RFC: Remove Cybersecurity Fundamentals from curriculum #1055
Comments
|
A possible future addition: |
|
A better course that does not require that much work compared to CyberSecurity fundamentals might be this also it covers most CS2013 recommended topics. |
|
While I'm still wary of the course burden (40-50 hours), this does look like a course covering the required material along with logical extensions. Good find! |
|
You may want to check course from future learn below. |
|
I found the following series of articles discussing common OpSec issues that programmers have to navigate. Each of these are written from a practical standpoint, and they illustrate some of the common pitfalls in web/app design and how to mitigate them. The articles take from 5-10 minutes each to read. However, this requires a Medium subscription (or free trial) to access.
|
|
OWASP itself is a good free resource for cybersecurity-related content: https://owasp.org/www-community/ Perhaps we can select several of these articles and build an annotated study guide or something? |
|
Check out this course: https://www.udacity.com/course/intro-to-information-security--ud459 The course information after you enroll says: This is a graduate-level introductory course in information security. It teaches the basic concepts, principles, and fundamental approaches to secure computers and networks. Security basics It doesn't seem too long and seems to hit most things in the CS2013 list: CIA (Confidentiality, Integrity, Availability) - Lesson 1 I am in the favor of getting rid of the entire core security section and having one course - this one or any other that covers the CS2013 guidelines. This is because Software Security is primarily a programming topic, and not a computer science topic. There's already so many courses, it doesn't make sense to ask students to devote 20 weeks to a topic that's supposed to take 1-4 hours of instruction. . I recommend 1 course, and either getting rid of the rest or moving them to the advanced section so they become elective. |
Feel like this is a major flaw. What CS curriculum would have 16 weeks on algorithms and 20 weeks on security? |
|
Unfortunately, the discussion around Security has always been fairly disjoint. I kept the original RFC open for 2.5 years in hopes of getting some sort of majority or consensus choice from contributors. Similar to this thread, that RFC suffered from many suggestions from contributors that had little overlap. I encourage contributors to respond directly to the many courses already suggested in this RFC and the original security RFC. Well reasoned reviews in favor of or opposed to courses already suggested will be much more valuable contributions than suggestions of entirely new courses. |
The course has a free textbook: https://docs.google.com/document/d/1_kehNQg6mgUUbX2zPZnpddUORjmkz-QnIhOYhlzmdF0/edit# Reviews from GA Tech grad students who have taken this course can be found here: https://www.omscentral.com/courses/introduction-to-information-security/reviews The reviews focus mostly on the projects, which shouldn't be a factor for OSSU (I would be surprised if OSSU students had access to the project assignments and stunned if they had access to a project grader). Reviews of the textbook seem to universally mention that it is very dry reading but I didn't see anything to suggest it was otherwise deficient. I would characterize reviews of the lectures as middling, some positive some negative. |
I understand. Regarding this course: Introduction to cybersecurity essentials: The what you will learn section contains: Seems like decent coverage for low course time overhead. We can use this. However, I am still in favor of cutting the entire security section to less than 4-8 weeks i.e 40 hours of work as it's not particularly a CS topic. To further support the argument, I will say that Teachyourselfcs.com doesn't even include security as a topic. |
Just a reminder of our standards:
While it may be interesting to note what other CS curricula do (we keep a running list of them here) or to note the graduation requirements at a particular school one admires, recommendations to changes should be grounded in the CS2013. That said, I don't want to come off as unsympathetic to concerns that the curriculum is too long. I highly encourage contributors to look for places where we can replace recommendations that overshoot our guidelines with other courses that are better aligned. |
|
Just to mention this course is of just 4 weeks only and 5th week final exam is behind a paywall And I enrolled into course just to browse material the average time for a week lecture is around 30-45 minutes and quizzes is behind a paywall but the course comes with extra optional reading resources that students can learn from.
|
|
|
|
With reference to #1041 the coursera suggested University of London Cyber Security Fundamentals and it has been materialised now, I encourage maintainers of cs-repository to analyse this course on the lines of CS 2013 document. The course is of 3 weeks only and 22 hours of effort in total which is least effort required by any course mentioned here |
|
A member from the Discord noted that many of the former RIT-joint courses (the ones which were removed at the start of 2022) have returned to Coursera with some minor changes to remove RIT involvement and branding. Could we now just replace the original course with the revamped version of the original course? |
|
What about Introduction to Cyber Security from the MOOC platform of the University of Helsinki?
At the beginning was not clear to me but we are talking about a course within a series of courses. The confusion probably comes from the left-side menu which always shows the 6 courses/projects as if it was a unique bigger course. I must say I didn't take any of them (a part of Full Stack Open which is great), but checking quickly the contents they look of good quality. |
Problem:
Cybersecurity Fundamentals was added to the curriculum, but needs discussion by the contributor community.
Duration:
2022, Aug 4
Background:
The previous intro to security course was discontinued by Coursera. Read more here. In order to provide some recommendation, a new course was added without going through the normal RFC process. This RFC is a space to discuss the proposed course and any alternatives.
CS2013 has as a core security topic "Foundational Concepts in Security". This includes the topics of:
Management/Risk)
liability)
CS2013 expects this to be a light introduction, requiring as little as 1 hour of in-class instruction (which we can assume includes an additional 3 hours of out of classroom work).
Cybersecurity Fundamentals appears to address these topics. At the same time, a major disadvantage to Cybersecurity Fundamentals is that it is much longer than the previous course, at roughly 80 hours compared to the previous 15 hours. The core security curriculum recommends 2 courses after this. We should be wary of overemphasizing what is one of many important topics in the curriculum.
There are few courses that are targeted to these topics. These include:
Another possibility is to simply not include Cybersecurity Fundamentals from the curriculum without a replacement. The following course Principles of Secure Coding is the intro course for the Secure Coding Practices Specialization.
With no course that tightly addresses the CS2013 topic in question, along with the very few course hours expected to address the topic in question, it seems the best choice is not to recommend any course.
Proposal:
Remove Cybersecurity Fundamentals from curriculum.
Alternatives:
See Background.
The text was updated successfully, but these errors were encountered: