CyberSecurity Development
To understand the scope of student opportunities enjoyed by Rose State College students, it is important to understand the uniqueness of its setting. With 27,000 civilian and military personnel, Tinker Air Force Base is the largest air depot installation in the United States and the largest employer of the state of Oklahoma. Many of these employees and their dependents are Rose State College students. As Rose State College is located less than a mile from the gates, Rose State College has a long-standing relationship with the Base. Beginning in 1971, the College has been the preferred location for Tinker AFB training workshops. In 2009, the College hosted 14,000 individuals in credit and non-credit training in the Professional Education and Training Center. Approximately 90% of the training was Tinker AFB and related.
To serve its constituents such as Tinker AFB and its contractors and the state of Oklahoma, Rose State College has developed many courses which incorporate CNSS certificates into the two-year associates degree. Faculty members associated with CSEC have worked across several states to standardize programs in the area of Cyber Security, Information Assurance and Digital Forensics.
Degrees
Networking A.A.S. at RSC Degree
The networking option focuses on operating systems, networking, local area networks, and security principles. The cyber security emphasis also includes an understanding of wireless, biometrics, and remote access technologies along with forensic investigation methods. Students are prepared to pass industry certification exams. A background check is required for cyber security majors. Program requires admission to Rose State College and an interview with a Networking Cyber/Security faculty member. Paid internships are available.
Cyber Security A.A.S. at RSC Degree
“Cyber security” prevents hackers, spies, thieves or other unauthorized users from breaking into computer systems and networks. Rose State College is the *only* two-year program in the country where you can gain all six levels of federal cyber security certification. You can find a high-tech, well-paying job within two years or even go on to advanced degrees with greater rewards. Enroll in Rose State College’s Cyber Security program and join the ranks of cyber-warriors in the FBI, CIA, the Pentagon or private business.
Computer Information Technology A.A.S. at RSC Degree
This program gives you a well rounded approach to the business world with a concentration in programming languages. Oracle, C++, Java, HTML, Visual Basic and .Net are the languages you have to select from. Other classes include Microcomputer Hardware and Operating Systems, Micro Applications, Systems Analysis and Design, and Computer Information Systems Management.
Certificates
Certificate for NSTISSI 4011 - Information System Security Professional
This 18 hour certificate program is available to undergraduates and non-traditional students. The core of the program includes CIT 2563 (Computer Security), CIT 2513 (Secure Electronic Commerce), CIT 2403 Advanced Networking Concepts, CIT 2543 (Information Security Assurance).
Beyond the core, students take two Information Assurance (IA) electives. Students participating in the program must register as such for each Systems course to receive specialized INFOSEC training/assignments in these courses. (An option for working non-traditional students is to demonstrate proficiency in systems areas by passing comprehensive examinations in those areas.)
4011 Certificate Curriculum:
CIT 2563 Computer Security 3 hours CIT 2513 Secure Electronic Commerce 3 hours CIT 2403 Advanced Networking Concepts 3 hours CIT 2543 Information Security Assurance 3 hours Information Assurance Elective 1 (not listed above) 3 hours Information Assurance Elective 2 (not listed above)
Certificate for CNSS 4012 - Senior System Managers
The 4012 certificate program, aimed at Senior System Managers (SSMs), extends the 4011 certificate with an additional course, CIT 2523 (Enterprise Security Management). This course provides the additional body of knowledge required by SSMs to accredit, extend and operate enterprise information systems in a secure mode.
4012 Certificate Curriculum
CIT 2563 Computer Security 3 hours
CIT 2513 Secure Electronic Commerce 3 hours
CIT 2523 Enterprise Security Management 3 hours
CIT 2403 Advanced Networking Concepts 3 hours
CIT 2543 Information Security Assurance 3 hours
Information Assurance Elective 1 (not listed above) 3 hours
Information Assurance Elective 2 (not listed above) 3 hours
Total: 21 hours
Certificate for CNSS 4013 - System Administrators
The 4013 certificate program, aimed at System Administrators (SAs), extends the 4011 program with an additional course, CIT 2573 (Secure System Administration and Certification). This course provides the additional body of knowledge required to accredit, extend and operate as administrators of information systems in a secure mode.
4013 Certificate Curriculum
CIT 2563 Computer Security 3 hours
CIT 2513 Secure Electronic Commerce 3 hours
CIT 2573 Secure System Administration and Certification 3 hours
CIT 2643 Wireless Networking 3 hours
CIT 2323 Network Security 3 hours
Network Systems Course (not listed above) 3 hours
Information Assurance Elective 1 (not listed above) 3 hours
Information Assurance Elective 2 (not listed above) 3 hours
Total : 24 hours
Certificate for CNSS 4014 - Information System Security Officer
The 4014 certificate program, aimed at certifying Information Systems Security Officers, extends the 4011 program with an additional course, CIT 2523 (Enterprise Security Management). This course provides the additional body of knowledge required to accredit, extend and operate enterprise information systems in a secure mode. Moreover, proficiency in operating systems, databases and networks must be demonstrated.
4014 Certificate Curriculum
CIT 2563 Computer Security 3 hours
CIT 2513 Secure Electronic Commerce 3 hours
CIT 2523 Enterprise Security Management 3 hours
CIT 2583 Operating Systems 3 hours
CIT 2183 Advanced Databases 3 hours
Network Systems Course (not listed above) 3 hours
Information Assurance Elective 1 (not listed above) 3 hours
Information Assurance Elective 2 (not listed above) 3 hours
Total: 24 hours
Certificate for CNSS 4015 - System Certifier
The 4015 certificate program, aimed at certifying systems certifiers, extends the 4011 program with additional courses, CIT 2523 (Enterprise Security Management) and CIT 2573 (Secure System Administration and Certification). This course provides the additional body of knowledge required to accredit, extend and operate as systems certifiers in a secure mode. Moreover, proficiency in operating systems, databases and networks must be demonstrated.
4015 Certificate Curriculum
CIT 2563 Computer Security 3 hours
CIT 2513 Secure Electronic Commerce 3 hours
CIT 2523 Enterprise Security Management 3 hours
CIT 2573 Secure System Administration and Certification 3 hours
CIT 2583 Operating Systems 3 hours
CIT 2183 Advanced Databases 3 hours
Network Systems Course (not listed above) 3 hours
Information Assurance Elective 1 (not listed above) 3 hours
Information Assurance Elective 2 (not listed above) 3 hours
Total: 27 hours
Certificate for CNSS 4016 - Risk Analyst
The 4016 certificate program, aimed at training individuals performing risk analyst function for national security systems and unclassified systems. This standard presents an in-depth analysis of the range of skills required for persons performing RA function.
4016 Certificate Curriculum
CIT 2563 Computer Security 3 hours
CIT 2513 Secure Electronic Commerce 3 hours
CIT 2523 Enterprise Security Management 3 hours
CIT 2573 Secure System Administration and Certification 3 hours
CIT 2603 Security Auditing and Penetration Testing 3 hours
CIT 2583 Operating Systems 3 hours
CIT 2323 Network Security 3 hours
Network Systems Course (not listed above) 3 hours
Information Assurance Elective 1 (not listed above) 3 hours
Total: 27 hours
Articulation Agreements
The following four-year institutions have a transfer agreement with Rose State College:
- Agreement with Oklahoma State University Information Technology - Degree in Information Assurance and Forensics (PDF)
- Agreement with South Western Oklahoma State University - Degree in Computer Science or Information Systems (PDF)
In addition to the acceptance of Associate in Science and Associate in Arts transfer degree programs, Rose State College has entered into specific articulation agreements for specific programs such as Cyber Security, Applied Technology, Technical Supervision and Management, and others. Four-year institutions with which Rose State College holds articulation agreements include the College of Liberal Studies at the University of Oklahoma the University of Central Oklahoma, East Central University, Northeastern Oklahoma State University, and others. Evidence of the articulation agreements at this web site.
The state of Oklahoma offers concurrent enrollment to high school students who meet the required academic criteria. Rose State College participates in this initiative with Mid-Del Public Schools and various smaller school systems within its service area. The Prospective Student Services Office, the College student recruiting oversees these outreach efforts as well as the gap funding initiative, “Ticket to Rose” that became available to students in 2009. In addition, specific articulation agreements, Cooperative Alliances, which pertain to the Cyber Security Program have been negotiated which allow for articulation between the technology center of the Mid-Del Public School System, and other area technology centers in the College’s service area. Students who are in the related programs may earn college credit while still attending the career technology center. These Cooperative Alliances are available at the following website. A specific “Technology Center Catalog” is printed annually and made available on the College website. This catalog specifies the admission and enrollment requirements and the course equivalencies between the College coursework and the technology center program coursework.
Evidence of the Cooperative Alliance Agreements can be seen in excerpts from the “Technology Center Catalog” designating the course equivalencies: Career Tech Catalog (PDF).
- PDF of the Mid-Del Technology Center agreement (page 10)
Actual Articulation Agreement - Eastern Oklahoma County Technology Center (page 10)
Actual Articulation Agreement - Metro Technology Center (page 10)
Actual Articulation Agreement - Moore Norman Technology Center (page 10)
Actual Articulation Agreement - Gordon Cooper Technology Center (page 10)
Actual Articulation Agreement
Workshops/Competitions
Rose State College also hosts workshops on “Identity Theft,” “Risk Management,” and “Access Data Certified Examiner Training,” the Forensic Toolkit training, to local schools and other two-year institutions during in-service training. Schools that have participated in these training activities include:
- Rose State College participating in the DC3 challenge 2009-2010
- Rose State Cyber Security / Information Assurance competition 2007
1st Place Chad Johnson - Free Cruise
2nd Place Grant Katus - Free Cruise - Rose State Cyber Security / Information Assurance competition 2008
1st Place Jimmy Scruggs - Free Cruise
2nd Place Amber May - Free Cruise - Rose State Cyber Security / Information Assurance competition 2009
(IA competition canceled in 2009 due to scheduling conflict) - Rose State Cyber Security sponsored the Biggest Loser 2008-2009 Competition
2008-2009 Flyer (PDF)
1st Place - Kimberly Mayhall - $500
2nd Place - Ken Dewey - $350
3rd Place - Landry Nagle - $150 - Rose State Cyber Security / Information Assurance competition 2010
Spring 2010 Flyer (PDF)
1st Place - Brandon Hale - $100 Best Buy Gift Card
2nd Place - Laura Lewis - $50 Best Buy Gift Card
3rd Place - Shawn Blood - Rose State Cyber Security Polo Shirt
All participants will receive a 16GB USB Flash Drive
Current competitions hosted by or assisted by the Rose State IA Program:
- Cyber Security Invitational Competition – hosted by OSU-IT, Rose State Cyber Security students served as mentors to the career technology students entered in the competition
- Skills USA – Rose State Cyber Security students mentored students in the area of Micro Hardware and Operating Systems and also in the area of Networking
Links to Courses with Lab Training
All the classes taught in the Rose State Cyber Security program are application based and utilize a “hands-on” portion and experiential lab training. The percentage of lab training has recently increased with the implementation of the virtualization infrastructure.
Courses that incorporate a lab component:
CIT 2323 Network Security course
Course Length: This 3 credit hour undergraduate course runs for 16 weeks with 2.5 contact hours per week totaling 40 contact hours. Projects assigned during the course will require an estimated 2 times the amount of contact hours for an additional 80 hours bringing the estimated total class hours to 120.
Course Description: The student will learn the fundamentals of network security. Students will study security design and development.
Course Learning Objectives: The student will learn the fundamentals of network security. Students will study security design and development. The proper use of access control lists, firewalls, VPNs, and Intrusion Detection Systems.
Major Topics: Upon completion of Network Security, the student will be able to:
- Demonstrate a basic knowledge of Network Security.
- Demonstrate the ability to design and implement a secure network.
- Demonstrate the ability to analysis and assess security breeches.
- Configure access control lists
- Verify audit log overflow policy
- Secure audit trails from unauthorized alteration and/or deletion
- Discuss requirements reporting alternative means to satisfy audit collections
- Verify criteria for generating alerts provided by audit tools
- Demonstrate proper host hardening techniques
- Discuss documenting results of any change in security processing mode
- Configure security policies
- Configure and evaluate Virtual Private Networks
- Configure and evaluate Firewalls
- Understand dialup, dedicated connections, public vs. private networks and the different security issues associated with each
- Segment and configure networks to include DMZs
- Configure and evaluate various Intrusion Detection Systems
- Different Encryption methods - pros and cons
- Demonstrate a basic knowledge of asynchronous vs. synchronous
- Analyze network traffic
- Identify and fingerprint various different network protocols
- Method of Instruction: Lectures, class discussion, hands on projects for both individuals and groups, tests covering text and projects.
Course Assessment: The basic means of evaluation will be student scores on tests, lab assignments, projects and other assignments relating to the course material.
Grades for the course will be based on the following:
Two Examinations 45%
Homework 20%
Individual Projects 20%
Analyzing network traffic
Fingerprinting - Identifying network protocols
Attendance / Participation 15%
These scores will be equated to a semester score between 0 and 100. The final grade will be based on the standard A-F scale. Borderline scores will be considered for equating the next higher grade by the instructor, based on attendance, participation, and demonstrated effort.
CIT 2563 Computer Security course
Course Length: This 3 credit hour undergraduate course runs for 16 weeks with 2.5 contact hours per week totaling 40 contact hours. Projects assigned during the course will require an estimated 1.5 times the amount of contact hours for an additional 60 hours bringing the estimated total class hours to 100.
Course Description: Students will be introduced to security problems in computer, basic encryption and decryption techniques. Secure encryption systems and cryptographic protocols and practices will also be presented.
Course Prerequisites: CIT 1613
Course Learning Objective: An understanding of basic concepts of computer security. Emphasis on encryption and decryption, and cryptographic protocols and practices.
Major Topics Covered: Upon completion of Computer Security the student will be able to:
- define security
- communication security
- modes of operation
- discuss compartmented and partitioned security aspects
- identify threats, vulnerabilities, risks and the major categories and impact of threats
- describe aspects of countermeasures
- describe methods of defense
- examine encryption and decryption
- examine cryptography techniques and concepts
- discuss the crypto elements of interruption, interception, modification and fabrication
- discuss key management as it pertains to crypto systems
- electronic key management system (EKMS) policy and procedure
- evaluate secure programs
- verify contents of user registries and access control tables
- examine different transmission techniques and security
- identify protection in Operating Systems
- evaluate database security
- data protection via passwords, physical, encryption and biometrics
- intrusion methods and countermeasures
- identify risk analysis
- appraise identification and authentication mechanisms
- policy management and risk management
- DITSCAP and certification/accreditation
- life cycles, trusts, modes, and NSTISS
- personnel roles and responsibilities
- implement RSA
- discuss TEMPEST
- evaluate emanation security
- access controls
- Mandatory Access control lists
- Discretionary Access control lists
- Vulnerability analysis
Method of Instruction: Lectures, class discussion, hands on projects for both individuals and groups, tests covering text and projects
Course Assessment: The basic means of evaluation will be student scores on tests, lab assignments, projects and other assignments relating to the course material.
Grades for the course will be based on the following:
Two Examinations 45%
Homework 20%
Individual Projects 10%
Group Projects 10%
Attendance / Participation 15%
These scores will be equated to a semester score between 0 and 100. The final grade will be based on the standard A-F scale. Borderline scores will be considered for equating the next higher grade by the instructor, based on attendance, participation, and demonstrated effort.
CIT 1503 Intro to Networks course
Course Length: This 3 credit hour undergraduate course runs for 16 weeks with 2.5 contact hours per week totaling 40 contact hours.
Course Description: An introductory course which covers the fundamental hardware and software concepts involved in a basic network. The standard open systems interconnect model, popular LAN topologies and network administration will be discussed.
Major Topics: Upon completion of Introduction to Networks the student will be introduced to:
- Networking standards
- OSI model
- Network protocols
- Transmission basics and media
- Physical and logical topologies
- Networking hardware
- WANs and remote connectivity
- Network OS
- Netware
- Networking with UNIX
- TCP/IP and the Internet
- Troubleshooting
- Maintaining and upgrading a network
- Integrity and availability
- Network security
Method of Instruction: Lectures, class discussion, hands on projects for both individuals and groups, tests covering text and projects.
Course Assessment: The basic means of evaluation will be student scores on tests, lab assignments, projects and other assignments relating to the course material. These scores will be equated to a semester score between 0 and 100. The final grade will be based on the standard A-F scale. Borderline scores will be considered for equating the next higher grade by the instructor, based on attendance, participation, and demonstrated effort.
CIT 1523 Micro Hardware and Operating Systems course
Course Length: This 3 credit hour undergraduate course runs for 16 weeks with 2.5 contact hours per week totaling 40 contact hours.
Course Description: An introductory course which covers the fundamental hardware and software concepts involved in a basic network. The standard open systems interconnect model, popular LAN topologies and network administration will be discussed.
Major Topics: Upon completion of Introduction to Networks the student will be introduced to:
- Introducing Hardware
- How Hardware and Software Work Together
- Understanding the Boot Process and Command Line
- Electricity and Power Supplies
- The Motherboard
- Managing Memory
- Floppy Drives
- Understanding and Installing Hard Drives
- Optimizing and Protection Hard Drives
- Supporting I/O Devices
- Multimedia Devices and Mass Storage
- Supporting Windows 9x
- Windows 2000 and Windows NT
- Managing and Troubleshooting Windows 2000
- Installing and Using Windows XP Professional
- Managing and Supporting Windows XP Professional
- Supporting Modems
- PCs on a Network
- PCs on the Internet
- Notebooks, Tablet PCs, and PDAs
- Supporting Printers
Method of Instruction: Lectures, class discussion, hands on projects for both individuals and groups, tests covering text and projects.
Course Assessment: The basic means of evaluation will be student scores on tests, lab assignments, projects and other assignments relating to the course material. These scores will be equated to a semester score between 0 and 100. The final grade will be based on the standard A-F scale. Borderline scores will be considered for equating the next higher grade by the instructor, based on attendance, participation, and demonstrated effort.
CIT 2513 Secure Electronic Commerce course
Course Length: This 3 credit hour undergraduate course runs for 16 weeks with 2.5 contact hours per week totaling 40 contact hours. Projects assigned during the course will require an estimated 1.5 times the amount of contact hours for an additional 60 hours bringing the estimated total class hours to 100.
Course Description: This course is an in depth study of secure electronic commerce, cryptography, passwords, certification authorities, public key infrastructure, biometrics, digital signatures and PKI. Legal and national policy secure electronic commerce issues will be discussed.
Course Prerequisites: CIT 1503
Course Learning Objectives: Upon completion of Secure E- Commerce the student will have an understanding of secure electronic commerce architectures and proficiency with related technologies. Students will gain an appreciation for legislative and regulatory issues of secure electronic commerce and the role of public policy in shaping a global digital economy. An introduction to security architectures for secure electronic commerce including digital signatures, certificates, and public key infrastructure (PKI) will be presented. Legal and national policy secure electronic commerce issues will be examined.
Major Topics: Upon completion of this course, students will have an understanding of the following topics:
- Web technology
- Privacy and security for users
- Web server security
- Security for content providers system development and how the system is maintained
- National COMSEC policy
- Digital signatures
- Public Key Infrastructure (PKI)
- Electronic Key Management Systems (EKMS)
- EKMS policy and procedures
- EDI
- Symmetric and asymmetric systems
- Risk management and assessment
- Roles and responsibilities of organizational personnel
- Cryptography
- Utilize telnet and xml
- Utilize Unix in an automated trading environment
- RSA
- SSL
- Certificates
- Credit Card Transactions
- Basic Encryption
- TEMPEST schemes and theory
- Have an understanding of legal and national policies pertaining to ecommerce
- Cyber Law and ethics
- Uniform laws, UETA, UCITA, and ESIGN
- Digital and non-digital evidence
- Hardware, software, input, output and multi-user environments vulnerabilities are discussed
- Concurrent access to storage devices
- Utilizing multiple drives for redundancy purposes
- Pros and cons of distributed and stand alone systems are discussed
- Information warfare (INFOWAR)
- Database applications as pertaining to distributed systems
- Operations security and information security
- Contingency planning and disaster recovery
- Communications security
- Classification and destruction of information is examined
- Security clearances and managing of classified data is discussed
- Threat identification, prioritization, vulnerabilities and countermeasures
- Policy creation, enforcement and management
- Discretionary, mandatory and non-discretionary access control methods
- Role-based and task-based control methods
- System life cycles, trusts and modes
- AIS security, accountability and information protection
- NSTISS planning and management
- Coordinating policy for redeploying systems to the SA, SSM, CIO, DAA, CTO...
- Method of Instruction: Lectures, class discussion, hands on projects for both individuals and groups, tests covering text and projects. A digital economy simulation will be used to reinforce the understanding of EDI, RSA, and secure transactions.
Course Assessment: The basic means of evaluation will be student scores on tests, lab assignments, projects and other assignments relating to the course material.
Grades for the course will be based on the following:
2 Examinations 45%
Homework 20%
Individual Projects 10%
Group Projects 10%
Attendance / Participation 15%
These scores will be equated to a semester score between 0 and 100. The final grade will be based on the standard A-F scale. Borderline scores will be considered for equating the next higher grade by the instructor, based on attendance, participation, and demonstrated effort.
CIT 2603 Secure Auditing and Penetration Testing course
Course Length: This 3 credit hour undergraduate course runs for 16 weeks with 2.5 contact hours per week totaling 40 contact hours.
Course Description: This class covers best computer-security practices and industry standards to deter attacks and better defend networks.
Major Topics: Upon completion of Network Troubleshooting and Performance the student will be introduced to:
- Security Auditing Tools and Techniques
- Penetration testing tools and techniques
- HIPPA Security regulations
- Detect and defend against virus outbreaks
- Recognize Cyber Extortion
- Network Architecture
- Port Scanning
- Incident Respond / Reconstruction
- Network Discovery
- Wireless network analysis
- Existing Security measures
- Assessment process
- Perimeter Defense / IDSs
Method of Instruction: Lectures, class discussion, hands on projects for both individuals and groups, tests covering text and projects. Numerous lab exercises will be utilized to illustrate the topics above.
Course Assessment: The basic means of evaluation will be student scores on tests, lab assignments, projects and other assignments relating to the course material. These scores will be equated to a semester score between 0 and 100. The final grade will be based on the standard A-F scale. Borderline scores will be considered for equating the next higher grade by the instructor, based on attendance, participation, and demonstrated effort.