KU# |
|
Level |
|
CS1 |
|
CS2 |
|
OS |
|
PL |
|
DB |
|
Net |
|
AI |
|
Tier |
|
Learning Outcome |
|
Hw |
|
AoA |
|
Cap |
|
SE |
|
OOD |
|
PBD |
|
Cryptography |
1 |
2 |
Familiarity |
Describe the purpose of Cryptography and list ways it is used in data communications. |
I |
|
|
|
|
|
|
|
P |
|
P |
|
|
2 |
2 |
Familiarity |
Define the following terms: Cipher, Cryptanalysis, Cryptographic Algorithm, and Cryptology and describe the two basic methods (ciphers) for transforming plain text in cipher text. |
I |
|
|
|
|
|
|
|
|
|
P |
|
|
3 |
2 |
Familiarity |
Discuss the importance of prime numbers in cryptography and explain their use in cryptographic algorithms. |
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2 |
Familiarity |
Explain how Public Key Infrastructure supports digital signing and encryption and discuss the limitations/vulnerabilities. |
|
|
|
|
|
|
|
|
|
|
I |
|
|
Defensive Programming |
1 |
1 |
Familiarity |
Explain why input validation and data sanitization is necessary in the face of adversarial control of the input channel. |
I |
|
|
|
|
|
|
|
|
P |
P |
P |
|
2 |
1 |
Familiarity |
Explain why you might choose to develop a program in a type-safe language like Java, in contrast to an unsafe programming language like C/C++. |
|
|
|
|
|
|
I |
|
|
|
|
|
|
3 |
1 |
Usage |
Classify common input validation errors, and write correct input validation code. |
I |
|
P |
|
|
|
|
|
|
P |
P |
P |
|
4 |
1 |
Usage |
Demonstrate using a high-level programming language how to prevent a race condition from occurring and how to handle an exception. |
I |
|
P |
|
I |
|
|
|
|
P |
P |
P |
|
5 |
1 |
Usage |
Demonstrate the identification and graceful handling of error conditions. |
I |
|
I |
|
P |
|
|
|
|
P |
P |
P |
P |
6 |
2 |
Familiarity |
Explain the risks with misusing interfaces with third-party code and how to correctly use third-party code. |
|
|
|
|
|
|
|
|
I |
|
|
|
|
7 |
2 |
Familiarity |
Discuss the need to update software to fix security vulnerabilities and the lifecycle management of the fix. |
|
|
|
|
I |
|
|
I |
|
|
|
|
|
CS2013 IAS Learning Outcomes |
CS Courses |
KU# |
|
Level |
|
CS1 |
|
CS2 |
|
OS |
|
PL |
|
DB |
|
Net |
|
AI |
|
Tier |
|
Learning Outcome |
|
Hw |
|
AoA |
|
Cap |
|
SE |
|
OOD |
|
PBD |
|
Foundational Concepts in Security |
1 |
1 |
Usage |
Analyze the tradeoffs of balancing key security properties (Confidentiality, Integrity, Availability). |
I |
|
|
|
|
R |
|
|
|
P |
P |
P |
|
2 |
1 |
Familiarity |
Describe the concepts of risk, threats, vulnerabilities and attack vectors (including the fact that there is no such thing as perfect security). |
I |
I |
|
|
|
R |
|
|
|
P |
P |
P |
|
3 |
1 |
Familiarity |
Explain the concepts of authentication, authorization, access control. |
I |
|
|
|
P |
R |
|
|
|
|
P |
P |
|
4 |
1 |
Familiarity |
Explain the concept of trust and trustworthiness. |
I |
I |
|
|
|
R |
|
|
|
P |
P |
P |
|
5 |
1 |
Familiarity |
Recognize that there are important ethical issues to consider in computer security, including ethical issues associated with fixing or not fixing vulnerabilities and disclosing or not disclosing vulnerabilities. |
I |
|
|
|
|
R |
|
|
|
P |
P |
P |
|
Network Security |
1 |
2 |
Familiarity |
Describe the different categories of network threats and attacks. |
|
|
|
|
|
|
|
|
|
|
I |
I |
|
2 |
2 |
Familiarity |
Describe the architecture for public and private key cryptography and how PKI supports network security. |
|
|
|
|
|
|
|
|
|
|
I |
I |
|
3 |
2 |
Familiarity |
Describe virtues and limitations of security technologies at each layer of the network stack. |
|
|
|
|
|
|
|
|
|
|
I |
|
|
4 |
2 |
Familiarity |
Identify the appropriate defense mechanism(s) and its limitations given a network threat. |
|
|
|
|
|
|
|
|
|
|
I |
I |
|
CS2013 IAS Learning Outcomes |
CS Courses |
KU# |
|
Level |
|
CS1 |
|
CS2 |
|
OS |
|
PL |
|
DB |
|
Net |
|
AI |
|
Tier |
|
Learning Outcome |
|
Hw |
|
AoA |
|
Cap |
|
SE |
|
OOD |
|
PBD |
|
Principles of Secure Design |
1 |
1 |
Familiarity |
Describe the principle of least privilege and isolation as applied to system design. |
|
|
|
|
|
P |
|
|
|
I |
I |
I |
|
2 |
1 |
Familiarity |
Summarize the principle of fail-safe and deny-by-default. |
I |
|
|
|
|
R |
|
|
|
P |
P |
P |
|
3 |
1 |
Familiarity |
Discuss the implications of relying on open design or the secrecy of design for security. |
|
|
|
|
I |
P |
|
|
|
I |
I |
I |
|
4 |
1 |
Familiarity |
Explain the goals of end-to-end data security. |
|
|
|
|
|
P |
|
|
|
I |
I |
I |
|
5 |
1 |
Familiarity |
Discuss the benefits of having multiple layers of defenses. |
|
|
|
|
I |
P |
|
|
|
I |
I |
I |
|
6 |
1 |
Familiarity |
For each stage in the lifecycle of a product, describe what security considerations should be evaluated. |
|
|
|
|
|
P |
|
|
|
|
|
|
|
7 |
1 |
Familiarity |
Describe the cost and tradeoffs associated with designing security into a product. |
|
|
|
|
|
P |
|
|
|
I |
|
|
|
8 |
2 |
Familiarity |
Describe the concept of mediation and the principle of complete mediation. |
|
|
|
|
I |
P |
|
|
|
I |
I |
I |
|
9 |
2 |
Familiarity |
Be aware of standard components for security operations, instead of re-inventing fundamentals operations. |
|
|
|
|
I |
P |
|
|
|
I |
I |
I |
|
10 |
2 |
Familiarity |
Explain the concept of trusted computing including trusted computing base and attack surface and the principle of minimizing trusted computing base. |
|
I |
|
|
|
P |
|
|
|
I |
|
|
|
11 |
2 |
Familiarity |
Discuss the importance of usability in security mechanism design. |
|
|
|
|
|
P |
|
|
|
I |
I |
I |
|
12 |
2 |
Familiarity |
Describe security issues that arise at boundaries between multiple components. |
|
|
|
|
I |
P |
|
|
|
I |
I |
I |
|
13 |
2 |
Familiarity |
Identify the different roles of prevention mechanisms and detection/deterrence mechanisms. |
|
|
|
|
I |
P |
|
|
|
|
I |
|
|
CS2013 IAS Learning Outcomes |
CS Courses |
KU# |
|
Level |
|
CS1 |
|
CS2 |
|
OS |
|
PL |
|
DB |
|
Net |
|
AI |
|
Tier |
|
Learning Outcome |
|
Hw |
|
AoA |
|
Cap |
|
SE |
|
OOD |
|
PBD |
|
Threats and Attacks |
2 |
2 |
Familiarity |
Discuss the limitations of malware countermeasures (eg, signature-based detection, behavioral detection). |
|
|
|
|
I |
|
|
|
|
|
I |
|
|
3 |
2 |
Familiarity |
Identify instances of social engineering attacks and Denial of Service attacks. |
|
|
|
|
|
|
|
|
|
|
I |
I |
|
4 |
2 |
Familiarity |
Discuss how Denial of Service attacks can be identified and mitigated. |
|
|
|
|
|
|
|
|
|
|
I |
I |
|