CISC207 Ethical Hacking and Penetration Testing (Experimental)
Department of Science, Technology, Engineering & Mathematics: Computer/Information Science
- I. Course Number and Title
- CISC207 Ethical Hacking and Penetration Testing (Experimental)
- II. Number of Credits
- 4 credits
- III. Number of Instructional Minutes
- 3000
- IV. Prerequisites
- CISC143 (C or better)
- Corequisites
- None
- V. Other Pertinent Information
- A significant portion of the course is dedicated to developing hands-on proficiency with cybersecurity software tools. Laboratory work is designed to provide the student with practical experience developing and implementing system assessments. A comprehensive final examination will be included in the course. The final will be evaluated at 15 - 25% of the course grade. A minimum of six laboratory assignments and exercises will be required. The laboratory grade will comprise no more than one-third of the course grade.
- VI. Catalog Course Description
- This course explores techniques employed by security professionals to highlight issues with network security and identify the security measures they need to put in place to protect digital assets. Course topics include planning penetration testing engagements, identifying digital assets, recognizing threats and threat agents, determining risk, and generating remediation plans.
- VII. Required Course Content and Direction
-
-
Course Learning Goals
Students will develop the knowledge and skills to:
- Plan and scope a penetration testing engagement;
- Demonstrate knowledge of legal and compliance requirements;
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques;
- Analyze the results of an assessment exercise; and
- Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations.
-
Planned Sequence of Topics and/or Learning Activities
Planning & Scoping
- Includes updated techniques emphasizing governance, risk, and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset.
Windows Operating Systems
- Information Gathering and Vulnerability Scanning
- Includes developing skills in performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of a reconnaissance drill.
Software Troubleshooting
- Attacks and Exploits
- Consists of updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks and attacks on cloud technologies, and performing post-exploitation methods.
Networking
- Reporting and Communication
- Focused on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analyzing findings and recommending appropriate remediation within a report.
Hardware & Network Troubleshooting
- Tools and Code Analysis
- Aims to help students identify scripts in various software deployments, analyze a script or code sample, and explain use cases of various tools used during the phases of a penetration test.
-
Assessment Methods for Course Learning Goals
For each topic covered in the course, student performance related to the course learning goals will be evaluated by way of unit exams and hands-on graded lab projects. In addition, students' mastery of the subject matter will be assessed using at least two (2) major projects. A comprehensive final exam will be used to evaluate students' level of proficiency in all of the course topics. -
Reference, Resource, or Learning Materials to be used by Student:
A departmentally-selected textbook and Internet-based resources will be used in this course. Details on learning resources and reference materials will be provided by the instructor at the beginning of each course section. See the course syllabus.
-
New 11/15/2023