ITI42220 Security in Information Systems and Software Engineering (Spring 2023)

The course is connected to the following study programs

Elective course in the master programme in applied computer science, full-time and part-time.

Recommended requirements

ITI41820 Advanced Topics in Information Systems

Lecture Semester

Second semester (spring) in the full-time programme.

Second or fourth semester (spring) in the part-time programme.

The student's learning outcomes after completing the course

Knowledge

The student

• knows how to specify and analyse security requirements in the development and acquisition process

• understands the differences between security concerns in software acquisition and development environments

• is able to recognize common security engineering risk analysis tools and methods

• knows main secure design considerations

• is able to understand main testing approaches for security

• is familiar with common DevSecOps toolchains and configurations

• is able to identify and understand maturity models in security and DevSecOps scenarios

Skills

The student is

• able to use common security requirements engineering methods (e.g. MSRA, SQUARE, GBRAM…) in real settings

• able to perform a security risk analysis

• able to justify the need of DevSecOps approaches and guide them in practical business settings

• able to secure DevOps scenarios

• able to introduce security in software design and coding phases

• able to use main testing approaches with an accent in security

• capable of using a set of DevSecOps software tools for business needs

• able to measure security levels by means of metrics and models

General competence

The student is able to apply theories and methodologies in the course in a practical business setting.

Content

1. Security in Requirements: Development and Acquisition

2. Security Engineering Risk Analysis

3. DevSecOps: Strategy and Implementation

Forms of teaching and learning

Teaching will be based on blended learning approaches. There will be recorded lectures of the topics of the course and in a weekly or bi-weekly basis, physical meetings will take place to mentor the development of the paper and guide students in the course.

Workload

Approx. 280 hours.

Coursework requirements - conditions for taking the exam

The student must deliver up to four assignments.

Coursework requirements must be accepted to qualify for the exam.

Examination

Individual written exam and scientific paper

The exam is divided into two parts:

• Individual written exam (50%) based on the course curriculum. Duration 4 hours. No supporting materials allowed.

• Scientific paper (50%) on a topic related to the course. The topic is chosen by the students and agreed with the course responsible. The paper can be developed individually or in groups of two students. The students will get an individual grade.

Grading scale A - F in both parts. Both parts of the exam must be passed to pass the course. The student will get an individual joint grade for the entire course.

Examiners

External and internal examiner, or two internal examiners.

Conditions for resit/rescheduled exams

Upon re-examination, each part of the examination can be retaken.

Course evaluation

This course is evaluated by a:

• Mid-term evaluation (compulsory)

The responsible for the course compiles a report based on the feedback from the students and his/her own experience with the course. The report is discussed by the study quality committee at the Department of Computer Science and Communication.

Literature

The current reading list for 2023 Spring can be found in Leganto