SwA in Education, Training & Certification - US-Cert
SwA in Education, Training & Certification - US-Cert
SwA in Education, Training & Certification - US-Cert
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 3– Strategies for Inject<strong>in</strong>g <strong>SwA</strong> Knowledge Areas <strong>in</strong>to exist<strong>in</strong>g <strong>Education</strong> and Tra<strong>in</strong><strong>in</strong>g Programs<br />
Strategy Relevant Documents and L<strong>in</strong>ks<br />
Stand-alone<br />
Courses<br />
Augment<strong>in</strong>g<br />
Exist<strong>in</strong>g<br />
Courses<br />
Micro-Modules<br />
Capstone and<br />
Class Projects<br />
Onl<strong>in</strong>e Courses<br />
Awareness and<br />
Self-study<br />
Resources<br />
New course offer<strong>in</strong>gs based on <strong>SwA</strong> knowledge areas complement exist<strong>in</strong>g Software Eng<strong>in</strong>eer<strong>in</strong>g courses.<br />
Examples: http://www.cs.jmu.edu/sss<br />
https://www.securecod<strong>in</strong>g.cert.org/confluence/display/sci/S08+15392+Secure+Programm<strong>in</strong>g<br />
Also: graduate-level Software Assurance courses that cover secure software eng<strong>in</strong>eer<strong>in</strong>g activities dur<strong>in</strong>g the<br />
SDLC are offered at the University of North Carol<strong>in</strong>a at Charlotte, and The University of Nebraska at Omaha.<br />
The <strong>SwA</strong> CBK and State-of-the-Art reports are catalogs of secure software development practices, processes,<br />
and techniques that can be mapped to topics relevant to current curriculums. The identified gaps can then be<br />
filled us<strong>in</strong>g relevant materials.<br />
Problem-based learn<strong>in</strong>g exercises, <strong>in</strong> class workshops, or short talks to <strong>in</strong>ject topics such as Misuse Cases<br />
and Assurance Cases <strong>in</strong>to exist<strong>in</strong>g software eng<strong>in</strong>eer<strong>in</strong>g or <strong>in</strong>formation security courses.<br />
Software Eng<strong>in</strong>eer<strong>in</strong>g capstone courses or class projects which can be geared towards a security critical<br />
doma<strong>in</strong> such as design<strong>in</strong>g a software system for the Department of Defense, Cyber-physical systems or for a<br />
Credit Card transaction process<strong>in</strong>g company. These doma<strong>in</strong>s will facilitate the exploration of security needs<br />
throughout the SDLC.<br />
The Adaptive Cyber-Security Tra<strong>in</strong><strong>in</strong>g Onl<strong>in</strong>e (ACT-Onl<strong>in</strong>e) courses are available on the TEEX Domestic<br />
Preparedness Campus. Ten courses address three discipl<strong>in</strong>e- specific tracks. The targets are everyday nontechnical<br />
computer users, technical IT professionals, bus<strong>in</strong>ess managers and professionals. These courses<br />
are offered at no cost and students earn a DHS/FEMA <strong>Cert</strong>ificate of completion along with Cont<strong>in</strong>u<strong>in</strong>g<br />
<strong>Education</strong> Units (CEU) at the completion of each course.<br />
http://www.teexwmdcampus.com/<strong>in</strong>dex.k2<br />
The CERT Virtual Tra<strong>in</strong><strong>in</strong>g Environment (VTE) comb<strong>in</strong>es the components of traditional classroom tra<strong>in</strong><strong>in</strong>g<br />
with the convenience of web-based tra<strong>in</strong><strong>in</strong>g. Over 200 hours of course material focused around the technical,<br />
policy, and management implications of <strong>in</strong>formation security – <strong>in</strong>clud<strong>in</strong>g preparatory courses for commercial<br />
certifications, core skills courses, role-based courses for managers and technical staff, and vendor-developed<br />
courses. Open access is provided to <strong>in</strong>dividual DoD personnel (Active Duty, DoD Civilian and contractors) and<br />
members of the Federal Civilian Workforce through specific sponsorships from DISA, and DHS <strong>in</strong> conjunction<br />
with the Department of State Foreign Service Institute. Sponsored accounts can be requested at<br />
www.vte.cert.org. Public access to many of the materials is provided through the VTE Library at<br />
https://www.vte.cert.org/vteweb/Library/Library.aspx<br />
SAFECode: Software Assurance Forum for Excellence <strong>in</strong> Code. http://www.safecode.org<br />
Fundamental Practices for Secure Software Development<br />
http://www.safecode.org/publications/SAFECode_Dev_Practices1108.pdf<br />
Security Eng<strong>in</strong>eer<strong>in</strong>g Tra<strong>in</strong><strong>in</strong>g<br />
http://www.safecode.org/publications/SAFECode_Tra<strong>in</strong><strong>in</strong>g0409.pdf<br />
Software Assurance: An Overview of Current Industry Best Practices<br />
http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf<br />
Framework for Software Supply Cha<strong>in</strong> Integrity<br />
http://www.safecode.org/publications/SAFECode_Supply_Cha<strong>in</strong>0709.pdf<br />
Software Integrity Controls: An Assurance-Based Approach to M<strong>in</strong>imiz<strong>in</strong>g Risks <strong>in</strong> the Software<br />
Supply Cha<strong>in</strong>.<br />
http://www.safecode.org/publications/SAFECode_Software_Integrity_Controls0610.pdf<br />
Rugged Software<br />
http://www.ruggedsoftware.org/<br />
Podcasts<br />
http://www.cigital.com/silverbullet/<br />
Software Assurance Pocket Guide Series:<br />
Life Cycle Support, Volume I – Version 2.2, Mar 16, 2011<br />
Software Assurance <strong>in</strong> <strong>Education</strong>, Tra<strong>in</strong><strong>in</strong>g & <strong><strong>Cert</strong>ification</strong><br />
9