Open waciumawanjohi opened 2 years ago
waciumawanjohi
commented
2 years ago A possible future addition: Coursera expected the University of London to offer a Cyber Security Foundations course. This has not happened. When it does, perhaps it will be a suitable substitute for the RIT Cybersecurity Foundations course.
aayushsinha0706
commented
2 years ago A better course that does not require that much work compared to CyberSecurity fundamentals might be this also it covers most CS2013 recommended topics.
waciumawanjohi
commented
2 years ago While I'm still wary of the course burden (40-50 hours), this does look like a course covering the required material along with logical extensions. Good find!
nicol4us
commented
2 years ago You may want to check course from future learn below. Introduction to cyber security The rating is around 4.7 and has so many reviews. Probably just need around 24 hrs to finish it.
bradleygrant
commented
2 years ago I found the following series of articles discussing common OpSec issues that programmers have to navigate. Each of these are written from a practical standpoint, and they illustrate some of the common pitfalls in web/app design and how to mitigate them. The articles take from 5-10 minutes each to read.
However, this requires a Medium subscription (or free trial) to access.
In this series about application security (AppSec) we already explained some of the techniques of the attackers π and also techniques of the defenders π. We also covered parts of the OWASP Top 10 π:
Part 1: SQL Injections ππ Part 2: Donβt leak Secrets π Part 3: Cross-Site Scripting (XSS) ππ Part 4: Password Hashing π Part 5: ZIP Bombs π Part 6: CAPTCHA π Part 7: Email Spoofing π Part 8: Software Composition Analysis (SCA) ππ Part 9: XXE attacks ππ Part 10: Effective Access Control ππ Part 11: DOS via a Billion Laughs π Part 12: Full Disk Encryption π Part 13: Insecure Deserialization ππ Part 14: Docker Security π Part 15: CSRF ππ
bradleygrant
commented
2 years ago OWASP itself is a good free resource for cybersecurity-related content:
https://owasp.org/www-community/
Perhaps we can select several of these articles and build an annotated study guide or something?
riceeatingmachine
commented
2 years ago Check out this course: https://www.udacity.com/course/intro-to-information-security--ud459
The course information after you enroll says:
This is a graduate-level introductory course in information security. It teaches the basic concepts, principles, and fundamental approaches to secure computers and networks. Its main topics include:
Security basics Security management and risk assessment Software security Operating systems security Database security Cryptography algorithms and protocols Network authentication and secure network applications Malware Network threats and defenses Web security Mobile security Legal and ethical issues Privacy
It doesn't seem too long and seems to hit most things in the CS2013 list:
CIA (Confidentiality, Integrity, Availability) - Lesson 1 Concepts of risk, threats, vulnerabilities, and attack vectors (cros- reference SE/Software Project Management/Risk) - Lesson 2 and 5 Authentication and authorization, access control (mandatory vs. discretionary) - Lesson 3 Concept of trust and trustworthiness - this seems like more of an implicit topic? We could find a youtube video discussing it if we want it to be explicitly covered Ethics (responsible disclosure). (cross-reference SP/Professional Ethics/Accountability, responsibility and liability) - The course information says it's there, we already have entire courses on ethics
I am in the favor of getting rid of the entire core security section and having one course - this one or any other that covers the CS2013 guidelines. This is because Software Security is primarily a programming topic, and not a computer science topic. There's already so many courses, it doesn't make sense to ask students to devote 20 weeks to a topic that's supposed to take 1-4 hours of instruction. .
I recommend 1 course, and either getting rid of the rest or moving them to the advanced section so they become elective.
romanbird
commented
2 years ago There's already so many courses, it doesn't make sense to ask students to devote 20 weeks to a topic that's supposed to take 1-4 hours of instruction. .
Feel like this is a major flaw. What CS curriculum would have 16 weeks on algorithms and 20 weeks on security?
waciumawanjohi
commented
2 years ago Unfortunately, the discussion around Security has always been fairly disjoint. I kept the original RFC open for 2.5 years in hopes of getting some sort of majority or consensus choice from contributors. Similar to this thread, that RFC suffered from many suggestions from contributors that had little overlap.
I encourage contributors to respond directly to the many courses already suggested in this RFC and the original security RFC. Well reasoned reviews in favor of or opposed to courses already suggested will be much more valuable contributions than suggestions of entirely new courses.
waciumawanjohi
commented
2 years ago Check out this course: https://www.udacity.com/course/intro-to-information-security--ud459
The course has a free textbook: https://docs.google.com/document/d/1_kehNQg6mgUUbX2zPZnpddUORjmkz-QnIhOYhlzmdF0/edit#
Reviews from GA Tech grad students who have taken this course can be found here: https://www.omscentral.com/courses/introduction-to-information-security/reviews
The reviews focus mostly on the projects, which shouldn't be a factor for OSSU (I would be surprised if OSSU students had access to the project assignments and stunned if they had access to a project grader). Reviews of the textbook seem to universally mention that it is very dry reading but I didn't see anything to suggest it was otherwise deficient. I would characterize reviews of the lectures as middling, some positive some negative.
riceeatingmachine
commented
2 years ago Unfortunately, the discussion around Security has always been fairly disjoint. I kept the original RFC open for 2.5 years in hopes of getting some sort of majority or consensus choice from contributors. Similar to this thread, that RFC suffered from many suggestions from contributors that had little overlap.
I encourage contributors to respond directly to the many courses already suggested in this RFC and the original security RFC. Well reasoned reviews in favor of or opposed to courses already suggested will be much more valuable contributions than suggestions of entirely new courses.
I understand. Regarding this course: Introduction to cybersecurity essentials:
The what you will learn section contains: Recognize the importance of data security, maintaining data integrity,and confidentiality Demonstrate the installation of software updates and patches Identify preferred practices for authentication, encryption, and device security Discuss types of security threats, breaches, malware, social engineering, and other attack vectors
Seems like decent coverage for low course time overhead. We can use this.
However, I am still in favor of cutting the entire security section to less than 4-8 weeks i.e 40 hours of work as it's not particularly a CS topic. To further support the argument, I will say that Teachyourselfcs.com doesn't even include security as a topic.
waciumawanjohi
commented
2 years ago However, I am still in favor of cutting the entire security section to less than 4-8 weeks i.e 40 hours of work as it's not particularly a CS topic. To further support the argument, I will say that Teachyourselfcs.com doesn't even include security as a topic.
Just a reminder of our standards:
Courses must:
- Be open for enrollment
- Run regularly (ideally in self-paced format, otherwise running multiple times per year)
- Be of generally high quality in teaching materials and pedagogical principles
- Match the curricular standards of the CS 2013: Curriculum Guidelines for Undergraduate Degree Programs in Computer Science
While it may be interesting to note what other CS curricula do (we keep a running list of them here) or to note the graduation requirements at a particular school one admires, recommendations to changes should be grounded in the CS2013.
That said, I don't want to come off as unsympathetic to concerns that the curriculum is too long. I highly encourage contributors to look for places where we can replace recommendations that overshoot our guidelines with other courses that are better aligned.
aayushsinha0706
commented
1 year ago Just to mention this course is of just 4 weeks only and 5th week final exam is behind a paywall
And I enrolled into course just to browse material the average time for a week lecture is around 30-45 minutes and quizzes is behind a paywall but the course comes with extra optional reading resources that students can learn from.
A better course that does not require that much work compared to CyberSecurity fundamentals might be this also it covers most CS2013 recommended topics.
aayushsinha0706
commented
1 year ago 
aayushsinha0706
commented
1 year ago With reference to #1041 the coursera suggested University of London Cyber Security Fundamentals and it has been materialised now, I encourage maintainers of cs-repository to analyse this course on the lines of CS 2013 document. The course is of 3 weeks only and 22 hours of effort in total which is least effort required by any course mentioned here
bradleygrant
commented
1 year ago A member from the Discord noted that many of the former RIT-joint courses (the ones which were removed at the start of 2022) have returned to Coursera with some minor changes to remove RIT involvement and branding.
Could we now just replace the original course with the revamped version of the original course?
pcolt
commented
7 months ago What about Introduction to Cyber Security from the MOOC platform of the University of Helsinki?
Introduction to Cyber Security 1 CR (ECTS)
Schedule: Feb., 2024 β 31.5.2024 (new instance will be created shortly after the deadline)
This course of the course series will introduce the participant to the relevant issues in cyber security. These issues include the stakeholders' and users' ability to disrupt the functionality of a system; corporate responsibilities and liabilities; and the never-ending software crisis that is related to the increasing amount of software and maintenance. Here, we also introduce the basics of internet communication protocols and a gentle introduction to cryptography.
Estimated required hours to complete the course: 6-30 hours, depending on the background.
At the beginning was not clear to me but we are talking about a course within a series of courses. The confusion probably comes from the left-side menu which always shows the 6 courses/projects as if it was a unique bigger course.
I must say I didn't take any of them (a part of Full Stack Open which is great), but checking quickly the contents they look of good quality.
Problem: Cybersecurity Fundamentals was added to the curriculum, but needs discussion by the contributor community.
Duration: 2022, Aug 4
Background: The previous intro to security course was discontinued by Coursera. Read more here. In order to provide some recommendation, a new course was added without going through the normal RFC process. This RFC is a space to discuss the proposed course and any alternatives.
CS2013 has as a core security topic "Foundational Concepts in Security". This includes the topics of:
CS2013 expects this to be a light introduction, requiring as little as 1 hour of in-class instruction (which we can assume includes an additional 3 hours of out of classroom work).
Cybersecurity Fundamentals appears to address these topics. At the same time, a major disadvantage to Cybersecurity Fundamentals is that it is much longer than the previous course, at roughly 80 hours compared to the previous 15 hours. The core security curriculum recommends 2 courses after this. We should be wary of overemphasizing what is one of many important topics in the curriculum.
There are few courses that are targeted to these topics. These include:
Another possibility is to simply not include Cybersecurity Fundamentals from the curriculum without a replacement. The following course Principles of Secure Coding is the intro course for the Secure Coding Practices Specialization.
With no course that tightly addresses the CS2013 topic in question, along with the very few course hours expected to address the topic in question, it seems the best choice is not to recommend any course.
Proposal: Remove Cybersecurity Fundamentals from curriculum.
Alternatives: See Background.