A Systems Engineering Approach to Developing Cyber Security Professionals

Transcription

1 A Systems Engineering Approach to Developing Cyber Security Professionals D r. J e r r y H i l l Approved for Public Release; Distribution Unlimited The MITRE Corporation. All rights reserved.

2 What is Cyber Security? Great Question! 2

3 Starting Point 3 Comprehensive approach to protecting data and the infrastructure that moves, stores, accesses, and manipulates that data.

4 Things to Cover Page 1 4 Malware Networks Bots Trojans Attack vectors Ports Defensive posture in depth Public Key Infrastructure Zero Day Exploit Intrusion Detection System Computer architecture SYN Flood Attack Cloud access Network Address Translation Access Data Encryption Standard Supply Chain Management Advanced Encryption Standard Spoofing Digital Forensics Confidentiality Integrity Availability Wireless Ethernet Honey Pot Patching IPv6 TCP/UDP MAC address Denial of Service Script Kiddies Auditing Back Doors Cryptography Viruses Worms Phishing Algorithm SQL Injects Authentication Buffer Overflows Domain Name Server Firewalls Hijacking Browser Helper Objects Ping Web Server Cookies Redirects Keystroke Loggers Configuration Errors Remote Access Virtual Private Network Password Strength Dictionary Attack Rootkits Protocols Sniffers

5 Today will just touch the surface 5

6 Goal Today 6 Suggest a methodology for analyzing and identifying the high level knowledge requirements of a cyber security professional Highlight key areas of knowledge a cyber security professional should have

7 Elements of Data Security 7 Secured Data Availability

8 Components of a Program of Instruction Confidentiality 8 Protection of data from disclosure to unauthorized persons Focus on data protection Major Sub-disciplines Cryptography Design and Creation of Algorithms Threat Analysis Algorithm Analysis Mathematics

9 Components of a Program of Instruction Integrity 9 Ensuring data remains as composed by the owner Balanced focus on Data and Infrastructure Major Sub-disciplines Information Security System Administration Operating Systems Intrusion Detection Systems Auditing Threat Analysis Penetration Testing Software & Malware Analysis Network Analysis

10 Components of a Program of Instruction Availability 10 Ensuring data is accessible to the owner/user when needed Focus is on Infrastructure Major Sub-disciplines Network Engineering Network Security Threat Analysis Supply chain management National infrastructure protection (SCADA)

11 The SE Process 11 Requirements Requirements Analysis Requirements Loop Functional Analysis* and Allocation Design Loop System Analysis & Control (Balance) Mil Std 499B Verification *Including decomposition Synthesis Design Alternative Design 1 Alternative Design 1 Alternative Design 1 Alternative 1 Specification The system shall The system shall The system shall The system shall The system shall The system shall The system shall System Architecture This document describes the technical references defining the constraining principles of the system s operation and the regulatory and statutory. TOC Server ABCS ABCS systems ABCS systems ABCS systems systems Organizational Architecture Conversion to 10Base2 for FBCB2 ATIA ATIA Web Server Ft Hood System Design

12 Creating a Curriculum to Satisfy Requirements 12 Requirements Secured Data Availability Graduate Skills The graduate shall be able to The graduate shall be able to The graduate shall be able to The graduate shall be able to The graduate shall understand The graduate shall understand The graduate shall understand 1. Analyze elements of data security 2. Identify basic skills required to accomplish those elements 3. Establish courses to impart those skills 4. Establish the overall Cyber Security discipline 5. Package courses for specific subdisciplines Program of Instruction (POI) Design Alternative Design 1 Alternative Design 1 Alternative Design 1 Alternative 1 Curricula

13 Summary 13 Cyber Security is a broad field with many subdisciplines. Focus of a cyber security professional is on protection of data and information systems. Cyber security professionals should be broadly knowledgeable of most sub-disciplines and preferably expert in one. Cyber security education involves a lot of OJT and is a continual process.

14 14 Final Thoughts The Future of Cyber Security Threat Based Defense Information Sharing Ethics must be a curricula item Professionals police themselves Professional Rules of Conduct Thin line between black hat and white hat; skills are easily transferrable