Capacity Building in Cyber Security Literacy: An Inter-disciplinary Approach

Transcription

1 Capacity Building in Cyber Security Literacy: An Inter-disciplinary Approach This material is based upon work supported by the National Science Foundation under Grant No

2 Project Organization University of Nevada, Reno - Cyber Security Center A Land Grant institution with approximately 20,000 students and 950 faculty. The Cyber Security Center brings together expertise from a range of disciplines including political science, information systems, journalism, criminal justice, judicial studies, mathematics, psychology, military science, and computer science and engineering. Truckee Meadows Community College Approximately 12,000 students and 155 full time faculty. Transfer degrees and shared cybersecurity curriculum with university.

3 Primary Goals Integrate inter-disciplinary cybersecurity education and research seamlessly into and throughout the curriculum Engage students in activities that will enhance their knowledge of cybersecurity from an interdisciplinary perspective in the real world and attract them towards cybersecurity careers.

4 Library 1 - Social Science and Human Factors Module A: Information Technology and International Security Policy Module B: Cyberwar, Terrorism, Radicalization, and the War of Ideas Module C: Human-factor Espionage (HUMINT) and Social Engineering Module D: Political Economy of Cybersecurity Module E: Human Cybersecurity Library 2 Evidentiary and Legal Issues Module A: Evidentiary Issues in Cybersecurity Module B: Introduction to Digital Forensics Module C: Privacy Laws and Regulations Module D: Standards to Manage Cybersecurity Risks Module E: Export Controls CS 151 PSC 405D Classes JS 735 IS 470 CS 450 Library 3 - Cryptography Module A: Strong Passwords and Safe Internet Usage Module B: Overview of Network Attacks and Defenses Module C: Privacy Policy Agreement Checking Module D: Image Forgery Module E: Security of Biomedical Sensors, Devices, and Applications Library 4 Information Assurance Module A: Risk Management Module B: Business Continuity Planning Module C: Health-Information Risk-Management Module D: Managing Legal Requirements Module E: Cloud Security Risk Management

5 General Module Design Goals Class content for between 1.5 and 6 hours to allow adaptation for one class period or up to two weeks of class Content appropriate for beginning, intermediate and graduate level students Presentations, readings and activities can be adjusted based on student population and instructor comfort level. Live training options as well as support discussion forums/wikis

6 Library 1 - Social Science and Human Factors Module A: Information Technology and International Security Policy Module B: Cyberwar, Terrorism, Radicalization, and the War of Ideas Module C: Human-factor Espionage (HUMINT) and Social Engineering Module D: Political Economy of Cybersecurity Module E: Human Cybersecurity This library will introduce cybersecurity as a broad category of security on equal footing with national and international security. It will explore a larger, more diverse ecosystem of actors than in traditional security due to: Low barriers to entry. Super-empowered individuals * can act directly on world stage. Individuals can target states, states can target individuals Corporate actors as both initiators and targets of attacks.

7 Library 1, Module B Cyberwar, Terrorism, Radicalization, and the War of Ideas Objectives: Within cyberspace, what are the objects being fought over, i.e., what are the objects with strategic or tactical value? Who are the actors within cyberspace? (state-level organizations like military and intelligence services, extremist groups, militant groups, etc) What are the different sets of tools available to these groups with which they may pursue their objectives in cyberspace, and further what are the unique sets of constraints each group faces? For example, states may face limitations on the sorts of activity they may engage in when a target is physically located within their borders. How do these groups use the tools available to them, within their constraints, in order to achieve their strategic objectives in cyberspace? Lastly, how do these groups objectives in cyberspace connect with their objectives in real space?

8 Library 1, Module B Cyberwar, Terrorism, Radicalization, and the War of Ideas Materials Summary: PowerPoint slides with similar information presented in technical, nontechnical, as well as intermediate ways. A list of relevant readings covering the topic from a variety of disciplinary perspectives, levels of technical sophistication, as well as intellectual sophistication. A list of questions for classroom discussion A list of question for deeper analysis in the form of writing assignments. Guidelines for a cyberspace visualization assignment, designed to consolidate lessons and promote a pseudo-visual representation of cyberspace in students minds, increasing intuition.

9 Library 2 - Evidentiary and Legal Issues Module A: Evidentiary Issues in Cybersecurity Module B: Introduction to Digital Forensics Module C: Privacy Laws and Regulations Module D: Standards to Manage Cybersecurity Risks Module E: Export Controls Students will learn about evidentiary legal issues with respect to search and seizure, security of confidential information, privacy issues, legal issues, the integrity of the chain of custody, and international export controls; all of which are directly relevant to all electronically transmitted data. Regardless of discipline, students will become well-rounded in their knowledge of these issues surrounding cybersecurity.

10 Library 2, Module B Introduction to Digital Forensics Objectives: This module will enable the students to identify and articulate: seizure and preservation of digital evidence; data recovery skills; innovative forensics tools; computer forensics procedures for analyzing cybercrimes; awareness of cybercrimes related to network attacks and defense; and, legal requirements of e-discovery issues.

11 Library 2, Module B Introduction to Digital Forensics Materials Summary: PowerPoint Slides on Digital Forensic Theory and Issues Strongly Recommended and Comprehensive Reference List Lecture Notes and Class Discussion Points Online Instructor s Guide Data Recovery Exercises

12 Library 3 - Cryptography Module A: Strong Passwords and Safe Internet Usage Module B: Overview of Network Attacks and Defenses Module C: Privacy Policy Agreement Checking Module D: Image Forgery Module E: Security of Biomedical Sensors, Devices, and Applications Students will be introduced to common cybersecurity issues and defense schemes from both software and hardware aspects, including network attacks and defenses, privacy policy agreement, image forgery and detection, and security of biomedical sensors and devices. Students are expected to understand how multidisciplinary factors influence the technical design of cybersecurity defense schemes and how these schemes can help in real-world cyber-threat scenarios.

13 Library 3, Module A Strong Passwords and Safe Internet Usage Objectives: Importance of strong passwords and guidelines for creating strong passwords Use of digital certificate information in a web browser to insure it is correct site with secure connection Ability to recognize phishing s and pharming websites Influence of risk management analysis to passwords setting within a system and Internet usage

14 Library 3, Module A Strong Passwords and Safe Internet Usage Materials Summary: PowerPoint slides covering concepts of each of the four objectives Student assignments illustrating strong and weak passwords and password cracking Demonstrations of other authentication methods Student assignments to investigate digital certificates and phishing s Student exercise linking risk management analysis to website password requirements

15 Library 4 Information Assurance Module A: Risk Management Module B: Business Continuity Planning Module C: Health-Information Risk Management Module D: Managing Legal Requirements Module E: Cloud Security Risk Management Through this module, students will be exposed to critical analysis and decision making situations while understanding the practicalities of risk management and business continuity. This will aid in strengthening their understanding of theoretical riskmanagement concepts and make that learning more practically applicable.

16 Library 4, Module A Risk Management Objectives: The learning outcomes for this module enable the students to identify and articulate: Different aspects of risk management: risk acceptance, risk mitigation and risk transfer Why risk analysis important Why business needs to routinely review its risk analysis procedures Changes in the business environment necessitating risk review Weaknesses in risk analysis plans of an organization Risk management requirement for different types of organizations What actual steps must the organization take to prepare for risks How to conduct a cost benefit analysis for risk management

17 Library 4, Module A Risk Management Materials Summary: PowerPoint slides covering risk management theoretical concepts Risk management case study including case preparation questions (Omega Engineering Case) Risk evaluation exercise using a teaching case study as well as scenarios (Teaching case study Bank Solutions; scenarios are prepared for undergraduate as well as graduate level) Risk evaluation mathematical exercise (can be done on paper using calculator or in Excel)

18 Contact Information Principal investigator Dr. Shamik Sengupta: Co- principal investigator - Dr. Bill Doherty: bdoherty@tmcc.edu University of Nevada, Reno Cyber Security Center: