•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Software Assurance

The intent of the Software Assurance Knowledge Unit is to provide students with the ability to describe why software assurance is important to the development of secure systems and describe the methods and techniques that lead to secure software.

Topics

  1. Apply modeling techniques and vulnerability mapping to evaluate potential security issues.
  2. l. Usability
  3. Describe examples of the application of Security Principles
  4. Compare and contrast the security of alternative designs
  5. Review Secure Design Patterns
  6. Evaluate the level of security required for system data.
  7. Apply Life of Data - N-order Scope Map
  8. Create an Audit Trail
  9. Increase Resiliency
  10. Design reviews
  11. Describe examples of the application of Security Principles:
  12. Usability
  13. Separation (of domains)
  14. 1. Describe examples of the application of Security Principles: a. Separation (of domains) b. Isolation c. Encapsulation d. Least Privilege e. Simplicity (of design) f. Minimization (of implementation) g. Fail Safe Defaults / Fail Secure h. Modularity i. Layering j. Least Astonishment k. Open Design l. Usability m. Reduce attack surfaces

Outcomes

  1. Apply security design principles.
  2. Describe how system design and architecture affects security.
  3. Create a system design optimized to meet appropriate security requirements.
  4. Apply modeling and vulnerability assessment to create a secure design.
  5. Explain the importance of Design Reviews in creating secure systems.
  6. Explain the importance of Design Reviews in creating secure systems

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0087 Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
K0153 Knowledge of software quality assurance process.
K0036 Knowledge of human-computer interaction principles.
K0032 Knowledge of resiliency and redundancy.
K0049 Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
K0323 Knowledge of system fault tolerance methodologies.
K0080 Knowledge of software design tools, methods, and techniques.
ID DESCRIPTION
S0103 Skill in assessing the predictive power and subsequent generalizability of a model.
S0160 Skill in the use of design modeling (e.g., unified modeling language).
ID DESCRIPTION
ID DESCRIPTION