For the purposes of this course, Assurance is defined as “the basis for believing an information system will behave as expected”.

The extent to which one can believe that a particular system will behave as expected has been one of the major challenges in fielding “secure” information systems. There are way too many areas that can hide bugs, errors, design flaws, implementation errors, undocumented assumptions and the like, for any exhaustive approach to assurance to be effective. Consequently there has emerged a somewhat undisciplined if not chaotic approach(s) to assurance. This course will survey these approaches and analyze strengths, weaknesses, and shortcomings toward solving the challenge of fielding “secure information systems” that are fit for purpose.

This course revisits the ideas intended to be captured and enabled by assurance. It reviews the initial introduction of the concept in the computer / information security discipline; studies the evolution of the thinking; examines the multiple attempts to codify assurance; examines the current trajectory of assurance with regard to modern IT systems acquisition; addresses assurance with regard to the whole lifecycle and logistics process(s); addresses assurance with regard to hardware, assurance with regard to software, change control and systems management.

"Assurance" Full Course Description

"Assurance" courseware is expected to be available here soon...