The purpose of this course is to explore widely accepted security frameworks, industry standards, and techniques employed in engineering trustworthy secure and resilient systems. We will study and explore several National Institute of Standard and Technology (NIST) frameworks such as the Cyber Security Framework (CSF), the Risk Management Framework (RMF), and other standards. These widely adopted standards have been developed to ensure that the appropriate security principles, concepts, methods, and practices are applied during the system development life cycle (SDLC) to achieve stakeholder objectives for the protection of assets—across all forms of adversity characterized as disruptions, hazards, and threats. We will also explore case studies within the Department of Homeland Security’s (DHS) 16 Critical Infrastructure elements (shown in the figure below), to understand how government and private sector participants within the critical infrastructure community work together to manage risks and achieve security and resilient outcomes. Cyber resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources regardless of the source.
Units: 3
Prerequisite(s): A basic course in computing or computer applications (ECE 175, CSC127A, or equivalent) or consent of the instructor.
Usually offered: Fall, Spring