| CODE | CPS2010 | ||||||||
| TITLE | Security by Design | ||||||||
| UM LEVEL | 02 - Years 2, 3 in Modular Undergraduate Course | ||||||||
| MQF LEVEL | 5 | ||||||||
| ECTS CREDITS | 5 | ||||||||
| DEPARTMENT | Computer Science | ||||||||
| DESCRIPTION | An exploration into the principles, methodologies, and practices of embedding security into the design phase of software and system development. Students will learn how to think proactively about security, develop secure coding practices, and evaluate the security implications of design choices. Rooted in a case study combining a development platform such as Supabase and Embedded Android , students will be guided through the design and implementation of a fully-fledged web application with security as a central pillar of their design approach. The study-unit will introduce students to the foundational concepts of security by design, address the legal aspects of security, and then delve into the Secure Development Lifecycle as a framework for the rest of the unit. The study-unit will then be organised into three parts: (1) Secure Coding - whereby students cover secure coding principles as a consequence of robust and non-fragile application design, patterns and anti-patterns; (2) Infrastructure and Platform Security - whereby students learn about the security considerations involved when designing and deploying infrastructure; and (3) Security Operations - whereby students learn about proactive and reactive strategies and technologies aimed at identifying, mitingating and responding to cybersecurity threats and vulenrabilities in a production environment. Study-unit Aims: 1. Cultivate a proactive security mindset amongst students, such that they adopt a security mindset from the initial stages of software and system development; 2. Develop comprehensive security knowledge, such that students act in a professional capacity based in foundational principles and best practices; 3. Enhance practical security skills, such that students apply what they learn to realistic case studies using industry-standard development tools and practices; 4. Promote ethical, responsible and law-abiding computing, such that students are able to discern what is and is not ethical, responsible and legal; and act accordingly. Learning Outcomes: 1. Knowledge & Understanding By the end of the study-unit the student will be able to: - Grasp and describe the core principles of integrating security measures early in the software development lifecycle, ensuring that security is a foundational aspect of all design choices; - Contextualise their activities within appropriate legal and ethical frameworks; - Apply security principles at design, coding, and operational phases of software development to provide a holistic security approach. 2. Skills By the end of the study-unit the student will be able to: - Given a system specification, carry out a risk assessment consider technical attributes and legal implications of the specification; - Apply secure coding practices based on secure design which focuses on robust application development and access control driven by secure design, and consequently preventing common vulnerabilities such as SQL injection, buffer overflows and cross-site scripting; - Apply security patterns and recognise antipatterns during systems development; - Secure infrastructure such as networks and cloud assets such as virtual machines and databases. Main Text/s and any supplementary readings: - Secure By Design First Edition by Daniel Deogun (Author), Dan Bergh Johnsson (Author), Daniel Sawano (Author) - Access Control and Identity Management (Information Systems Security & Assurance) 3rd Edition by Mike Chapple (Author). Jones & Bartlett Learning. 2020. ISBN-13: 978-1284198355. |
||||||||
| STUDY-UNIT TYPE | Lecture, Independent Study & Tutorial | ||||||||
| METHOD OF ASSESSMENT |
|
||||||||
| LECTURER/S | Mark J. Vella |
||||||||
|
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2025/6. It may be subject to change in subsequent years. |
|||||||||