“Intro to the Challenge of Cybersecurity – Unit 7”

Unit 7 – “Threats, Vulnerabilities, and Attacks: A Closer Look”

15 Days

Unit 7 begins with threat modeling, which is challenging and uncertain. The unit picks up on attacks covered earlier and identifies the threat source. The unit goes further by teaching students how to think about the threat source in terms of resources, capabilities, motivations and aversion to risk. The unit then pivots to the attack kill chain and students explore a few historic threat sources using the kill chain. The exploits will be looked at carefully to realize how features that were designed to help administrators and users can be the same tools that enable exploitation of targets for nefarious goals. This is a perfect time to reemphasize the role of ethics and the fact that the same policy approach that allows something to happen that might be “good,” also affords the fissure that allows the “bad.” The unit carefully considers right and wrong and the many shades of gray of white-gray-black hat hacking. Now that we are deeper into the anatomy of attacks, the unit changes perspective from that of the offender, to that of the defender and looks carefully at how to conduct vulnerability assessment (aka penetration testing). In digging deeper into threats, attacks and vulnerabilities, students are doing risk assessment, so the unit revisits controls. Not every vulnerability can/should be remediated. There is no such thing as perfect security. Therefore, decisions need to be made regarding what needs to be remediated, why, how, etc.