CS3S-1.1 |
Describe and discuss key concepts in security, including confidentiality, integrity and availability, authentication, and access control. |
-
1.4 The CIA Triad
-
6.8 System Administration
|
CS3S-1.2 |
Describe and discuss key concepts in cybersecurity, including cryptology, cryptography, cryptanalysis, cipher, cryptographic algorithm, private and public key encryption, public key infrastructure, and trust/trustworthiness. |
-
2.1 Cryptography, Cryptology, Cryptanalysis
-
2.2 History of Cryptography
-
2.3 Basic Crypto Systems: Caesar Cipher
-
2.4 Basic Crypto Systems: Cracking Caesar
-
2.5 Basic Crypto Systems: Vigenere Cipher
-
4.2 Encryption Algorithms
-
4.3 Advanced Cryptography
-
4.4 Hash Functions
-
4.6 Asymmetric Encryption
|
CS3S-1.3 |
Discuss the basic concepts of probability, random variables and probability distributions as they apply to information theory and cryptography. |
-
4.4 Hash Functions
-
4.6 Asymmetric Encryption
|
CS3S-2.1 |
Demonstrate the techniques to transform plaintext into ciphertext, the use of hash functions for authentication and data integrity, and the use of private and public key encryption. |
-
4.2 Encryption Algorithms
-
4.3 Advanced Cryptography
-
4.4 Hash Functions
-
4.5 Hash Function Development
-
4.6 Asymmetric Encryption
|
CS3S-2.2 |
Investigate security vulnerabilities in various data structures, such as out-of-bounds arrays and buffer overflows. |
-
9.10 SQL Injection Overview
-
9.11 Types of SQLi and Prevention
-
10.1 Project: Security Assessment Report
-
12.2 Assessing Risks
|
CS3S-3.1 |
Discuss various types of cyberattacks on software and software systems along with possible countermeasures and security controls that minimize risk and exposure |
-
1.3 Impact of Cybersecurity
-
6.6 Application Security
-
6.8 System Administration
-
9.9 Common Security Problems
-
12.2 Assessing Risks
|
CS3S-3.2 |
Discuss current industry standards, tools, and security practices in software development, including use of multiple layers of defenses, wireless security, and risks in 3rd party applications and libraries. |
-
6.6 Application Security
-
7.3 Network Devices
-
7.5 Network Options
-
9.11 Types of SQLi and Prevention
|
CS3S-4.1 |
Explain the tradeoffs of developing a program in a typesafe language Implement secure coding and testing techniques including input validation, data sanitization, and exception handling. |
-
9.11 Types of SQLi and Prevention
-
12.2 Assessing Risks
|
CS3S-4.2 |
Describe when and how to properly use open source vs. closed source software. |
-
6.4 Software and Applications
-
6.5 Software Licenses
-
11.4 Level 4: Data and Licenses
|
CS3S-4.3 |
Examine the need to update software to fix security vulnerabilities. |
-
6.4 Software and Applications
-
6.6 Application Security
-
12.2 Assessing Risks
|
CS3S-5.1 |
Discuss the role of software security in a company-wide security policy. |
-
6.6 Application Security
-
11.2 Level 2: User Training
-
11.3 Level 3: Incident Response
|
CS3S-5.2 |
Develop Secure Software Development Lifecycle. |
-
11.2 Level 2: User Training
-
11.3 Level 3: Incident Response
-
11.4 Level 4: Data and Licenses
-
11.5 Level 5: Change Management
|
CS3S-5.3 |
Perform software security audit on a peer-reviewed project. |
-
6.6 Application Security
|