Software security risk analysis and security assurance is the essential part of the information technology management. Students learn security risk analysis and management in the context of software life cycle, risks of software development process and risks mitigation methods, a use of reverse engineering techniques for analysis of weaknesses in software security, security testing and legal aspects of information system security. Teamwork approach is used for analysis of practical case studies.
Outcome:
Can summarize arguments on risk management stages and quantitative and qualitative methods of risk evaluation - Passed assignment or quiz on risk management and exam. Criteria: is able to explain and provide arguments on the stages of risk management; is able to explain risk assessment methods; is able to evaluate the strengths and weaknesses of risk assessment methods.
Is able to perform risk analysis of software development project and prepare risk mitigation plan - Passed practical assignment performed on software development project risk evaluation case study. Criteria: is able to identify and assess project risks; is able to propose and justify a risk mitigation plan for a specific project.
Is able to perform information system security risk analysis and prepare risk mitigation plan - Passed practical assignment performed on security risk evaluation case study. Criteria: is able to identify and assess the security risks of information systems; is able to propose and justify a risk mitigation plan for a specific project.
Can summarize arguments on reverse engineering techniques for discovering software security risks and protecting intellectual property - Passed assignment or quiz on reverse engineering techniques and exam. Criteria: is able to explain the stages of risk management in a reasoned manner; is able to explain risk assessment methods; is able to assess the strengths and weaknesses of risk assessment methods.
Is able to apply reverse engineering techniques for discovering software security risks and protecting intellectual property - Passed practical assignment. Criteria: is able to orientate in reverse engineering methods for software security risk detection; is able to select and apply specific methods for detection of security risks and protection of intellectual property.
Is able to justify software security testing types and perform security testing - Passed practical assignment. Criteria: is able to explain the characteristics of software security testing methods; is able to assess the suitability of the security testing method for the task; is able to independently apply the chosen security method in testing.
Can summarize arguments on personal data protection rules and principles of e-documents security - Passed assignment and exam. Criteria: is able to list the main articles of the specified law; is able to formulate the principles of e-document protection; is able to apply legal requirements and e-document protection principles in the analyzed situation.
