Security Engineering II

Learning Objectives

• Recognize design guidelines for secure systems
• Recognize guidelines for dependable programming
• Identify the security requirements for a system
• Analyze requirements for a system and identify appropriate architectural designs

How to Complete this Lesson

Complete the following learning activities: (2.5 hours total)

1. Watch Introduction to Information Assurance (IA) (15 minutes)

   This video states the three phases of risk management are risk assessment, risk treatment, and risk control (Erl et al. 2013). This description differs from Sommerville (2016)’s risk management process (i.e., risk identification, risk analysis, risk planning, and risk monitoring). Though the difference is superficial, any assessment questions will be based on Sommerville’s model.

2. Read “The Inside Story Behind MS08-067” (15 minutes)
3. Watch What Every Engineer Needs to Know About Security and Where to Learn It – stop at 21:42 (22 minutes)
4. Participate in the synchronous session during the class meeting time (optional)
5. Complete the quiz (5–8 minutes)
6. Start the implementation of your specification (90 minutes)
   • Address feedback on the specification
   • Begin implementing some portion of the specification

Due

As a reminder, the following is due this lesson:

• Quiz: Security Engineering II

Resources

Videos

• Security Testing Fundamentals (93 minutes)

---

Security Engineering I Resilience Engineering