Software Applications: Security Lifecycle Threats

Harvard Extension School

CSCI E-149A

Section 1

CRN 16691

View Course Details
You have been tasked with the design, development, and deployment of a new application, and there is more involved than just writing some code and testing it. How do we make sure that we have included security thinking throughout the entire product lifecycle—from concept to design to development, testing, and deployment? And what happens when this product is now nearing end of life—how do we make sure that we maintain its security posture even if we are no longer actively developing new features? What about all that data that has been collected by the product from users and customers? How do you know if you can handle a data breach or a cybersecurity compromise? How do you continue to protect the data your application processes and keep your application available and secure, and how do you prove this to your customers? How do you present- and future-proof against emerging technologies, regulations and industry trends? How do you make sure that you are set up to protect against threats from emerging technologies including machine learning/artificial intelligence (AI) and quantum computing? We address regulations and enforcement actions, including the United States President's Executive Order (EO) 14028 on Improving the Nation's Cybersecurity, the Cybersecurity and Infrastructure Agency's (CISA's) Secure by Design pledge, the US Securities and Exchange Commission guidelines on cybersecurity response, and global privacy regulations. The net is that you can be sure that whatever you do today may well not be enough to protect you tomorrow. In this course, we take a fictional product through the entire secure development lifecycle and explore how we think about and embed security into every phase, including those phases where security has traditionally been an afterthought. You apply these concepts—and tradeoffs—as you create and take your own software product through its end-to-end lifecycle. Threats and things to pay attention to include discussions drawn from the news (sadly there are always on-point things in the cybersecurity news that we can use as the basis of discussion), as well as CISA's Zero Trust Maturity Model, Secure by Design requirements, guidelines for secure AI system development, CISA's Known Exploitable Vulnerability (KEV) lists, threat modeling, risk management concepts, and whatever is topical at the time in the news.

Registration Closes: August 29, 2024
Credits: 4

View Tuition Information

Term

Fall Term 2024

Part of Term

Full Term

Format

Flexible Attendance Web Conference

Credit Status

Graduate, Noncredit, Undergraduate

Section Status

Open

Instructor Info

Heather Hinton, PhD

Chief Information Security Officer in Residence, Professional Association of CISOs


Meeting Info

W 5:30pm - 7:30pm (9/3 - 12/21)

Participation Option: Online Asynchronous or Online Synchronous

In online asynchronous courses, you are not required to attend class at a particular time. Instead you can complete the course work on your own schedule each week.

Deadlines

Last day to register: August 29, 2024

Prerequisites

Familiarity or experience with security software development principles. A basic understanding of security threats, tools, and landscape.

Notes

This course meets via web conference. Students may attend at the scheduled meeting time or watch recorded sessions asynchronously. Recorded sessions are typically available within a few hours of the end of class and no later than the following business day.

Syllabus

Learn More

Tuition

View Tuition Information

All Sections of this Course

CRN Section # Participation Option(s) Instructor Section Status Meets Term Dates
16691 1 Online Asynchronous, Online Synchronous Heather Hinton Open W 5:30pm - 7:30pm
 Sep 3 to Dec 21

This Course May Contribute to: