CS559: Quantitative Security
[Fall 2020]



[Syllabus] [Schedule] [Canvas]

Announcements: The website is currently under construction

Course Objectives: This one-semester graduate is intended for graduate students or seniors from computer science, engineering (including systems engineering) and business. It examines quantitative and algorithmic aspects of cybersecurity risks and their mitigation approaches.

Prerequisites: Probability/Statistics, undergraduate background in CS, Engineering or Business.

Aims:The course provides an integrated framework for Quantitative Evaluation and management of Security Risk. It draws from the fields of security (vulnerabilities, their discovery, and exploitation, security metrics), Reliability, Testing, and Risk evaluation. The integration provides a systematic terminology and a rigorous framework for evaluation of the mathematical or systematic risk by identifying its specific components as well as likely return of risk mitigation efforts.

Quantitative data regarding the key aspects the security risk is becoming available. While the data is still limited it can be used to assess the components of the security risk and potential mitigation approaches. The framework will allow additional data to be incorporated into the framework when it becomes available. In some cases, the available data yet not enough for rigorous modeling, however, it can be used to assess the magnitude of the risk components.

Framework:The published quantitative risk evaluation methods often focus on specific components of the risk. The course will provide an integrated perspective by combining diverse analyses and reports using a systematic framework. Since this is a developing field, the data, models, and techniques are still emerging. The course has a research component that requires the students to read and discuss assigned and self-selected papers and to work on a research project.


  1. Terms and framework
  2. Security Risk
  3. Probability and Modeling
  4. Deadlocks and resource management
  5. Vulnerabilities, lifecycle, metrics and databases
  6. Testing for vulnerabilities
  7. Research methodology
  8. Breach likelihood and cost
  9. Risk mitigation
  10. Vulnerability markets
  11. Emerging issues
The students will be assigned to read selected papers and discuss the contributions. A term research project is required. Potential topics will be identified.

Acknowledgement: This course was developed with support from the Cybersecurity Center.

Lectures: On-line on Canvas and interactive using MS Teams

cyber security
  Yashwant Malaiya
Office: Room 356, CS Building
Office Hours: Wed 3-4 (MS Teams)
E-mail: malaiya at colostate edu
Tel: 970.491.7031 (messages only)

General email: cs559 at cs.C.E (preferred)

Expand email abbreviation: C.E = colostate. edu
GTA: Ujwal Srinivasa
Hours: W 4-5, F 10:30-12 (using MS Teams)
 Ujwal Srinivasa

Department of Computer Science, Colorado State University,
Fort Collins, CO 80523 USA
© 2020 Colorado State University