Standards in this Framework
Standard | Description |
---|---|
CS3S-1.1 | Describe and discuss key concepts in security, including confidentiality, integrity and availability, authentication, and access control. |
CS3S-1.2 | Describe and discuss key concepts in cybersecurity, including cryptology, cryptography, cryptanalysis, cipher, cryptographic algorithm, private and public key encryption, public key infrastructure, and trust/trustworthiness. |
CS3S-1.3 | Discuss the basic concepts of probability, random variables and probability distributions as they apply to information theory and cryptography. |
CS3S-2.1 | Demonstrate the techniques to transform plaintext into ciphertext, the use of hash functions for authentication and data integrity, and the use of private and public key encryption. |
CS3S-2.2 | Investigate security vulnerabilities in various data structures, such as out-of-bounds arrays and buffer overflows. |
CS3S-3.1 | Discuss various types of cyberattacks on software and software systems along with possible countermeasures and security controls that minimize risk and exposure |
CS3S-3.2 | Discuss current industry standards, tools, and security practices in software development, including use of multiple layers of defenses, wireless security, and risks in 3rd party applications and libraries. |
CS3S-4.1 | Explain the tradeoffs of developing a program in a typesafe language Implement secure coding and testing techniques including input validation, data sanitization, and exception handling. |
CS3S-4.2 | Describe when and how to properly use open source vs. closed source software. |
CS3S-4.3 | Examine the need to update software to fix security vulnerabilities. |
CS3S-5.1 | Discuss the role of software security in a company-wide security policy. |
CS3S-5.2 | Develop Secure Software Development Lifecycle. |
CS3S-5.3 | Perform software security audit on a peer-reviewed project. |