The hyperlinks contained within this document are functional only when students are

logged into the classroom. All topics are required reading unless indicated as
recommended. Recommended items add additional context and knowledge related to
the topics and projects, but not essential for completing the projects in the class.

CST 610 Reading and Resource List

Project 1
Project 1 Step 1
Operating Systems Fundamentals
1. What Is an Information System?
The Applications of the OS
The Embedded OS
Information System Architecture
1. Information Systems Infrastructures
2. Threats to Information System Infrastructures
3. Threats to Information Security Cloud Computing
1. Cloud Computing
2. Data Security and Privacy in Cloud Computing
3. Trusted Computing Strengthens Cloud Authentication Web Architecture
1. Web Architecture
Project 1 Step 2
Windows Vulnerabilities
1. Privilege Escalation 0-Day in Almost All Windows Versions
2. Windows Firewall Bypass Vulnerability and NetBIOS NS Linux
Vulnerabilities
1. Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems
Mac OS Vulnerabilities
1. Mac OS Vulnerabilities
SQL PL/SQL, XML and other injections
1. SQL Injection Prevention Cheat Sheet
2. Top 10 2007-Injection
3. Check Your Knowledge (Test)
Project 1 Step 3
Vulnerability Assessments
1. Technical Guide to Information Security Testing and Assessment - Chapter 2
2. Technical Guide to Information Security Testing and Assessment - Chapter 4
3. Vulnerability
4. Vulnerability Assessment
5. Check Your Knowledge (Test) Patches
1. Implementing and Managing Patch and Configuration Management: Preparation
Project 1 Step 4
OpenVAS
1. OpenVas
Computer Networks
1. Computer Networks

Project 2
Project 2 Step 1
Common Computing Platforms
1. Computing Platforms
2. The Hardware Cloud: Utility Computing and Its Cousins
3. Distributed Computing
4. What is Open Source? (Recommended) Cloud Computing
1. Cloud Computing
2. Data Security and Privacy in Cloud Computing
3. Trusted Computing Strengthens Cloud Authentication Distributed Computing
1. Distributed Computing - 1
2. Distributed Computing - 2
Centralized Computing
1. The Hardware Cloud: Utility Computing and Its Cousins
2. NIST Cloud Computing Standards Roadmap Secure Programming
Fundamentals
1. Avoiding the Top 10 Software Security Design Flaws
2. Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile
Cloud Computing
3. Vetting the Security of Mobile Applications
4. Security by Design Principles Recommended
Project 2 Step 2
Insider Treats
1. Threats to Information Security
2. Top 10 Considerations for Building an Insider Threat Mitigation Program
3. Analysis of Insiders Attack Mitigation Strategies
4. Check Your Knowledge (Test)
Project 2 Step 3
1. Tools to Monitor and Analyze Network Activities.
Project 2 Step 5
Firewalls
1. Technological Safeguards
2. Types of Firewalls
3. Improving Network Security: Next Generation Firewalls and Advanced Packet Inspection
Devices
4. What is a Firewall and How Does It Work? Recommended
5. Deep Packet Inspection Based on Many-Core Platform Recommended
6. Iptables Essentials: Common Firewall Rules and Commands Recommended
7. Creating Firewall Rules Recommended
8. Network Address Translation Reference Recommended
9. Guidelines on Firewalls and Firewall Policy Recommended
Auditing - RDBMS
1. Relational Database Management Systems
Project 2 Step 6
Spoofing/Cache Poisoning Attacks
1. Cyber Attacks Explained: Cryptographic Attacks
2. Cache Poisoning
3. Spoofing Attacks on Packets and Methods For Detection and Prevention of Spoofed
Packets
4. Spoofing/Cache Poisoning Attacks Recommended Denial of Service Attacks (DOS)
1. A Denial of Service Resistant Intrusion Detection Architecture
2. Defending Against Denial of Service Attacks (DOS) Recommended
Packet Analysis/Sniffing
Session Hijacking Attacks
1. Session Hijacking
2. Man-In-The-Middle-Attack
3. State of the Art Survey on Session Hijacking Recommended
4. OWASP Periodic Table of Vulnerabilities - Cookie Theft/Session Hijacking
Recommended
5. Cyber Attacks Explained: Cryptographic Attacks Recommended
6. Practical Security Approaches against Border Gateway Protocol (BGP) Session
Hijacking Attacks between Autonomous Systems Recommended Distributed
Denial of Service Attacks
1. DDoS Quick Guide
Project 2 Step 8
Risk Assessment
1. Risk Analysis
2. Impacts of Risks
3. Risks in Wireless Networks
4. Intrusion Detection Using Network Monitoring Tools
5. Metasploit
6. Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach
7. Technical Guide to Information Security Testing and Assessment - Chapter 4
Recommended
8. Technical Guide to Information Security Testing and Assessment - Appendix
Recommended
9. Technical Guide to Information Security Testing and Assessment - Chapter
2 Recommended
10.IEEE Computer SocietyŠ—Ès Center for Secure Design - OWASP Recommended
11.Check Your Knowledge (Test)

Project 3
Project 3 Step 1
Teamwork
1. Ethics of Teamwork
 Team Project Charter
Project 3 Step 2
Network Security
1. High Level Organization of the Standard
2. Cyber Threat Indications & Warning: Predict, Identify and Counter
3. Guide to Malware Incident Prevention and Handling for Desktops and Laptops
4. OWASP Top 10 2013
5. OWASP Top 10 Proactive Controls 2016
6. Network Security
7. The Pragmatic Guide to Network Security Management: The Process
8. Wireless Network Security Threats and Mitigation—A Survey
9. Peer-to-Peer Enclaves for Improving Network Defence
10.Protecting Your System: Network (Internet) Security
11.Wireless Network Security Threats and Mitigations —”A Survey
12.Error Handling, Auditing, and Logging
13.NIST Assessment Cases- System and Communications Protection- Error Handling
Recommended
14.WASC Threat Classification Recommended
15.Insecure Configuration Management Recommended
16.Crowdsourcing Cyber Security: A Property Rights View of Exclusion and Theft on the
Information Commons Recommended
17.Intrusion Detection Using Security Onion Based on Kill Chain Approach Recommended
18.Security How-To: WPA2-Enterprise on Your Home Network Recommended
19.Guidelines for Securing Wireless Local Area Networks (WLANs) Recommended
20.Securing the Home Energy Management Platform Recommended
21.Improving Network Security: Next Generation Firewalls and Advanced Packet Inspection
Devices Recommended
22.Check Your Knowledge (Test)
Mission Critical Systems
1. Mission Critical Components of a LAN
2. National Guidelines for Protecting Critical Infrastructure from Terrorism
3. Critical Infrastructure Protection: Measures Needed to Assess Agencies' Promotion of
the Cybersecurity Framework
4. Recommended Practice: Improving Industrial Control Systems Cybersecurity with
Defense-In-Depth Strategies
5. CYBERSECURITY: Continued Efforts Are Needed to Protect Information Systems from
Evolving Threats
6. Protection Method for Data Communication between ADS-B Sensor and
NextGeneration Air Traffic Control Systems Recommended
7. Quantitative Metrics and Risk Assessment: The Three Tenets Model of Cybersecurity
Recommended
8. Critical Infrastructures: IT Security and Threats from Private Sector
Ownership Recommended
Penetration Testing
1. Penetration Testing
2. Pen Testing
3. Performance Analysis of Cloud Based Penetration Testing Tools
4. Penetration Testing Recommended
5. Intrusion Detection Using Network Monitoring Tools Recommended
6. Check Your Knowledge (Test)
7. Project 3 Step 3
Industrial Control Systems

Project 3 Step 5
Threat Response and Recovery
1. Business Continuity Plan: Prepared Planning for Your Business
2. Contingency Planning
3. Threat Actions
4. Using a Prediction Model to Manage Cyber Security Threats Recommended
5. Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
Recommended
6. A Survey on New Threats and Countermeasures on Emerging Networks Recommended

Project 3 Step 6
Risk Mitigation
1. Risk Mitigation - Defense in Depth
2. Guide for Applying the Risk Management Framework to Federal Information Systems:
A Life Cycle Approach Recommended
Risk Assessment (Repeated for Convenience)
1. Risk Analysis
2. Impacts of Risks
3. Risks in Wireless Networks
4. Intrusion Detection Using Network Monitoring Tools
5. Metasploit
6. Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach
7. Technical Guide to Information Security Testing and Assessment - Chapter 4
Recommended
8. Technical Guide to Information Security Testing and Assessment - Appendix
Recommended
9. Technical Guide to Information Security Testing and Assessment - Chapter 2
Recommended
10.IEEE Computer SocietyŠ—'s Center for Secure Design - OWASP Recommended
11.Check Your Knowledge (Test)

Project 4
Project 4 Step 1
Threat Table Template
LAN Security (Can Use Previously Read Resources)
1. Securing LANs
2. Defensible Network Architecture
3. Internet Security
4. Network Security
Availability (Can Use Previously Read Resources)
1. Confidentiality, Integrity, Availability: The Three Components of the CIA Triad
2. Availability
Cyberattacks (Repeated for Convenience)
1. A Reliable Image Watermarking Scheme Based on Redistributed Image Normalization
and SVD
2. Collusion-Tolerable and Efficient Privacy-Preserving Time-Series Data Aggregation
Protocol Recommended
3. Collusion-Resistant Audio Fingerprinting System in the Modulated Complex Lapped
Transform Domain Recommended
4. Covert Encryption and Document Authentication Using Texture Coding Recommended
5. SQL Injection Prevention Cheat Sheet
6. Cache Poisoning
7. Robust Image Watermarking Theories and Techniques: A Review Recommended
8. OWASP Periodic Table of Vulnerabilities - Cookie Theft/Session Hijacking
Recommended
9. Spoofing Attacks on Packets and Methods For Detection and Prevention of Spoofed
Packets
10.Detection and Modeling of Cyber Attacks with Petri Nets
11.A Copyright Protection Scheme for Digital Images Based on Shuffled Singular Value
Decomposition and Visual Cryptography Recommended
12.Dual Watermarking For High Protective Copyright System
13.DDoS Quick Guide Recommended
14.DRAFT Guide to Cyber Threat Information Sharing Recommended
15.Insecure Randomness Recommended
16.Digital Watermarking Recommended
17.Cyber Attacks Explained: Cryptographic Attacks
18.Testing for Padding Oracle Recommended
19.Stochastic Image Warping for Improved Watermark Desynchronization Recommended
20.Video Multiple Watermarking Technique Based on Image Interlacing Using
DWT Recommended
Project 4 Step 3
Encryption Technologies
1. A Study and Comparative Analysis of Cryptographic Algorithms for Various File
Formats
2. Encryption Technologies
3. Crash Course on Cryptography: Security Aspects of Cryptographic Systems
4. Apple Encryption
5. Digital Signature
6. GNU Privacy Guard
7. A Quick Guide on How to use Gnu Privacy Guard (GNP) to Generate Keys and Distribute
Them
8. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
9. Pretty Good Privacy (PGP)
10.Data Encryption and Decryption by Using TripleDES and Performance Analysis of
Crypto System Recommended
11.PGP Protocol and Its Applications Recommended
12.Multimedia Security: A Survey of Chaos-Based Encryption Technology Recommended
13.Data Encryption Standard (DES) Recommended
14.RFID Security and Privacy Recommended
15.Check Your Knowledge (Test)
Shift / Caesar Cipher
1. Shift/Caesar Cipher
Polyalphabetic Cipher
1. Polyalphabetic Ciphers
One Time pad Cipher/Vernam Cipher/Perfect Cipher
1. One-Time Pad/Vernam Cipher/Perfect Cipher Block
Ciphers
1. Introduction to Block Ciphers
Triple DES
1. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block
Cipher Recommended
RSA
1. Scan-Based Side-Channel Attack on the RSA Cryptosystem Recommended
Advanced Encryption Standard (AES)
1. Announcing the Advanced Encryption Standard (AES) Recommended
Symmetric Encryption
1. Introduction to Symmetric Encryption
2. Symmetric Encryption
3. LwAKE: A Lightweight Authenticated Key Exchange for Class 0
Devices Recommended
Text Block Coding
1. An Improved Low Complexity Algorithm for 2-D Integer Lifting-Based Discrete
Wavelet Transform Using Symmetric Mask-Based Scheme Information
Hiding
1. A New Information Hiding Method Based on Improved BPCS Steganography
Recommended
2. Contemporary Approaches to the Histogram Modification Based Data Hiding
Techniques Recommended
Digital Watermarking
1. The Digital Watermarking Techniques Applied to Smart Grid Security Recommended
Masks and Filtering
1. Privacy Preserving Probabilistic Record Linkage (p3rl): a Novel Method for Linking
 Existing Health-Related Data and Maintaining Participant
Confidentiality Recommended
Project 4 Step 4
Threat Table Template
Project 4 Step 5
Access Control (Repeated for Convenience)
1. Technological Safeguards
2. ID Management Issues and Requirements
3. NIST 800-53v4 (Pages F-7 through F-36)
4. An Introduction to Role-Based Access Control
5. Attribute-based access control
6. Database Security & Access Control Models: A Brief Overview
7. Access Control as a Service for the Cloud
8. Security Information in Production and Operations: A Study on Audit Trails in Database
Systems
9. State of the Art Authentication, Access Control, and Secure Integration in Smart Grid
10.RFID Privacy Risk Evaluation Based on Synthetic Method of Extended Attack Tree and
Information Feature Entropy
11.Broken Access Control
12.Scientific World Journal Recommended
13.Dynamic Access Control Model for Security Client Services in Smart Grid
Recommended
14.RFID Security Issues Recommended
15.Assessment of Access Control Systems Recommended
16.A Survey of Access Control Models Recommended
17.Cloud Multidomain Access Control Model Based on Role and TrustDegree
Recommended
18.Using Security Labels for Directory Access Control & Replication Control
Recommended
19.OWASP Top 10 for .NET Developers Part 3: Broken authentication and Session
Management Recommended
20.Check Your Knowledge (Test) Common Access Card (CAC)
1. Common Access Card (CAC) Security
2. Flexibility in Identifying and Authenticating Users for Rights Management
3. Access Control Domains
4. Personal Identity Verification (PIV) of Federal Employees and Contractors
5. Common Access Cards at Home
6. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Recommended
7. Privacy Impact Assessment Update for the Personal Identity Verification/Identity
Management System (PIV/IDMS) Recommended
Project 4 Step 6
Public Key Infrastructure (PKI)
1. Public Key Infrastructures
2. OpenVPN: Extended Verification of X.509 Client Certificates Recommended
3. Introduction to X.509 Certificates Recommended
iOS Encryption
1. Mobile Top 10 2014-M6
2. Protect Yourself: New Encryption Software Coming for iOS and Android
3. AeroGear, Cryptography and iOS
4. AirPrint Forensics: Recovering the Contents and Metadata of Printed Documents from
iOS Devices Recommended
5. AirPrint Forensics: Recovering the Contents and Metadata of Printed Documents from
iOS Devices Recommended
Blackberry Encryption
1. Ten Steps to Smartphone Security for Blackberry
2. Blackberry Encryption

Project 5
Project 5 Step 1
Secure Programming Fundamentals
1. Security by Design Principles
2. Avoiding the Top 10 Software Security Design Flaws
3. A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile
Cloud Computing Recommended
4. Vetting the Security of Mobile Applications Recommended
Forensics Fundamentals
1. Computer Forensics
2. Volume Analysis
3. Computer Networks and Cloud Computing
4. Creating a Disk Image for Forensic Analysis
5. A State-of-the-Art Review of Cloud Forensics
6. Large-Scale Data Analysis on Cloud Systems
7. Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health
Records Systems
8. NIST Cloud Computing Forensic Science Challenges Recommended
9. Check Your Knowledge (Test)
Project 5 Step 2
Forensics Analysis Tools
1. Cloud Forensics Architecture Related Issues
2. Anti-forensic: Design and Implementation of an Android Forensic Analyzer
3. Investigative Uses of Technology: Devices, Tools, and Techniques
4. Anti-Forensic Detection
5. EnCase
6. EnCase Tutorial
7. Forensic Toolkit
Web Log and Session Analysis
1. Web Analytics and Conversion Optimization Hash
Analysis
1. Forensic Tool Taxonomy