Table Legend

 

The security injection modules make a significant contribution to this learning objective

 

The security injection modules make a limited contribution to this learning objective

 

The security injection modules do not address this learning objective yet

 

Computer Literacy 

Knowledge Area: Information Assurance and Security – Foundational Concepts in Security

Learning outcome

Security Injection

Understand the concept of authentication, authorization, access control [familiarity]

Computer Literacy: Passwords

Computer Literacy: Cryptography

Understand the concept of trust and trustworthiness [familiarity]

Computer Literacy: Phishing

Understand the tradeoffs and balancing of key security properties (Confidentiality, Integrity, Availability) [usage]

 

Understand the concepts of risk, threats, vulnerabilities and attack vectors (including the fact that there is no such thing as perfect security) [familiarity]

 

 

 CS0, CS1, and CS2

Knowledge Area: Information Assurance and Security – Principles of Secure Design

Learning outcome

Security Injection

Describe the principle of least privilege and isolation as applied to system design [application]

CS1: Encapsulation

Understand that security has to be a consideration from the point of initial design and throughout the lifecycle of a product [familiarity]

CS0: Secure Software Development (in development)

Describe security issues that arise at boundaries between multiple components [familiarity]

CS1: Encapsulation

Discuss the implications of relying on open design or the secrecy of design for security. [familiarity]

 

 

Knowledge Area: Information Assurance and Security – Defensive Programming

Learning outcome

Security Injection

Explain why input validation and data sanitization is necessary in the face of adversarial control of the input channel [familiarity]

CS0: Input Validation

CS1: Input Validation

CS2: Input Validation

Explain why you might choose to develop a program in a type-safe language like Java, in contrast to an unsafe programming language like C/C++ [familiarity]

CS0: Integer Error

CS1: Integer Error

CS2: Integer Error

Classify common input validation errors, and write correct input validation code [usage]

CS0: Input Validation

CS1: Input Validation

CS2: Input Validation

Demonstrate using a high-level programming language how to prevent a race condition from occurring and how to handle an exception [usage]

CS2: Exception Handling

Describe how memory architecture is used to protect runtime attacks [familiarity]

CS2:Buffer Overflow

Explain the risks with misusing interfaces with third-party code and how to correctly use third-party code [familiarity]

 

Explain the different types of mechanisms for detecting and mitigating data sanitization errors [familiarity]

 

Use static and dynamic tools to identify programming faults [usage]

 

 

 Knowledge Area: Software Development Foundations – Development Methods

Learning outcome

Security Injection

Identify common coding errors that lead to insecure programs (e.g., buffer overflows, memory leaks, malicious code) and apply strategies for avoiding such errors. [Usage]

All CS0, CS1, and CS2 injections

Understand that security does not compose by default; security issues can arise at boundaries between multiple components [familiarity]

CS1: Encapsulation

Apply a variety of strategies to the testing and debugging of simple programs. [Usage]

 

Mapping to DHS/NSA CAE-IAE Knowledge Units coming soon. 

 
Copyright © Towson University