed on understanding the compilation process and on the relation between high-level programming concepts and low-level programming concepts, culminating in identifying and exploiting memory corruption vulnerabilities.
|
3 |
| CSEC-202 |
Reverse Engineering Fundamentals
This course will teach students the core concepts needed to analyze unknown source code. Students will study a variety of low-level programming languages and how high-level programming language structures relate to low-level programming languages. Students will learn study tools and techniques used for both static and dynamic analysis of unknown binaries, providing the foundation for further study in malware analysis.
|
3 |
| Choose one of the following: | 3 |
|
| MATH-241 |
Linear Algebra
This course is an introduction to the basic concepts of linear algebra, and techniques of matrix manipulation. Topics include linear transformations, Gaussian elimination, matrix arithmetic, determinants, vector spaces, linear independence, basis, null space, row space, and column space of a matrix, eigenvalues, eigenvectors, change of basis, similarity and diagonalization. Various applications are studied throughout the course.
|
|
| MATH-252 |
Probability and Statistics II
This course covers basic statistical concepts, sampling theory, hypothesis testing, confidence intervals, point estimation, and simple linear regression. The statistical software package MINITAB will be used for data analysis and statistical applications.
|
|
| MATH-251 |
Probability and Statistics I
This course introduces sample spaces and events, axioms of probability, counting techniques, conditional probability and independence, distributions of discrete and continuous random variables, joint distributions (discrete and continuous), the central limit theorem, descriptive statistics, interval estimation, and applications of probability and statistics to real-world problems. A statistical package such as Minitab or R is used for data analysis and statistical applications.
|
3 |
| NSSA-221 |
System Administration
This course is designed to give students an understanding of the role of the system administrator in large organizations. This will be accomplished through a discussion of many of the tasks and tools of system administration. Students will participate in both a lecture section and a separate lab section. The technologies discussed in this class include: operating systems, system security, and service deployment strategies.
|
3 |
| NSSA-245 |
Network Services
This course will investigate the protocols used to support network based services and the tasks involved in configuring and administering those services in virtualized Linux and Windows internet working environments. Topics include an overview of the TCP/IP protocol suite, in-depth discussions of the transport layer protocols, TCP and UDP, administration of network based services including the Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), Secure Shell (SSH), and Voice Over IP (VoIP). Students completing this course will have thorough theoretical knowledge of the Internet Protocol (IP), the Transport Control Protocol (TCP), and the User Datagram Protocol (UDP), as well as experience in administering, monitoring, securing and troubleshooting an internet work of computer systems running these protocols and services.
|
3 |
LAS Perspective 3 |
3 | |
LAS Perspective 4 |
3 | |
LAS Perspective 5 (natural science inquiry)† |
4 | |
LAS Perspective 6 (scientific principles)‡ |
4 | |
Cooperative Education in CSEC (summer) |
Co-op | |
| Third Year | ||
| CSCI-462 |
Introduction to Cryptography
This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication.
|
3 |
| CSEC-380 |
Principles of Web Application Security
This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ.
|
3 |
| CSEC-472 |
Authentication and Security Models
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course reviews basic cryptology techniques and introduces their application to contemporary authentication methods.
|
3 |
| ISTE-230 |
Introduction to Database and Data Modeling
A presentation of the fundamental concepts and theories used in organizing and structuring data. Coverage includes the data modeling process, basic relational model, normalization theory, relational algebra, and mapping a data model into a database schema. Structured Query Language is used to illustrate the translation of a data model to physical data organization. Modeling and programming assignments will be required. Note: students should have one course in object-oriented programming.
|
3 |
| PUBL-363 |
Cyber Security Policy and Law
Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The
central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws.
|
3 |
LAS Immersion 1 (WI) |
3 | |
Program Electives |
6 | |
Free Electives |
6 | |
Cooperative Education in CSEC (summer) |
Co-op | |
| Fourth Year | ||
| CSEC-490 |
Capstone in Computing Security
This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications.
|
3 |
LAS Elective§ |
3 | |
Program Electives |
12 | |
LAS Immersion 2, 3 |
6 | |
Free Electives |
6 | |
| Total Semester Credit Hours | 126 |
|
Please see General Education Curriculum–Liberal Arts and Sciences (LAS) for more information.
(WI) Refers to a writing intensive course within the major.
* Please see Wellness Education Requirement for more information. Students completing bachelor's degrees are required to complete two different Wellness courses.
† Students may choose one of the following course sequences: General Biology I (BIOL-101) and General Biology I Lab (BIOL-103); General and Analytical Chemistry I (CHMG-141) and General and Analytical Chemistry I Lab (CHMG-145); or University Physics I (PHYS-211).
‡ Students may choose one of the following course sequences: General Biology II (BIOL-102) and General Biology II Lab (BIOL-104); General and Analytical Chemistry II (CHMG-142) and General and Analytical Chemistry II Lab (CHMG-146); or University Physics II(PHYS-212).
§ Choose one of the following philosophy courses: Introduction to Moral Issues (PHIL-102), Foundations of Moral Philosophy (PHIL-202), or Professional Ethics (PHIL-306).
Accelerated dual degree options
Accelerated dual degree options are for undergraduate students with outstanding academic records. Upon acceptance, well-qualified undergraduate students can begin graduate study before completing their BS degree, shortening the time it takes to earn both degrees. Students should consult an academic adviser for more information.
Computing Security, BS/MS degree, typical course sequence
| Course | Sem. Cr. Hrs. | |
|---|---|---|
| First Year | ||
| CSEC-101 |
Fundamentals of Computing Security
An introduction to the fundamental issues, concepts and tools common to all areas of computing security. Topics include identifying attackers and their motivations. Essential techniques will be introduced covering the areas of anti-virus, monitoring, virtual machines, account control, and access rights management. Various security models will be investigated. Concept areas such as confidentiality, integrity, availability and privacy will be studied.
|
3 |
| CSCI-141 |
Computer Science I
This course serves as an introduction to computational thinking using a problem-centered approach. Specific topics covered include: expression of algorithms in pseudo code and a programming language; functional and imperative programming techniques; control structures; problem solving using recursion; basic searching and sorting; elementary data structures such as lists, trees, and graphs; and correctness, testing and debugging. Assignments (both in class and for homework) requiring a pseudo code solution and an implementation are an integral part of the course. An end-of-term project is also required.
|
4 |
| CSCI-142 |
Computer Science II
This course delves further into problem solving by continuing the discussion of data structure use and design, but now from an object-oriented perspective. Key topics include more information on tree and graph structures, nested data structures, objects, classes, inheritance, interfaces, object-oriented collection class libraries for abstract data types (e.g. stacks, queues, maps, and trees), and static vs. dynamic data types. Concepts of object-oriented design are a large part of the course. Software qualities related to object orientation, namely cohesion, minimal coupling, modifiability, and extensibility, are all introduced in this course, as well as a few elementary object-oriented design patterns. Input and output streams, graphical user interfaces, and exception handling are covered. Students will also be introduced to a modern integrated software development environment (IDE). Programming projects will be required.
|
4 |
| MATH-181 |
Project-Based Calculus I
This is the first in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers functions, limits, continuity, the derivative, rules of differentiation, applications of the derivative, Riemann sums, definite integrals, and indefinite integrals.
|
4 |
| MATH-182 |
Project-Based Calculus II
This is the second in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers techniques of integration including integration by parts, partial fractions, improper integrals, applications of integration, representing functions by infinite series, convergence and divergence of series, parametric curves, and polar coordinates.
|
4 |
| MATH-190 |
Discrete Mathematics for Computing
This course introduces students to ideas and techniques from discrete mathematics that are widely used in Computer Science. Students will learn about the fundamentals of propositional and predicate calculus, set theory, relations, recursive structures and counting. This course will help increase students’ mathematical sophistication and their ability to handle abstract problems.
|
3 |
| NSSA-241 |
Introduction to Routing and Switching
This course provides an introduction to wired network infrastructures, topologies, technologies, and the protocols required for effective end-to-end communication. Basic security concepts for TCP/IP based technologies are introduced. Networking layers 1, 2, and 3 are examined in-depth using the International Standards Organization’s Open Systems Interconnection and TCP/IP models as reference. Course topics focus on the TCP/IP protocol suite, the Ethernet LAN protocol, switching technology, and routed and routing protocols common in TCP/IP networks. The lab assignments mirror the lecture content , providing an experiential learning component for each topic covered.
|
3 |
| YOPS-10 | RIT 365: RIT Connections |
0 |
LAS Perspective 1 (ethical) |
3 | |
LAS Perspective 2 (artistic) |
3 | |
First Year Writing (WI) |
3 | |
Wellness Education* |
0 | |
| Second Year | ||
| CSEC-99 | Co-op Seminar |
0 |
| CSEC-201 |
Programming for Information Security
This course builds upon basic programming skills to give students the programming knowledge necessary to study computing security. Students will be introduced to network programming, memory management, and operating system calls along with associated security concepts. Specific focus will placed on understanding the compilation process and on the relation between high-level programming concepts and low-level programming concepts, culminating in identifying and exploiting memory corruption vulnerabilities.
|
3 |
| CSEC-202 |
Reverse Engineering Fundamentals
This course will teach students the core concepts needed to analyze unknown source code. Students will study a variety of low-level programming languages and how high-level programming language structures relate to low-level programming languages. Students will learn study tools and techniques used for both static and dynamic analysis of unknown binaries, providing the foundation for further study in malware analysis.
|
3 |
| CSEC-499 |
Cooperative Education in CSEC (summer)
Students will gain experience and a better understanding of the application of technologies discussed in classes by working in the field of computing security. Students will be evaluated by their employer. If a transfer student, they must have completed one term in residence at RIT and be carrying a full academic load.
|
0 |
| Choose one of the following: | 3 |
|
| MATH-241 |
Linear Algebra
This course is an introduction to the basic concepts of linear algebra, and techniques of matrix manipulation. Topics include linear transformations, Gaussian elimination, matrix arithmetic, determinants, vector spaces, linear independence, basis, null space, row space, and column space of a matrix, eigenvalues, eigenvectors, change of basis, similarity and diagonalization. Various applications are studied throughout the course.
|
|
| MATH-252 |
Probability and Statistics II
This course covers basic statistical concepts, sampling theory, hypothesis testing, confidence intervals, point estimation, and simple linear regression. The statistical software package MINITAB will be used for data analysis and statistical applications.
|
|
| MATH-251 |
Probability and Statistics I
This course introduces sample spaces and events, axioms of probability, counting techniques, conditional probability and independence, distributions of discrete and continuous random variables, joint distributions (discrete and continuous), the central limit theorem, descriptive statistics, interval estimation, and applications of probability and statistics to real-world problems. A statistical package such as Minitab or R is used for data analysis and statistical applications.
|
3 |
| NSSA-221 |
Systems Administration I
This course is designed to give students an understanding of the role of the system administrator in large organizations. This will be accomplished through a discussion of many of the tasks and tools of system administration. Students will participate in both a lecture section and a separate lab section. The technologies discussed in this class include: operating systems, system security, and service deployment strategies.
|
3 |
| NSSA-245 |
Network Services
This course will investigate the protocols used to support network based services and the tasks involved in configuring and administering those services in virtualized Linux and Windows internet working environments. Topics include an overview of the TCP/IP protocol suite, in-depth discussions of the transport layer protocols, TCP and UDP, administration of network based services including the Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), Secure Shell (SSH), and Voice Over IP (VoIP). Students completing this course will have thorough theoretical knowledge of the Internet Protocol (IP), the Transport Control Protocol (TCP), and the User Datagram Protocol (UDP), as well as experience in administering, monitoring, securing and troubleshooting an internet work of computer systems running these protocols and services.
|
3 |
LAS Perspective 3 (global) |
3 | |
LAS Perspective 4 (social) |
3 | |
LAS Perspective 5 (natural science inquiry)† |
4 | |
LAS Perspective 6 (scientific principles)† |
4 | |
| Third Year | ||
| CSEC-380 |
Principles of Web Application Security
This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ.
|
3 |
| CSEC-472 |
Authentication and Security Models
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course reviews basic cryptology techniques and introduces their application to contemporary authentication methods.
|
3 |
| CSEC-499 |
Cooperative Education in CSEC (summer)
Students will gain experience and a better understanding of the application of technologies discussed in classes by working in the field of computing security. Students will be evaluated by their employer. If a transfer student, they must have completed one term in residence at RIT and be carrying a full academic load.
|
0 |
| CSCI-462 |
Introduction to Cryptography
This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication.
|
3 |
| ISTE-230 |
Introduction to Database and Data Modeling
A presentation of the fundamental concepts and theories used in organizing and structuring data. Coverage includes the data modeling process, basic relational model, normalization theory, relational algebra, and mapping a data model into a database schema. Structured Query Language is used to illustrate the translation of a data model to physical data organization. Modeling and programming assignments will be required. Note: students should have one course in object-oriented programming.
|
3 |
| PUBL-363 |
Cyber Security Policy and Law
Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The
central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws.
|
3 |
CSEC Undergraduate Elective |
3 | |
CSEC Graduate Elective |
3 | |
Free Electives |
6 | |
LAS Immersion 1 (WI) |
3 | |
| Fourth Year | ||
| CSEC-490 |
Capstone in Computing Security (WI)
This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications.
|
3 |
CSEC Undergraduate Electives |
6 | |
CSEC Graduate Elective |
3 | |
CSEC Research Elective |
3 | |
LAS Immersion 2, 3 |
6 | |
Free Electives |
6 | |
LAS Elective‡ |
3 | |
| Fifth Year | ||
| CSEC-742 |
Computer System Security
The importance of effective security policies and procedures coupled with experience and practice is emphasized and reinforced through research and practical assignments. Organization and management of security discipline and response to threats is studied. Case studies of effective and failed security planning and implementation will be examined and analyzed. The issues influencing proper and appropriate planning for security and response to attacks will be studied. To be successful in this course students should be knowledgeable in networking, systems, and security technologies.
|
3 |
Computing Security Research Elective |
3 | |
Computing Security Graduate Electives |
9 | |
| CSEC-790 |
MS Thesis
This course is a capstone course in the MS in computing security program. It offers students the opportunity to investigate a selected topic and make an original contribution which extends knowledge within the computing security domain. As part of their original work students will write and submit for publication an article to a peer reviewed journal or conference. Students must submit an acceptable proposal to a thesis committee (chair, reader, and observer) before they may be registered by the department for the MS Thesis. Students must defend their work in an open thesis defense and complete a written report of their work before a pass/fail grade is awarded.
|
6 |
| Total Semester Credit Hours | 147 |
|
Please see General Education Curriculum–Liberal Arts and Sciences (LAS) for more information.
(WI) Refers to a writing intensive course within the major.
* Please see Wellness Education Requirement for more information. Students completing bachelor's degrees are required to complete two different Wellness courses.
† Students must complete one of the following lab science sequences: University Physics I and University Physics II (PHYS-211/212), General & Analytical Chemistry I, General & Analytical Chemistry I Lab, General & Analytical Chemistry II, and General & Analytical Chemistry II Lab (CHMG-141/142/145/146), or General Biology I, General Biology I Lab, General Biology II, and General Biology II Lab (BIOL-101/102/103/104).
‡ Choose one of the following philosophy courses: Introduction to Moral Issues (PHIL-102), Foundations of Moral Philosophy (PHIL-202), or Professional Ethics (PHIL-306).
Computing Security, BS degree/Science, Technology and Public Policy, MS degree, typical course sequence
| Course | Sem. Cr. Hrs. | |
|---|---|---|
| First Year | ||
| CSEC-101 |
Fundamentals of Computing Security
An introduction to the fundamental issues, concepts and tools common to all areas of computing security. Topics include identifying attackers and their motivations. Essential techniques will be introduced covering the areas of anti-virus, monitoring, virtual machines, account control, and access rights management. Various security models will be investigated. Concept areas such as confidentiality, integrity, availability and privacy will be studied.
|
3 |
| CSCI-141 |
Computer Science I
This course serves as an introduction to computational thinking using a problem-centered approach. Specific topics covered include: expression of algorithms in pseudo code and a programming language; functional and imperative programming techniques; control structures; problem solving using recursion; basic searching and sorting; elementary data structures such as lists, trees, and graphs; and correctness, testing and debugging. Assignments (both in class and for homework) requiring a pseudo code solution and an implementation are an integral part of the course. An end-of-term project is also required.
|
4 |
| CSCI-142 |
Computer Science II
This course delves further into problem solving by continuing the discussion of data structure use and design, but now from an object-oriented perspective. Key topics include more information on tree and graph structures, nested data structures, objects, classes, inheritance, interfaces, object-oriented collection class libraries for abstract data types (e.g. stacks, queues, maps, and trees), and static vs. dynamic data types. Concepts of object-oriented design are a large part of the course. Software qualities related to object orientation, namely cohesion, minimal coupling, modifiability, and extensibility, are all introduced in this course, as well as a few elementary object-oriented design patterns. Input and output streams, graphical user interfaces, and exception handling are covered. Students will also be introduced to a modern integrated software development environment (IDE). Programming projects will be required.
|
4 |
| MATH-181 |
LAS Perspective 7A (mathematics): Project-Based Calculus I
This is the first in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers functions, limits, continuity, the derivative, rules of differentiation, applications of the derivative, Riemann sums, definite integrals, and indefinite integrals.
|
4 |
| MATH-182 |
LAS Perspective 7B (mathematics): Project-Based Calculus II
This is the second in a two-course sequence intended for students majoring in mathematics, science, or engineering. It emphasizes the understanding of concepts, and using them to solve physical problems. The course covers techniques of integration including integration by parts, partial fractions, improper integrals, applications of integration, representing functions by infinite series, convergence and divergence of series, parametric curves, and polar coordinates.
|
4 |
| MATH-190 |
Discrete Mathematics for Computing
This course introduces students to ideas and techniques from discrete mathematics that are widely used in Computer Science. Students will learn about the fundamentals of propositional and predicate calculus, set theory, relations, recursive structures and counting. This course will help increase students’ mathematical sophistication and their ability to handle abstract problems.
|
3 |
| NSSA-241 |
Introduction to Routing and Switching
This course provides an introduction to wired network infrastructures, topologies, technologies, and the protocols required for effective end-to-end communication. Basic security concepts for TCP/IP based technologies are introduced. Networking layers 1, 2, and 3 are examined in-depth using the International Standards Organization’s Open Systems Interconnection and TCP/IP models as reference. Course topics focus on the TCP/IP protocol suite, the Ethernet LAN protocol, switching technology, and routed and routing protocols common in TCP/IP networks. The lab assignments mirror the lecture content , providing an experiential learning component for each topic covered.
|
3 |
| YOPS-10 | RIT 365: RIT Connections |
0 |
LAS Perspective 1 (ethical) |
3 | |
LAS Perspective 2 (artistic) |
3 | |
First Year Writing (WI) |
3 | |
Wellness Education* |
0 | |
| Second Year | ||
| CSEC-099 |
Cooperative Education Seminar
This course helps students prepare for co-operative education employment (“co-op”) by developing job search strategies and material. Students will explore current and emerging aspects of the Computing Security field with employers, alumni and current students who have already been on co-op. Students are introduced to RIT’s Office of Career Services and Cooperative Education and learn about professional and ethical responsibilities for their co-op and subsequent professional experiences. Students will work collaboratively to build résumés and to prepare for interviews.
|
0 |
| CSEC-201 |
Programming for Information Security
This course builds upon basic programming skills to give students the programming knowledge necessary to study computing security. Students will be introduced to network programming, memory management, and operating system calls along with associated security concepts. Specific focus will placed on understanding the compilation process and on the relation between high-level programming concepts and low-level programming concepts, culminating in identifying and exploiting memory corruption vulnerabilities.
|
3 |
| CSEC-202 |
Reverse Engineering Fundamentals
This course will teach students the core concepts needed to analyze unknown source code. Students will study a variety of low-level programming languages and how high-level programming language structures relate to low-level programming languages. Students will learn study tools and techniques used for both static and dynamic analysis of unknown binaries, providing the foundation for further study in malware analysis.
|
3 |
| CSEC-499 |
Cooperative Education in CSEC (summer)
Students will gain experience and a better understanding of the application of technologies discussed in classes by working in the field of computing security. Students will be evaluated by their employer. If a transfer student, they must have completed one term in residence at RIT and be carrying a full academic load.
|
0 |
| MATH-251 |
Probability and Statistics I
This course introduces sample spaces and events, axioms of probability, counting techniques, conditional probability and independence, distributions of discrete and continuous random variables, joint distributions (discrete and continuous), the central limit theorem, descriptive statistics, interval estimation, and applications of probability and statistics to real-world problems. A statistical package such as Minitab or R is used for data analysis and statistical applications.
|
3 |
| Choose one of the following: | 3 |
|
| MATH-241 |
Linear Algebra
This course is an introduction to the basic concepts of linear algebra, and techniques of matrix manipulation. Topics include linear transformations, Gaussian elimination, matrix arithmetic, determinants, vector spaces, linear independence, basis, null space, row space, and column space of a matrix, eigenvalues, eigenvectors, change of basis, similarity and diagonalization. Various applications are studied throughout the course.
|
|
| MATH-252 |
Probability and Statistics II
This course covers basic statistical concepts, sampling theory, hypothesis testing, confidence intervals, point estimation, and simple linear regression. The statistical software package MINITAB will be used for data analysis and statistical applications.
|
|
| NSSA-221 |
Systems Administration I
This course is designed to give students an understanding of the role of the system administrator in large organizations. This will be accomplished through a discussion of many of the tasks and tools of system administration. Students will participate in both a lecture section and a separate lab section. The technologies discussed in this class include: operating systems, system security, and service deployment strategies.
|
3 |
| NSSA-245 |
Network Services
This course will investigate the protocols used to support network based services and the tasks involved in configuring and administering those services in virtualized Linux and Windows internet working environments. Topics include an overview of the TCP/IP protocol suite, in-depth discussions of the transport layer protocols, TCP and UDP, administration of network based services including the Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), Secure Shell (SSH), and Voice Over IP (VoIP). Students completing this course will have thorough theoretical knowledge of the Internet Protocol (IP), the Transport Control Protocol (TCP), and the User Datagram Protocol (UDP), as well as experience in administering, monitoring, securing and troubleshooting an internet work of computer systems running these protocols and services.
|
3 |
LAS Perspective 3 (global) |
3 | |
LAS Perspective 4 (social) |
3 | |
LAS Perspective 5 (natural science inquiry)‡ |
4 | |
LAS Perspective 6 (scientific principles)‡ |
4 | |
| Third Year | ||
| CSCI-462 |
Introduction to Cryptography
This course provides an introduction to cryptography, its mathematical foundations, and its relation to security. It covers classical cryptosystems, private-key cryptosystems (including DES and AES), hashing and public-key cryptosystems (including RSA). The course also provides an introduction to data integrity and authentication.
|
3 |
| CSEC-380 |
Principles of Web Application Security
This course is designed to give students a foundation in the theories and practice relating to web application security. The course will introduce students to the concepts associated with deploying and securing a typical HTTP environment as well as defensive techniques they may employ.
|
3 |
| CSEC-472 |
Authentication and Security Models
As more users access remote systems, the job of identifying and authenticating those users at distance becomes increasingly difficult. The growing impact of attackers on identification and authentication systems puts additional strain on our ability to ensure that only authorized users obtain access to controlled or critical resources. This course reviews basic cryptology techniques and introduces their application to contemporary authentication methods.
|
3 |
| CSEC-499 |
Cooperative Education in CSEC (summer)
Students will gain experience and a better understanding of the application of technologies discussed in classes by working in the field of computing security. Students will be evaluated by their employer. If a transfer student, they must have completed one term in residence at RIT and be carrying a full academic load.
|
0 |
| ISTE-230 |
Introduction to Database and Data Modeling
A presentation of the fundamental concepts and theories used in organizing and structuring data. Coverage includes the data modeling process, basic relational model, normalization theory, relational algebra, and mapping a data model into a database schema. Structured Query Language is used to illustrate the translation of a data model to physical data organization. Modeling and programming assignments will be required. Note: students should have one course in object-oriented programming.
|
3 |
| PUBL-363 |
Cyber Security Policy and Law
Why are we still so bad at protecting computer systems? Is it because we don’t have good enough technology? Or because we lack sufficient economic incentives to implement that technology? Or because we implement technologies but then fail to use them correctly? Or because the laws governing computer security are so outdated? Or because our legal frameworks are ill-equipped to deal with an international threat landscape? All these reasons—and others— have been offered to explain why we seem to see more and more large-scale cybersecurity incidents and show no signs of getting better at preventing them. This course will examine the non-technical dimensions of this problem—the laws and other policy measures that govern computer security threats and incidents. We will focus primarily on U.S. policy but will also discuss relevant policies in the E.U. and China, as well as international tensions and norms. The
central themes of the course will be the ways in which technical challenges in security can be influenced by the social, political, economic, and legal landscapes, and what it means to protect against cybersecurity threats not just by writing better code but also by writing better policies and laws.
|
3 |
CSEC Electives |
6 | |
Free Electives |
6 | |
LAS Immersion 1 |
3 | |
| Fourth Year | ||
| CSEC-490 |
Capstone in Computing Security
This is a capstone course for students in the information security and forensics program. Students will apply knowledge and skills learned and work on real world projects in various areas of computing security. Projects may require performing security analysis of systems, networks, and software, etc., devising and implementing security solutions in real world applications.
|
3 |
| PUBL-701 |
Graduate Policy Analysis
This course provides graduate students with necessary tools to help them become effective policy analysts. The course places particular emphasis on understanding the policy process, the different approaches to policy analysis, and the application of quantitative and qualitative methods for evaluating public policies. Students will apply these tools to contemporary public policy decision making at the local, state, federal, and international levels.
|
3 |
| PUBL-702 |
Graduate Decision Analysis
This course provides students with an introduction to decision science and analysis. The course focuses on several important tools for making good decisions, including decision trees, including forecasting, risk analysis, and multi-attribute decision making. Students will apply these tools to contemporary public policy decision making at the local, state, federal, and international levels.
|
3 |
CSEC Electives |
12 | |
LAS Elective† |
3 | |
LAS Immersion 2, 3 |
6 | |
| Fifth Year | ||
| PUBL-700 |
Readings in Public Policy
An in-depth inquiry into key contemporary public policy issues. Students will be exposed to a wide range of important public policy texts, and will learn how to write a literature review in a policy area of their choosing.
|
3 |
| PUBL-703 |
Program Evaluation and Research Design
The focus of this course is on evaluation of program outcomes and research design. Students will explore the questions and methodologies associated with meeting programmatic outcomes, secondary or unanticipated effects, and an analysis of alternative means for achieving program outcomes. Critique of evaluation research methodologies will also be considered.
|
3 |
| PUBL-790 |
Public Policy Thesis
The master's thesis in science, technology, and public policy requires the student to select a thesis topic, advisor and committee; prepare a written thesis proposal for approval by the faculty; present and defend the thesis before a thesis committee; and submit a bound copy of the thesis to the library and to the program chair.
|
6 |
| STSO-710 |
Graduate Science and Technology Policy Seminar
Examines how federal and international policies are developed to influence research and development, innovation, and the transfer of technology in the United States and other selected nations. Students in the course will apply basic policy skills, concepts, and methods to contemporary science and technology policy topics.
|
3 |
Public Policy Graduate Electives |
6 | |
Graduate Elective |
3 | |
| Total Semester Credit Hours | 150 |
|
Please see General Education Curriculum–Liberal Arts and Sciences (LAS) for more information.
(WI) Refers to a writing intensive course within the major.
* Please see Wellness Education Requirement for more information. Students completing bachelor's degrees are required to complete two different Wellness courses.
† Choose one of the following philosophy courses: Introduction to Moral Issues (PHIL-102), Foundations of Moral Philosophy (PHIL-202), or Professional Ethics (PHIL-306).
‡ Students must complete one of the following lab science sequences: University Physics I and University Physics II (PHYS-211/212), General & Analytical Chemistry I, General & Analytical Chemistry I Lab, General & Analytical Chemistry II, and General & Analytical Chemistry II Lab (CHMG-141/142/145/146), or General Biology I, General Biology I Lab, General Biology II, and General Biology II Lab (BIOL-101/102/103/104).
Admission Requirements
Freshman Admission
For all bachelor’s degree programs, a strong performance in a college preparatory program is expected. Generally, this includes 4 years of English, 3-4 years of mathematics, 2-3 years of science, and 3 years of social studies and/or history.
Specific math and science requirements and other recommendations
- 4 years of math including pre-calculus required
- Requires chemistry or physics and strongly recommends both.
- Computing electives are recommended
Transfer Admission
Transfer course recommendations without associate degree
Courses in computer science, calculus, liberal arts; calculus-based physics, chemistry, or biology
Appropriate associate degree programs for transfer
AS degree in computer science, engineering science, or liberal arts
Learn about admissions and financial aid