Clark Atlanta University

Information Assurance Design

CIS 321: Introduction to Software Engineering

Course Length: 3 Hours Pre-Requisite  : CIS 123

Overview: Description Objective Goals/Outcome Outline Suggested Assignments References   Suggested Time:  3 class periods

                                                                                                                                   

     Target Audience

Description: This course will discuss Information Assurance concepts related to Software Engineering.  It will highlight design principles and vulnerabilities related to Software Engineering and discuss how to effectively incorporate Information Assurance to software-based systems.  The course will also discuss standards for Information assurance in Software Engineering and explain how to apply standards to software design.

 

Objective(s): The primary purpose of this course is to: ·        To provide an understanding of information design principles related to computer organization. ·        To describe basic information assurance concepts related to different components of a computer system such as memory, the operating system, hardware, and software. ·        To identify vulnerabilities associated to data sharing, hardware sharing, and the complexity of computer systems. ·        To describe different types of attacks that occur from vulnerabilities related to computer architecture.  ·        To identify methods of defense for computer systems.

 

	Goals/Outcome: The students will be able to: Learn about different attack methods and predictive analysis techniques. Learn strategies for developing and measuring the economics of information security solutions. Identify vulnerabilities related to Software Engineering. Identify good IA practices for Software Engineering. Identify several IA standards for Software Engineering. Understand how and when to use standards.
	Outline: Vulnerabilities that must be considered in Software Engineering Ø      Possible stop-fail mechanisms and procedures Ø      Fallback, contingency solutions for both direct and secondary effects of failure modes. Ø      Unenforced Restrictions Ø      Covert Channels Ø      Buffer Overflows Best-Practices in IA Software Development Systems: Ø      Usage Scenarios Ø      Modeling and analysis of a system’s interaction with external factors Ø      Mission Assurance Ø      Documentation Ø      Information Assurance Policies Ø      Encapsulation Ø      Modularity Ø      Data Hiding Software Survivability Ø      Software Disaster Recovery Ø      Software Risk Mitigation Ø      Software Backups Challenges and Questions Ø      IA Standards related to software engineering: Do we have the right standards in place? Ø      How to determine which standards apply and when they apply.
	Suggested Assignments: Students will incorporate an information assurance module in to  their semester project.  The module will discuss good practices of IA in Software engineering that were used and implement IA polices in their software design. Students will provide accurate documentation where applicable Students will assess semester project for better development methodologies against IA Standards
	References: ·        “Information Assurance.” Federal CIO Certificate Program April 11, 2005  http://ieeeia.org/ ·        Pfleeger, Charles P. and Shari Lawrence. Security in Computing. Upper Saddle River, NJ: Prentice-Hall, 2003.