Cyber Security Courses: Design for Security Program

cyber-security-courses.jpg

The world is becoming increasingly more connected and convenient with digital technologies such as the Cloud, Big Data, mobile, Internet of Things, and Artificial Intelligence. But this convenience leads to greater challenges in security, compliance, data protection, regulations, and privacy – and greater costs.* For our protection, security can no longer be just an afterthought.

Today, there are more than 500,000 cyber security job openings*. To meet the growing demand, Purdue University is offering a new “Design for Security” program in collaboration with Intel on course materials and led by Purdue’s School of Industrial Engineering and Purdue University Online.

“Design for Security” focuses both on the production level – those companies that produce cyber or cyber-physical systems and their components – and on the education level – those universities that produce the engineers and scientists who design the cyber or cyber-physical systems and associated processes.

This cyber security program covers design for security principles from the physical secure design of the infrastructure, to the security of the hardware and software that underlie the infrastructure, and then to the technical constraints and processes in place to support operational security. It introduces security principles that are required to design a system that supports and enforces the necessary authentication, authorization, confidentiality, data integrity, accountability, availability, and non-repudiation requirements, even when the system is under attack. It demonstrates the importance of taking security into account throughout the secure development lifecycle, not just in the implementation and deployment phases.

The program is open to all STEM disciplines but designed specifically for technical professionals, working engineers, and students with an awareness of secure design. This digital badge program includes multiple online courses to deal with the complexities of designing and manufacturing components and products that will be delivered and integrated into secure customer solutions. These courses will allow individuals to benefit by gaining advanced knowledge that could be applied immediately to their current roles, projects, and initiatives where they could incorporate security from the onset while learning occurs in a flexible online environment.

For information concerning registration please email noncredit@purdue.edu.

Four Foundational Courses

CEUs
Secure Design LifecycleA critical part of all stages of the design process is embracing the mindset that security is not an afterthought. This course covers the integration of security in the design lifecycle, helping develop the security-first mindset. 1.5
Foundations of Secure DevelopmentComprehend basic security concepts and secure design principles and be able to relate the security fundamentals with real-world software and hardware design practices. Outline how security is measured and be able to choose security tools for different scenarios. Distinguish Authentication, Authorization, and Auditing (AAA) concepts and can apply various AAA techniques in given scenarios. Explain how cryptography is used to protect data security and articulate best practices when applying cryptography. Recognize different federal security standards and apply secure design principles to meet compliance requirements. 1.5
Secure Applications This course introduces different example applications to illustrate the secure design principles from the physical secure design of the infrastructure, to the security of the hardware and software that underlie the infrastructure, and then to the technical constraints and processes in place to support operational security. Some of the applications that we will study include databases, network security, cloud computing, machine learning, autonomous vehicles, and blockchain. 1.5
Secure OperationsThis course will provide you with a better understanding of how security principles should be integrated into operations once an application or cyber system has been deployed into production. To begin, we will provide an overview of the cyber threat landscape and discuss general frameworks for conceptualizing intrusions and defenses. Topics include both proactive (e.g., monitoring, patching) and reactive (e.g., incident response) processes, as well as approaches to end-of-life processes such as decommissioning and disposal. As part of the course, you will also learn about the current legislative and regulatory environment within which production systems operate, such as laws governing data privacy and security controls. While we focus primarily on the United States, companies increasingly operate across national boundaries, so we will also discuss relevant international regulations, directives, and agreements. Finally, we will examine risk assessment and risk management as a framework for navigating the economic trade-offs associated with securing operations. 1.5

These flexible online courses are designed so learners may complete the courses in as few as five weeks, or they may choose to use the allotted ten weeks that the course is available.

Tentative Future Elective Courses

  1. Databases
  2. Web Security
  3. Apps
  4. Net Security
  5. Off-site Storage (including intro to Cloud Security)
  6. AI/ML/Big Data Analytics as a security concern and “tool”
  7. IoT/cyber-physical
  8. Autonomous Vehicles, UAS
  9. Blockchain
  10. Quantum Computing

*There are over 500,000 cybersecurity job openings on a national level, estimated by Cyberseek as of August 2018. The 2018 Identity Fraud Report, released by Javelin Strategy & Research, found that $16.8 billion was stolen from 16.7 million U.S. consumers in 2017 which was a rise of 1.3 million U.S. consumers from the previous year. In 2018, the ITRC tracked 1,027 breaches through early November exposing 57.7 million individuals. The average cost of a data breach nationally was $7.91 million, the highest post data breach response globally. As computing systems pervade various aspects of our daily lives, capturing, storing, accessing, and manipulating a wide range of sensitive personal data, security will become a daunting challenge, and will bring into question the viability of many future electronic products, applications, and services.