Difference between revisions of "IU:TestPage"
R.sirgalina (talk | contribs) Tag: Manual revert |
R.sirgalina (talk | contribs) |
||
Line 1: | Line 1: | ||
+ | = Secure development = |
||
− | = Business Development, Sales and Marketing in IT Industry = |
||
− | * '''Course name''': |
+ | * '''Course name''': Secure development |
− | * '''Code discipline''': |
+ | * '''Code discipline''': XXX |
− | * '''Subject area''': |
+ | * '''Subject area''': Security and Networks |
== Short Description == |
== Short Description == |
||
+ | |||
− | This course contains two important for successful company parts: marketing and sales. |
||
− | These are the parts that are linked with each other - it is very difficult to sell without marketing support and it is very difficult to achieve results with marketing efforts only. |
||
− | Marketing part, starting from defining things like developing marketing strategy for the companies, finally offers practical tools of digital marketing. We will explore new digital reality and its impact on IT business. We will learn success stories of real businesses and how companies are adapting to the new changing landscape. |
||
− | The second part of the course covers important things for every company's success – the sales process. Understand how to attract customers in negotiations, how to “get to yes” getting great deals, how to control the sales funnel – you will get the understanding how it works and try it in practice. |
||
== Prerequisites == |
== Prerequisites == |
||
=== Prerequisite subjects === |
=== Prerequisite subjects === |
||
+ | * CSE101: Introduction to Programming |
||
− | |||
+ | * CSE112: Software Systems Analysis and Design |
||
=== Prerequisite topics === |
=== Prerequisite topics === |
||
− | * Basic |
+ | * Basic programming skills, C/C++ is recommended |
+ | * Software design or software architecture |
||
+ | * Basics of compilers |
||
== Course Topics == |
== Course Topics == |
||
Line 25: | Line 25: | ||
! Section !! Topics within the section |
! Section !! Topics within the section |
||
|- |
|- |
||
− | | |
+ | | Basics of security || |
+ | # Security and safety. Security and code quality. Maintainability and security. Why it is so hard to develop a secure system and what approaches may be applied? When it makes sense to drive system secure? |
||
− | # Types of markets |
||
− | # Product-centric marketing |
||
− | # Customer-centric marketing |
||
− | # Developing Marketing Strategy |
||
|- |
|- |
||
− | | |
+ | | Security architecture || |
+ | # NIST recommendations |
||
− | # Brand&Presentation |
||
+ | # Security principles |
||
− | # Analytics |
||
+ | # Theoretical security: access matrix and security models |
||
− | # Content |
||
+ | # Secure by design |
||
− | # SMM |
||
− | # Context advertising |
||
− | # E-mail marketing |
||
|- |
|- |
||
− | | |
+ | | Secure coding<br> || |
+ | # Security on the code level |
||
− | # CRM systems |
||
− | # |
+ | # SDL |
+ | # Main binary vulnerabilities and their mitigations |
||
− | # B2C |
||
− | # Negotiations |
||
|- |
|- |
||
− | | |
+ | | Secure operating || |
+ | # Security monitoring |
||
− | # Presentation of marketing&sales strategy and tactics for startup |
||
+ | # DevSecOps |
||
+ | # Dealing with 3rd parties |
||
+ | |- |
||
+ | | Security assurance || |
||
+ | # Pen testing |
||
+ | # Fuzzing |
||
+ | # Bug Bounty programs |
||
+ | |- |
||
+ | | Linux security || |
||
+ | # Keep it all together and see how Linux kernel deals with that. |
||
+ | # SELinux |
||
+ | # GrSec patches |
||
+ | # Why Linux is not safety system |
||
|} |
|} |
||
== Intended Learning Outcomes (ILOs) == |
== Intended Learning Outcomes (ILOs) == |
||
=== What is the main purpose of this course? === |
=== What is the main purpose of this course? === |
||
+ | The main purpose of this course is to give students a security vision from up to down, because the security principle of weakest link insist that the weakest part of the process/system would be the one to be attacked. |
||
− | This course aims to give students the skills of developing a winning marketing strategy for a startup, as well as the skills to implement marketing strategy using real digital-marketing tools and sales tactics for a startup product. |
||
=== ILOs defined at three levels === |
=== ILOs defined at three levels === |
||
Line 57: | Line 64: | ||
==== Level 1: What concepts should a student know/remember/explain? ==== |
==== Level 1: What concepts should a student know/remember/explain? ==== |
||
By the end of the course, the students should be able to ... |
By the end of the course, the students should be able to ... |
||
+ | * Remember main security principles |
||
− | * Develop naming, presentation, and product offer |
||
+ | * List SDL stages |
||
− | * Use digital marketing tools |
||
+ | * Describe the difference between security and safety |
||
− | * Use CRM |
||
+ | * Explain basic binary vulnerabilities |
||
− | * Sell its product |
||
+ | * Specify the required security assurance |
||
+ | * Describe the key elements of SOC systems |
||
+ | * Explain why fuzzing is not the same as unit or integration testing |
||
==== Level 2: What basic practical skills should a student be able to perform? ==== |
==== Level 2: What basic practical skills should a student be able to perform? ==== |
||
By the end of the course, the students should be able to ... |
By the end of the course, the students should be able to ... |
||
+ | * Perform Threat Modeling |
||
− | * Skills in developing naming, presentations, product offerings |
||
+ | * Review code to find insecure patterns |
||
− | * Skills of context advertising |
||
+ | * Deal with open source code securely |
||
− | * Skills of SMM doing |
||
+ | * Explain the value of bug bounty programme and find the right moment to start it |
||
− | * Skills of content marketing |
||
− | * Skills of e-mail marketing |
||
==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ==== |
==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ==== |
||
By the end of the course, the students should be able to ... |
By the end of the course, the students should be able to ... |
||
+ | * Suggest hardenings and architecture drifts to achieve required level of s&s |
||
− | * Skills how to find the right addressable market for its product |
||
+ | * Propose process improvement in a cost-effective manner that would drastically improve the security and safety level. |
||
− | * Skills of web analytics |
||
− | * Skills of CRM using |
||
− | * Sales skills to various types of clients |
||
== Grading == |
== Grading == |
||
Line 84: | Line 91: | ||
! Grade !! Range !! Description of performance |
! Grade !! Range !! Description of performance |
||
|- |
|- |
||
− | | A. Excellent || |
+ | | A. Excellent || 80-100 || - |
|- |
|- |
||
− | | B. Good || |
+ | | B. Good || 60-79 || - |
|- |
|- |
||
− | | C. Satisfactory || |
+ | | C. Satisfactory || 40-59 || - |
|- |
|- |
||
− | | D. Fail || 0- |
+ | | D. Fail || 0-39 || - |
|} |
|} |
||
Line 99: | Line 106: | ||
! Activity Type !! Percentage of the overall course grade |
! Activity Type !! Percentage of the overall course grade |
||
|- |
|- |
||
− | | |
+ | | Assignment/Labs || 70 |
|- |
|- |
||
+ | | Final quiz || 30 |
||
− | | Interim performance assessment on the results of lecture assignments and its presentations || 30 |
||
− | |- |
||
− | | Final presentation || 30 |
||
|} |
|} |
||
=== Recommendations for students on how to succeed in the course === |
=== Recommendations for students on how to succeed in the course === |
||
− | + | Participation is important. Showing up is the key to success in this course.<br>If you don’t have a corresponding technical background, please do not hesitate to ask lecturer. If you feel that the gap is deep, request for extra reading.<br>Reading the recommended literature is optional, and will give you a deeper understanding of the material. |
|
== Resources, literature and reference materials == |
== Resources, literature and reference materials == |
||
=== Open access resources === |
=== Open access resources === |
||
+ | * Owasp.com |
||
− | * Андрей Кравченко. Неидеальная стратегия для идеальной компании. |
||
+ | * MITRE SOC Operations https://www.mitre.org/sites/default/files/publications/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf |
||
+ | * MISRA, AUTOSAR, SEI CERT |
||
+ | * https://www.microsoft.com/en-us/securityengineering/sdl |
||
=== Closed access resources === |
=== Closed access resources === |
||
+ | * Matt Bishop, (2018) “Computer Security: Art and Science” |
||
− | * Viktor Pelevin. Empire V. |
||
+ | * D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design” |
||
− | * W. Chan Kim, Renee Mauborgne. Blue Ocean Strategy. |
||
+ | * D LeBlanc, Michael Howard (2002) “Writing secure code” |
||
− | * Eric ries. Lean startup. |
||
− | * Simon Kingsnorth. Digital Marketing Strategy. |
||
=== Software and tools used within the course === |
=== Software and tools used within the course === |
||
+ | * Some static analyser |
||
− | |||
+ | * AFL |
||
= Teaching Methodology: Methods, techniques, & activities = |
= Teaching Methodology: Methods, techniques, & activities = |
||
Line 128: | Line 136: | ||
|+ Teaching and Learning Methods within each section |
|+ Teaching and Learning Methods within each section |
||
|- |
|- |
||
− | ! Teaching Techniques !! Section 1 !! Section 2 !! Section 3 !! Section 4 |
+ | ! Teaching Techniques !! Section 1 !! Section 2 !! Section 3 !! Section 4 !! Section 5 !! Section 6 |
|- |
|- |
||
− | | Problem-based learning (students learn by solving open-ended problems without a strictly-defined solution) || 1 || 1 || 1 || 1 |
+ | | Problem-based learning (students learn by solving open-ended problems without a strictly-defined solution) || 1 || 1 || 1 || 1 || 1 || 1 |
|- |
|- |
||
− | | |
+ | | Modular learning (facilitated self-study) || 1 || 1 || 1 || 1 || 1 || 1 |
|- |
|- |
||
− | | |
+ | | Differentiated learning (provide tasks and activities at several levels of difficulty to fit students needs and level) || 1 || 1 || 1 || 1 || 1 || 1 |
|- |
|- |
||
+ | | Contextual learning (activities and tasks are connected to the real world to make it easier for students to relate to them); || 1 || 1 || 1 || 1 || 1 || 1 |
||
− | | Task-based learning || 1 || 1 || 1 || 1 |
||
+ | |- |
||
+ | | Business game (learn by playing a game that incorporates the principles of the material covered within the course). || 1 || 1 || 1 || 1 || 1 || 1 |
||
|} |
|} |
||
{| class="wikitable" |
{| class="wikitable" |
||
|+ Activities within each section |
|+ Activities within each section |
||
|- |
|- |
||
− | ! Learning Activities !! Section 1 !! Section 2 !! Section 3 !! Section 4 |
+ | ! Learning Activities !! Section 1 !! Section 2 !! Section 3 !! Section 4 !! Section 5 !! Section 6 |
|- |
|- |
||
− | | Lectures || 1 || 1 || 1 || |
+ | | Lectures || 1 || 1 || 1 || 1 || 1 || 1 |
|- |
|- |
||
− | | |
+ | | Lab exercises || 1 || 1 || 1 || 1 || 1 || 1 |
− | |- |
||
− | | Lab exercises || 1 || 1 || 1 || 0 |
||
− | |- |
||
− | | Cases studies || 1 || 1 || 1 || 0 |
||
− | |- |
||
− | | Individual Projects || 1 || 1 || 1 || 1 |
||
− | |- |
||
− | | Peer Review || 1 || 1 || 1 || 1 |
||
− | |- |
||
− | | Discussions || 1 || 1 || 1 || 1 |
||
− | |- |
||
− | | Presentations by students || 1 || 1 || 1 || 1 |
||
− | |- |
||
− | | Written reports || 1 || 1 || 1 || 1 |
||
− | |- |
||
− | | Simulations and role-plays || 1 || 1 || 1 || 1 |
||
− | |- |
||
− | | Experiments || 0 || 1 || 1 || 0 |
||
− | |- |
||
− | | Group projects || 0 || 0 || 0 || 1 |
||
|} |
|} |
||
== Formative Assessment and Course Activities == |
== Formative Assessment and Course Activities == |
||
Line 177: | Line 167: | ||
! Activity Type !! Content !! Is Graded? |
! Activity Type !! Content !! Is Graded? |
||
|- |
|- |
||
+ | | Individual Assignments || A2: Product Ideation and Market Research<br>Find all weakness in the code snippet. Suggest how to fix them in a secure way. What is your recommendation for the code author? || 1 |
||
− | | after lecture assignments || Define target audience and describe type of market for your product. || 1 |
||
− | |- |
||
− | | after lecture assignments || Make 3 cusdev with potential/existing customers of your product. || 1 |
||
− | |- |
||
− | | after lecture assignments || Develop your marketing strategy and present it in-class. || 1 |
||
|} |
|} |
||
==== Section 2 ==== |
==== Section 2 ==== |
||
+ | |||
− | {| class="wikitable" |
||
− | |+ |
||
− | |- |
||
− | ! Activity Type !! Content !! Is Graded? |
||
− | |- |
||
− | | after lecture assignments || Write a marketing article about your product or technology in the informational style manner. || 1 |
||
− | |- |
||
− | | after lecture assignments || Create a landing page for your product and connect it to Yandex Metrica or Google Analytics. || 1 |
||
− | |- |
||
− | | after lecture assignments || Create a semantic core for your product and determine the current positions on your landing page. Determine key marketing metrics, including conversion rate, on your landing page. || 1 |
||
− | |} |
||
==== Section 3 ==== |
==== Section 3 ==== |
||
+ | |||
− | {| class="wikitable" |
||
− | |+ |
||
− | |- |
||
− | ! Activity Type !! Content !! Is Graded? |
||
− | |- |
||
− | | after lecture assignments || Create the sales funnel of your product and present it in-class. || 1 |
||
− | |- |
||
− | | after lecture assignments || Create the budget for your marketing and sales activities and approve it with management. || 1 |
||
− | |- |
||
− | | in-class exercise || “Sell me the pen” exercise. || 1 |
||
− | |} |
||
==== Section 4 ==== |
==== Section 4 ==== |
||
+ | |||
+ | ==== Section 5 ==== |
||
+ | |||
+ | ==== Section 6 ==== |
||
=== Final assessment === |
=== Final assessment === |
||
'''Section 1''' |
'''Section 1''' |
||
+ | |||
− | # For the final assessment, students have to prepare a full project of marketing and sales promotion of their IT product and present it on the exam. The project should contain the next parts: |
||
− | # The idea of your product/service. |
||
− | # Define your market. |
||
− | # Analise what type of market. |
||
− | # Target segment, who should we talk to? |
||
− | # What is your main message(s)? |
||
− | # What should we do to achieve the addressable market? |
||
− | # Brand promotion, knowledge, interest, coverage, sales etc. |
||
− | # Media design. |
||
− | # How should we say it? Creative strategy&content. |
||
− | # Channel (media) strategy. |
||
− | # How do we reach them? Evidence on a real case. |
||
− | # Budget. |
||
− | # Money for promotion. |
||
− | # How to close deals. Evidence on a real case. |
||
− | # Measurement. |
||
− | # How we control the result. Evidence on a real case. |
||
'''Section 2''' |
'''Section 2''' |
||
Line 233: | Line 187: | ||
'''Section 4''' |
'''Section 4''' |
||
+ | |||
+ | '''Section 5''' |
||
+ | |||
+ | '''Section 6''' |
||
=== The retake exam === |
=== The retake exam === |
||
'''Section 1''' |
'''Section 1''' |
||
+ | |||
− | # .3 The retake exam. |
||
− | # For the retake, students have to implement a product and follow the guidelines of the course. There has to be a meeting before the retake itself to plan and agree on the product ideas, and to answer questions. |
||
'''Section 2''' |
'''Section 2''' |
||
Line 244: | Line 201: | ||
'''Section 4''' |
'''Section 4''' |
||
+ | |||
+ | '''Section 5''' |
||
+ | |||
+ | '''Section 6''' |
Revision as of 12:02, 12 September 2022
Secure development
- Course name: Secure development
- Code discipline: XXX
- Subject area: Security and Networks
Short Description
Prerequisites
Prerequisite subjects
- CSE101: Introduction to Programming
- CSE112: Software Systems Analysis and Design
Prerequisite topics
- Basic programming skills, C/C++ is recommended
- Software design or software architecture
- Basics of compilers
Course Topics
Section | Topics within the section |
---|---|
Basics of security |
|
Security architecture |
|
Secure coding |
|
Secure operating |
|
Security assurance |
|
Linux security |
|
Intended Learning Outcomes (ILOs)
What is the main purpose of this course?
The main purpose of this course is to give students a security vision from up to down, because the security principle of weakest link insist that the weakest part of the process/system would be the one to be attacked.
ILOs defined at three levels
Level 1: What concepts should a student know/remember/explain?
By the end of the course, the students should be able to ...
- Remember main security principles
- List SDL stages
- Describe the difference between security and safety
- Explain basic binary vulnerabilities
- Specify the required security assurance
- Describe the key elements of SOC systems
- Explain why fuzzing is not the same as unit or integration testing
Level 2: What basic practical skills should a student be able to perform?
By the end of the course, the students should be able to ...
- Perform Threat Modeling
- Review code to find insecure patterns
- Deal with open source code securely
- Explain the value of bug bounty programme and find the right moment to start it
Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios?
By the end of the course, the students should be able to ...
- Suggest hardenings and architecture drifts to achieve required level of s&s
- Propose process improvement in a cost-effective manner that would drastically improve the security and safety level.
Grading
Course grading range
Grade | Range | Description of performance |
---|---|---|
A. Excellent | 80-100 | - |
B. Good | 60-79 | - |
C. Satisfactory | 40-59 | - |
D. Fail | 0-39 | - |
Course activities and grading breakdown
Activity Type | Percentage of the overall course grade |
---|---|
Assignment/Labs | 70 |
Final quiz | 30 |
Recommendations for students on how to succeed in the course
Participation is important. Showing up is the key to success in this course.
If you don’t have a corresponding technical background, please do not hesitate to ask lecturer. If you feel that the gap is deep, request for extra reading.
Reading the recommended literature is optional, and will give you a deeper understanding of the material.
Resources, literature and reference materials
Open access resources
- Owasp.com
- MITRE SOC Operations https://www.mitre.org/sites/default/files/publications/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf
- MISRA, AUTOSAR, SEI CERT
- https://www.microsoft.com/en-us/securityengineering/sdl
Closed access resources
- Matt Bishop, (2018) “Computer Security: Art and Science”
- D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design”
- D LeBlanc, Michael Howard (2002) “Writing secure code”
Software and tools used within the course
- Some static analyser
- AFL
Teaching Methodology: Methods, techniques, & activities
Activities and Teaching Methods
Teaching Techniques | Section 1 | Section 2 | Section 3 | Section 4 | Section 5 | Section 6 |
---|---|---|---|---|---|---|
Problem-based learning (students learn by solving open-ended problems without a strictly-defined solution) | 1 | 1 | 1 | 1 | 1 | 1 |
Modular learning (facilitated self-study) | 1 | 1 | 1 | 1 | 1 | 1 |
Differentiated learning (provide tasks and activities at several levels of difficulty to fit students needs and level) | 1 | 1 | 1 | 1 | 1 | 1 |
Contextual learning (activities and tasks are connected to the real world to make it easier for students to relate to them); | 1 | 1 | 1 | 1 | 1 | 1 |
Business game (learn by playing a game that incorporates the principles of the material covered within the course). | 1 | 1 | 1 | 1 | 1 | 1 |
Learning Activities | Section 1 | Section 2 | Section 3 | Section 4 | Section 5 | Section 6 |
---|---|---|---|---|---|---|
Lectures | 1 | 1 | 1 | 1 | 1 | 1 |
Lab exercises | 1 | 1 | 1 | 1 | 1 | 1 |
Formative Assessment and Course Activities
Ongoing performance assessment
Section 1
Activity Type | Content | Is Graded? |
---|---|---|
Individual Assignments | A2: Product Ideation and Market Research Find all weakness in the code snippet. Suggest how to fix them in a secure way. What is your recommendation for the code author? |
1 |
Section 2
Section 3
Section 4
Section 5
Section 6
Final assessment
Section 1
Section 2
Section 3
Section 4
Section 5
Section 6
The retake exam
Section 1
Section 2
Section 3
Section 4
Section 5
Section 6