Fig 1 - uploaded by Mike Johnstone
Content may be subject to copyright.
Malicious code signatures (adapted from [8]).
![Fig. 1. Malicious code signatures (adapted from [8]).](profile/Mike-Johnstone/publication/270306489/figure/fig1/AS:965237708697602@1607142011597/Malicious-code-signatures-adapted-from-8_Q320.jpg)
Context in source publication
Similar publications
Citations
... In this section, the existing works on software security education are described in chronological order. Johnstone [18] described the application of a secure programming unit in an existing Australian university curriculum. The unit addressed the main problems in security education, and students had the benefit of learning about the dilemmas presented in this unit. ...
... In conclusion, most available works have not given course content much attention compared with other aspects of software security education, such as focusing on the security of coding [18,32] or the importance of software security in academic programs [20,38]. Some researchers discussed the integration of software security with other courses [17,37]. ...
... The first term (cybersecurity, one-word spelling) was used by most programs (9 out of 13), while the second term (cyber security, two-words spelling) was used by the rest of the programs (4 out of 13) shown in Table 4. From the IT perspective, there is no difference between the two terms. Sommerville [31] and Burley and Lewis [4], for instance, use the first term while others use the second term, such as Pressman and Maxim [28] and Johnstone [18]. The same is applicable to similar terms starting with the word cyber such as cyberspace and cybercrime. ...
Software security education is still not preparing students for the types of high‐skilled technical roles that represent the most severe workforce shortage. Recognizing this, academia has begun redefining the knowledge area concepts of software security curricula to meet the current workforce shortage. This article studies the software security courses in Arab Gulf academic programs and benchmarks their descriptions with the corresponding knowledge area from cybersecurity Curricula (CSEC). 2017, the first set of global cybersecurity curricular guidelines. Using content analysis, six concepts or essentials are investigated: security requirements, secure design principles, secure source code, analysis and testing, patch, and ethics. It was found that no course follows all the CSEC. 2017 essentials. The analysis and testing essential were considered by all courses, and security after deployment, including the patch essential, needs more attention because it was not included in any course. Similarly, the security requirements and ethics essentials were also considered by a few courses. However, software success depends on requirements, and ethics has become critical in the cybersecurity and information assurance fields that depend on law and forensics. The secure source code essential was covered by most courses. The well‐known types of code attacks were covered, and over half of the courses discussed secure design principles essential. However, security by design is an emerging development philosophy. The article discussed observations and recommendations that will assist program managers and their staff in making effective decisions about the essentials and concepts that should be included when they are developing the software security curriculum.
... Other authors like Johnstone (2013) believe that a good understanding of how systems work in practice is unavoidable. They think this is true also in teaching secure coding to beginners, because, although some vulnerabilities can be mitigated with simple programming techniques, the most significant exploits are performed by individuals that have invested a considerable amount of time in understanding how software behaves and how to exploit it. ...
As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education , we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.
It is critical that cyber education curriculum considers the growing cyber technologies and which aspects of these technologies need to be aligned with the fourth industrial revolution. This chapter seeks to present a comprehensive analysis of the current level of cyber security education in South Africa. It will also track the current trends of cyber security education in the country as well as examining any challenges being experienced including any knowledge gaps. In the end, the chapter proposes recommendations for consideration in strengthening cybersecurity education in the country in to achieve advanced cyber security responses, capable of mitigating any cyber security threats. Offering quality cyber security education is important in preparing the next generation cyber security practitioners, who are highly competent and capable of developing innovative solutions in response to the growing global demand of cyber technologies. The chapter ends by proposing specific strategies that can guide towards this ideal in the context of the fourth industrial revolution.
The issue of cybercrime is becoming crucial in society. This is partly a result of the widespread adoption of technology in both essential government infrastructure and our daily lives. Due to an overreliance on technology, hackers and other people with bad intentions now have more ways to exploit systems and access databases containing sensitive data, including records relating to people's personal, financial, educational, and medical records. The importance of cybersecurity can be understood through research. Cyber security follows real-time information on the latest IT data. So far, various methods have been proposed by researchers around the world to prevent cyber-attacks or reduce the damage caused by them.
It is critical that cyber education curriculum considers the growing cyber technologies and which aspects of these technologies need to be aligned with the fourth industrial revolution. This chapter seeks to present a comprehensive analysis of the current level of cyber security education in South Africa. It will also track the current trends of cyber security education in the country as well as examining any challenges being experienced including any knowledge gaps. In the end, the chapter proposes recommendations for consideration in strengthening cybersecurity education in the country in to achieve advanced cyber security responses, capable of mitigating any cyber security threats. Offering quality cyber security education is important in preparing the next generation cyber security practitioners, who are highly competent and capable of developing innovative solutions in response to the growing global demand of cyber technologies. The chapter ends by proposing specific strategies that can guide towards this ideal in the context of the fourth industrial revolution.
