PSE050: Product Cybersecurity 101 (18 Hours)
Product security goes beyond the traditional information security CIA triad of confidentiality, integrity, and availability, and includes the expectation that products are secure. In this class cybersecurity is applied to hardware and software across the board with a focus on embedded systems and preventing malicious access and use. Over the last few years there has been an increase of concern regarding cybersecurity, systems, and software, especially with the Internet of Things expansion of massive interconnectivity.
In this course, Product Cybersecurity 101, the fundamentals of product cybersecurity are explored with a focus on embedded systems to illustrate unique vulnerabilities that are commonly exploited. Students learn about methods and techniques considering cybersecurity measures in the entire system life cycle and acquisition. Secure Embedded Systems include many procedures, methods and techniques to seamlessly integrate cybersecurity within embedded system software & hardware.
PSE100: Cryptography Fundamentals (12 Hours)
In this course students learn the fundamentals of cryptography, which is a necessary tool for protecting information in computer systems. Topics include security and cryptography, stream and block ciphers, symmetric and asymmetric encryption, public key infrastructure (PKI) encryption, public key encryption, hash functions, digital signatures, and digital certificates.
PSE200: Introduction to Threat Modeling and Attack Trees (18 Hours)
Threat modeling is an essential skill for any type of security professional. This course is designed to give students a practical understanding of Threat modeling, covering not only the theory but immediately applicable tools and techniques including a focus on Attack Trees. Using attack trees to model threats is one of the most widely applied techniques used in threat modeling in the security development life cycle and in the overall software and systems design process. Attack trees are diagrams that depict attacks on a system in tree form. In this course students learn about threat modeling using a variety of modeling approaches including attack trees and attack libraries.
PSE600: Product Cybersecurity System Analysis (18 Hours)
Analysis skills are critical to ensuring cybersecurity requirements are built as part of the product solution and not an afterthought in both today and tomorrow’s technology solutions. In this course you’ll learn key techniques to utilize when working with technology and needing to address cybersecurity requirements. First, you’ll explore techniques to help you identify and elicit requirements from your stakeholders that are key to solution success. Next, you’ll dive into audits, best practices, and technology that will help you define cybersecurity from an organizational perspective. Finally, you’ll learn how to plan and map out how solutions address cybersecurity requirements. When you’re finished with this course, you’ll have the skills and knowledge of knowing how to build out an analysis plan and construct a proposed solution that directly addresses all cybersecurity needs for your organization.
Topics include Cybersecurity Analysis Techniques, Cybersecurity Risks and Controls, Securing the Layers, Data Security, User Access Control, Solution Delivery and Operations.
PSE700: Product Cybersecurity Design (18 Hours)
In this course students learn how security can be designed into, managed and maintained within a development lifecycle.
The Product Cybersecurity Design course begins with a quick review of the common security attacks and strategies to prevent those attacks. Using these concepts as a baseline to illustrate the ineffectiveness of a code-last strategy, the course then moves into a discussion on the importance of reframing security and thinking about security in the context of design. Through the reframing journey, the course introduces Domain-DrivenDesign as a useful mechanism to apply a secure-first strategy. Throughout this discussion, the course looks at implementation strategies and techniques and common issues that introduce threats into the codebase.
We will also walk through some of the security design principles which one needs to ensure while designing any Software or System architecture. These principles concentrate on architectural structures, whether hardware or software, that are required to Support Information protection. Overview on concepts like Least Privilege, Separation of Duties, Defense in Depth, Least Common Mechanism, Securing the weakest link and many more alike will be discussed as part of same.
Advanced Product Security Certificate
In order to complete the Advanced Product Security 156 hour certificate, students must complete the 102 hours of core classes above and 54 hours from the following electives:
- PSE800: Software Assurance (18 Hours)
- ESD100: Embedded System Hardware Architecture Essentials (18 Hours)
- ENG250: Model Based System Engineering (MBSE) (Cameo) (18 Hours)
- DEV510: Introduction to DevSecOps (18 Hours)
Each course counts towards one certificate only.