Note: The Curriculum Resources shown below can be downloaded individually by selecting each link or you can download them all at once.
Critical Infrastructure Protection - Module 1 of 16 – Introduction to Critical Infrastructure Protection
This module is designed for the instructor to present an overall view of the CIP landscape. It will introduce what the critical infrastructure elements are, who runs them, who regulates them and what the major sources of issues are for them in general.
Critical Infrastructure Protection - Module 2 of 16 – Strategic Framework
This module covers CIP Governance, Strategy and Planning, and Partnerships and Preparedness. At the end of the module, the student will understand the unique environment of critical infrastructures over other complex systems.
Critical Infrastructure Protection - Module 3 of 16 – Risk Management
This module will introduce the student to classical risk analysis techniques and also issues such as long tail analysis associated with large complex systems that exist over long periods of time.
Critical Infrastructure Protection - Module 4 of 16 – Security Development Lifecycle (SDL)
This module will introduce the concepts of a security development lifecycle. Although this has gained fame from a software development point of view, the main purpose of this class is to generalize the concept to a higher level of abstraction. SDL works because security is designed into the PROCESS at every step. If we desire the same result for critical infrastructures, then we need to make the appropriate process changes to all associated processes including the protection (or security) element. You can’t bolt security on later and expect it to work, it must be designed and built in from the foundation. Using SDL and how it has been successful will be used as an exemplar on how to do this right for CIP.
Critical Infrastructure Protection - Module 5 of 16 – CIP Threat Modeling
The purpose of this material is to demonstrate how to incorporate security thinking into the requirement and design phases and communicate the information across the team. Because this communication element rests upon process elements covered in the SDL lecture, this class needs to occur following the SDL class.
Critical Infrastructure Protection - Module 8 of 16 – System Theory and Systems Science
This module is designed to introduce students to the concepts of systems science, systems dynamics and how this work applies to critical infrastructure systems. We are used to applying reductionist thought to simplify systems so we can manipulate them, yet this has not always lead to the desired outcome. This module will explore the why and how of this with respect to large complex systems of systems.
Critical Infrastructure Protection - Module 11 of 16 – Public Water Systems
This module is designed to be an overview of Public Water Systems. The module provides definitions for public water systems, their components, and how they are controlled. Supervisory Control and Data Acquisition Systems (SCADA) are introduced as well as the networked devices comprising such systems. Twenty one steps for securing SCADA systems are discussed within the context of standardized PCs, networked SCADA systems and the Internet. This class provides background information and terminology that is necessary for constructive conversations concerning Public Water Systems.
Critical Infrastructure Protection - Module 15 of 16 – Business Continuity Planning
This module is designed to be an overview of Business Continuity Planning (BCP). The module provides definitions and an introduction to the concepts and processes of BCP.
Critical Infrastructure Protection - Module 16 of 16 – Information Systems and Cyber Crime
This module presents information about cybercrime from an international perspective using international examples. Significant effort has been expended in creating detailed notes for the instructors within the slide deck as well listing key research manuscripts for instructors should they wish to delve further into the material. Links to video content are also listed for instructors wanting to give audience members multiple points of exposure from multimedia content.
Microsoft Security Development Lifecycle
This site highlights different resources, blogs, training material, SDL tools and videos around the Microsoft Security Development Lifecycle.
Simplified Implementation of the Microsoft SDL
This document illustrates the core concepts of the Microsoft Security Development Lifecycle (SDL) and discusses the individual security activities that should be performed in order to claim compliance with the SDL process.
Microsoft Trustworthy Computing Site
This site lists the following four key areas around Trustworthy Computing: Security, Privacy, Reliability and Business Practices.
The Security Development Lifecycle by Michael Howard and Steve Lipner
This book details a rigorous, proven methodology that measurably minimizes security bugs—the Security Development Lifecycle (SDL). In this book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL—from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
MSDN Security Site
This site will provide you with software and other downloads including sample code and links to various learning materials and other resources (i.e. forums and team blogs).
MSDN Windows Security Site
On this site you will find information that will show you how to program Windows security features.
Manage Risks through Enhancing Security and Control with Microsoft Windows 7
This site provides the essential information that you will need to know to ensure that the adoption and deployment of Windows 7 is secure and will meet your organizations risk and compliance needs. You will explore the lessons learned from the early adopters and also learn tips and tricks on how to get the most out of the security features of Windows 7.
Microsoft Channel 9 Security Talks
View this site to listen to numerous talks and security including information about Security and the Cloud and the Microsoft Security Development Lifecycle.
To see all Resource Center content for Critical Infrastructure Protection click
To provide feedback or suggestions on the list of Suggested Resources click