Foundations of Secure Development

Instructor

Professor Baijian Yang, CIT

Course Description:

Comprehend basic security concepts and secure design principles and be able to relate the security fundamentals with real-world software and hardware design practices. Outline how security is measured and be able to choose security tools for different scenarios. Distinguish Authentication, Authorization, and Auditing (AAA) concepts and can apply various AAA techniques in given scenarios. Explain how cryptography is used to protect data security and articulate best practices when applying cryptography. Recognize different federal security standards and apply secure design principles to meet compliance requirements. This course provides a comprehensive introduction to the foundation of secure development. It is the gateway course into the Design for Security Badge program and is intended to provide a solid foundation in the topics necessary for future courses in this path.

Topics Covered:

Basic information security concepts such as security, privacy, trust, threats, vulnerability and risk, followed by the introduction of security metrics. The course will also introduce the concept of authentication, authorization, audit and non-repudiation. Basic cryptography concepts will be reviewed and related to secure development. Finally, the course will introduce industry-specific compliances, such as PCI and HIPPA and various external security certifications.

Textbooks:

NOTE: Textbook information is subject to be changed at any time at the discretion of the faculty member. If you have questions or concerns please contact the academic department.
1) Matt Biship (2018), Computer and Security (2nd Edition), Addison-Wesley Professional, ISBN: 978-0321712332 ;2) Kenneth Wyk and Mark Graff (2003), Secure Coding: Principles and Practices, O'Reilly, ISBN: 978-0596002428