Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity for Critical Infrastructure Panel Members: Qing Hui (ME), Jordan Berg (ME) Sunho Lim (CS), Brian Nutter (ECE), Susan D. Urban (IE) May 3, 2013 Support for this work was provided by the National Science Foundation’s Federal Cyber Service: Scholarship for Service (SFS) program under Award No Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Courses Taught in Spring 2013 IE 4331/5331 Cybersecurity for Information Systems – Co-Taught by Susan Urban (lead) and Joseph Urban IE 4331/5331 Software Security – Co-Taught by Joseph Urban (lead) and Susan Urban Challenge for both courses was to teach cybersecurity and software security to engineering students. Both courses were composed of CS and IE students, with IE student having no programming background.

Cybersecurity for Information Systems REQUIRED TEXT: Cybersecurity: The Essential Body of Knowledge, D. Shoemaker and A. Conklin, Cengage Learning, Covers the Department of Homeland Security Essential Body of Knowledge for Cybersecurity Has a running case study throughout each chapter to present the concepts in the context of a specific organizational scenario.

Cybersecurity for Information Systems EXPECTED LEARING OUTCOMES: Students who complete this course will be able to: Understand the cybersecurity issues involved in trying to secure a complex organization. Define the executive, functional, and ancillary roles of cybersecurity work. Identify the competency areas that compose a cybersecurity body of knowledge. Understand recommendations and activities to manage, design, implement, and evaluate cybersecurity competency areas. Develop comprehensive cybersecurity solutions for an organization.

Cybersecurity for Information Systems Competency areas: data security, digital forensics, enterprise continuity, incident management, training and awareness, operation and maintenance, network and telecommunications security, personnel security, physical security, procurement, legal and regulatory compliance, risk management, software security Homework assignments: cryptography, biometrics, intrusion detection, malicious code, and cybersecurity law. Graduate research projects: Research issues for the Smart Grid on device level security, cryptography, system level security, networking, and privacy. Covered Sans Top 20 Critical Controls and Top 25 Software Errors.

Software Security REQUIRED TEXT: Jason Grembi, Secure Software Development: A Security Programmer’s Guide, 1st Edition, Cengage Learning, COURSE OBJECTIVES: This course is to provide a comprehensive understanding of a secure software development process. The course includes issues on systems engineering and software interface, attack vulnerabilities, and acquisition strategies for security. Development issues for security will cover elicitation and analysis, design patterns, secure code, and testing. Topics will also include dependability, reliability, software assurance, and life cycle integration.

Software Security CLASS SECURITY GROUP PROJECTS: ATM; Pizza Delivery; Health Records; and Social Media X Three Different Aspects Required to define system and software requirements with focus on security, design use/misuse case diagrams with mapping to Sans Top 20 Critical Controls, interaction diagrams, risk analysis IEEE Std Guide for Developing System Requirements Specifications IEEE Std. 830 Recommend Practice for Software Requirements Specification GRADUATE SECURITY GROUP PROJECTS: CAPTCHA Technology; Cloud Computing; Design Through Maintenance Security in the Software Life Cycle; Project Management; and Requirements Formulation / Analysis