Presentation is loading. Please wait.

Presentation is loading. Please wait.

Xiaohong (Dorothy) Yuan North Carolina A&T State University 11/16/2017

Published byDarren Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "Xiaohong (Dorothy) Yuan North Carolina A&T State University 11/16/2017"— Presentation transcript:

1 Developing Course Modules on Cybersecurity Software and Product Development
Xiaohong (Dorothy) Yuan North Carolina A&T State University 11/16/2017 Cybersecurity Education Workshop at New Orleans

2 Developing course modules in 3 areas:
Cybersecurity Fundamentals Secure Software Development Cybersecurity Product Development

3 Course Modules on Cybersecurity Fundamentals
Module I: Authentication Module II: Authorization Module III: Intrusion Detection

4 Course Modules on Secure Software Development
Module 1: Software Vulnerability Module 2: Secure Software Development Lifecycle Module 3: Software Risk Management Module 4: Security Requirements Module 5: Secure Coding Module 6: Security Testing

5 Course Modules on Cybersecurity Product Development
Module 1: Users and Cognitive Models Module 2: Field Studies of Security or Privacy Technology Module 3: Usability Evaluation of New or Existing Security or Privacy Features

6 Security Requirements Module: Learning Outcomes
Remember and Understand (Match): The different security requirements and the description of them. Remember and Understand (Define): What is an abuse case? Evaluate and Synthesize (Create): Create abuse cases based on CAPEC attack patterns. Apply and Analyze (Analyze): Considering an attack scenario of an application, what are the security requirements the application should have to prevent the attack from succeeding? Apply and Analyze (Apply): Considering an attack scenario of an application, what are some mitigation strategies to prevent the attack from succeeding?

7 Content Lecture (Power Point Slides)
Quizzes (multiple choice questions) Project (or hands-on lab) Cases for Discussion Sample Solution for Case Discussion Questions

8 Lecture Content Security Requirements Security Goals
Different Security Requirements Importance of Security Requirements Abuse Cases Abuse Case Development

9 Project Provide a method for developing abuse cases based on use cases and CAPEC attack patterns Provide a requirements specification for a web application Students will develop abuse cases for the given application

10 Cases for Discussion Provide description of 6 short cases of attacks on applications Students will disucss: What are the security requirements the application should have to prevent the attack from succeeding? What are some mitigation strategies to prevent the attack from succeeding?

11 Module Details: Interconnections
Lessons Presentations Activity/Lab Title and Number of Exercises Advanced Challenges Security Requirements X “Attack Scenarios” 1 exercise N/A Abuse Case “Abuse Cases Development”

12 Module Details: Files and Resources
Instructional Files and Online Resources that are Needed: Lesson 1: Security Requirements Basics SecReq_Lesson1_ Basics_Presentation.pptx SecReq_Lesson1_Basics_Activity.docx SecReq_Lesson1_Basics_ActivityFiles Lesson 2: Abuse Cases SecReq_Lesson2_ AbuseCase_Presentation.pptx SeS_Lesson2_AbuseCase_Lab.docx SecReq_Lesson2_AbuseCase_LabFiles

13 Module Details: Assessment
1 2 3 4 5 6 7 8 9 10 11 12 1.1 X 1.2 1.3 2.1 2.2

Download ppt "Xiaohong (Dorothy) Yuan North Carolina A&T State University 11/16/2017"

Similar presentations

Two e-Learning elective seminars in Novi Sad Putnik Z., Komlenov Ž., Budimac Z. DMI, Faculty of Science University of Novi Sad.

Two e-Learning elective seminars in Novi Sad Putnik Z., Komlenov Ž., Budimac Z. DMI, Faculty of Science University of Novi Sad.
The Blackboard Project EDIT 652 Fall 2005 Dr. Mike Uttendorfer.

The Blackboard Project EDIT 652 Fall 2005 Dr. Mike Uttendorfer.
SOFTWARE ENGINEERING for REAL-TIME SYSTEMS (© J.E.Cooling 2003) Software design - core concepts - slide 1 Software engineering for real-time systems Section.

SOFTWARE ENGINEERING for REAL-TIME SYSTEMS (© J.E.Cooling 2003) Software design - core concepts - slide 1 Software engineering for real-time systems Section.
1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From www.451group.com/security/451_security.php.www.451group.com/security/451_security.php.

1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Creation of Policies, Part.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
How to Create a Lesson Plan. What is a Lesson Plan? n A lesson plan is a teacher's detailed description of the course of instruction for an individual.

How to Create a Lesson Plan. What is a Lesson Plan? n A lesson plan is a teacher's detailed description of the course of instruction for an individual.
 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,

 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,
Technical Guidelines for Digital Learning Content: A Tool for Development, Evaluation and Selection Liz Johnson Advanced Learning Technologies Board of.

Technical Guidelines for Digital Learning Content: A Tool for Development, Evaluation and Selection Liz Johnson Advanced Learning Technologies Board of.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Learning Unit Documents and Examples. Learning Units - basic building block of a course For iGETT a Learning Unit consists of –Three parts Instructor.

Learning Unit Documents and Examples. Learning Units - basic building block of a course For iGETT a Learning Unit consists of –Three parts Instructor.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
CS 352 Introduction to Usability Engineering Class Size: Winter 2014: 53 Spring 2014: 89 Summer 2014: 72.

CS 352 Introduction to Usability Engineering Class Size: Winter 2014: 53 Spring 2014: 89 Summer 2014: 72.
07 HCI Final Project. Outline Recap of exam rules Definition of “Final Project” Domains Technologies Materials for exemplification and discussion What.

07 HCI Final Project. Outline Recap of exam rules Definition of “Final Project” Domains Technologies Materials for exemplification and discussion What.
1 FlexTraining in a Nutshell Welcome to a brief introduction of the FlexTraining Total e- Learning Solution. This short sample course will outline the.

1 FlexTraining in a Nutshell Welcome to a brief introduction of the FlexTraining Total e- Learning Solution. This short sample course will outline the.
Software Specification and Design Sirisin Kongsilp & James Brucker.

Software Specification and Design Sirisin Kongsilp & James Brucker.
IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],

IRM304 CDR Course Manager: Denny Involved Competency Leads: 26 (Cybersecurity)-Denman, 19 (Measurement)-Denny, 7 (DBS)-Corcoran [Capability Planning],

Similar presentations

Ads by Google