IASC 8420: Software Assurance
Software assurance is a reasoned, auditable argument created to support the belief that the software will operate only as expected, even when challenged. This course is an intersection of knowledge areas necessary to perform engineering activities or aspects of activities relevant for promoting software assurance. This course takes on a software development lifecycle perspective for the prevention of flaws. The course is presented primarily in lecture/seminar form. It takes a hand-on approach to inject security concerns early in the software development lifecycle including modules and exercises on assurance cases, misuse cases, threat modeling, security architectural and design patterns, static analysis, code review and testing. Students select an open source project and develop a comprehensive assurance report as part of their semester long project. Course: https://robinagandhi.github.io/swa/
IASC 8950: Graduate Information Assurance Capstone
This is a graduate capstone course where students extend and apply their knowledge in defining, implementing, and assessing secure information systems. Students demonstrate their ability to specify, apply, and assess different types of countermeasures at different points in the enterprise with a special focus on system boundaries. Students will complete and defend a Certification and Accreditation package or present findings from a well-planned and thorough penetration testing effort. Following Agile SCRUM, students deliver standing project status reports every class; participate in discussions; complete and submit assignments that pertain to project sprints and releases.
IASC 8440: Certification and Accreditation of IT Systems
This course takes a global risk-based view of the process of defining, verifying, validating and continuously monitoring secure information systems. The course will investigate a number of secure system solutions starting with the definition of the system security needs and tracing through methods of verification and validation of security controls as well as ways to continuously monitor the corresponding assurances. The course is conducted primarily in a seminar form with much emphasis on discussion of readings, student presentations, projects and class assignments. It covers many security automation standards and their application, including SCAP related standards with hand-on projects.
IASC/CSCI 4360/8366: Foundations of Information Assurance
This course introduces and reinforces foundational principles in information security by taking students on a whirlwind tour of early papers, ideas, reference implementations and important events that started the field. The course provies a comprehensive overview of the subject area by introducing: What are the primary topics, What do we already know about them? Are we using what we already know? What are challenges? Past, Current and Future trends. The goal is to instill a way to “think” about the concepts and materials in information security and prepare for more extensive study in the subject. This course has an extensive lab component with challenging and fun hands-on activities.
IASC 1100: Introduction to Information Security
This unique freshman level course on cybersecurity emphasizes our current dependence on information technology and how its security in cyberspace (or lack thereof) is shaping the social, political, cultural and economic landscape. The course examines several historical and contemporary events that have been shaped by the exploitation of information technology. Several aspects of this course are geared towards developing an understanding of the “cyberspace” as a new medium that breaks all geographical boundaries. A key aspect of this course is to understand the threat agent and their motives (deep-rooted in social, cultural, economic and political issues in the global human network) to launch an attack in cyberspace. This course qualifies for university wide General Education credits for Global Diversity.