Georgia Tech Cybersecurity Leadership Certificate Program July 25 29, 2016

Transcription

1 Georgia Tech Cybersecurity Leadership Certificate Program July 25 29, 2016 Preliminary Program Schedule The Georgia Tech Cybersecurity Leadership Certificate Program is presented with the guidance of Admiral James A. Winnefeld, Jr., former Vice Chair of the Joint Chiefs, retired. This intensive, four-day program addresses cybersecurity risks and the technology, policy, legal, and human dimensions that senior executives need to master to proactively manage, evaluate, and respond to cybersecurity threats. In addition to engaging lectures from Georgia Tech experts, the program also includes presentations from industry and government leaders, a tour of a security operations center, and tabletop exercises. The program requires no prior expertise in coding or network operations. Candidates are required to apply to participate in the program. The target audience is select incumbent or aspiring senior corporate executives, military officers, and policy advisors who need to better understand the challenges, context, and criticality of information technology and the global complexity of cybersecurity. Participants who complete the program will earn a Georgia Tech Cybersecurity Certificate and join the network of those whose expertise and understanding are shaping the future of the use of Information Communication Technologies. Learning Objectives:! Provide a baseline level of knowledge of software development and deployment to enable better understanding of vulnerabilities that allow malicious software to compromise enterprise systems.! Identify the spectrum of threat actors and their motivations and capabilities for employing cyberspace as an attack medium.! Describe different types of cyber attack vectors and techniques and their potential effects.! Deliver a solid foundation (at the executive level) in the art and science of defense against cyber attacks, including both technological and human performance.! Understand and evaluate cyber risk and organizational readiness for managing it.! Outline the importance of people, processes, security policies and security management roles and responsibilities in an organization.! Increase participant knowledge of governmental roles in cyber security, national and international policy and legal requirements, and the tension between privacy and security.

2 Monday, July 25 Setting the Baseline 11:00-12:00 Check in 12:00-1:20 Working Lunch, Welcome, and Introductions Admiral James A. Winnefeld, Jr., former Vice Chair of the Joint Chiefs, retired 1:20 1:30 BREAK 1:30 3:00 The Cyber Ecosystem: Reliance and Risks! A brief history of modern cyber ecosystems! Who are the attackers? What are their motivations and targets? 3:00 3:20 BREAK 3:20 4:50 The Cyber Defense Ecosystem! Who are the players?! How are they organized, how do they work, what are their interests?! What are their capability, capacity, and policy limitations? 4:50 5:15 Briefing on Scenarios & Teams! Introduction to the scenario exercises roles, rules and responsibilities 5:15 5:45 Feedback Roundtable! What do you want to leave knowing that you don t understand today? 5:45-6:30 BREAK 6:45 8:30 Dinner, Keynote, and SOC Tour at GTRI Tuesday, July 26 Scoping the Problems 7:30-8:00 Continental Breakfast & Networking 8:00 9:20 Risks I: Software/Coding Design, Development and Deployment 9:20 9:30 BREAK 9:30 10:45 Risks II: Networks and their Vulnerabilities! How do cyber attacks work?! Overview of network protocols! Configuration risks Generation Gaps in networks / infrastructure! WIFI other unsecured environments! Protocol risks! Future vulnerabilities such as internet of things

3 10:45 11:00 BREAK 11:00 12:30 Cyber Attack Impacts! What are the effects of cyber attacks?! Security of operations and data! Denial of service, theft of data, manipulation of data, network destruction! Considerations - Financial, legal, reputation, consumer confidence 12:30 1:30 Lunch and Keynote: Cyber Attacks past, present, and future 1:30 1:45 BREAK 1:45 3:15 Defenses I: Prevention and Detection! Technical defense philosophy and key security principles! Identity and access management! Encryption basics and its role in protecting your data! Network defenses -- firewalls, signature defenses, intrusion detection and prevention! Effectiveness and limitations of defenses! Moving away from signature based defenses! Impact of mobile! Impact of network and software application changes 3:15 3:30 BREAK 3:30 4:45 Defenses II: Response and Recovery! How can we tell if we have a problem?! Cyber forensics! What are the challenges in attributing their attacks?! How do we keep up with the challenges? 4:45 5:45 Scenario Exercise Briefing 5:45 6:30 BREAK 6:30 8:30 Dinner and Keynote, Technical Security Wednesday, July 27th - Organizational Readiness 7:30-8:30 Continental Breakfast & Networking 8:30-10:00 Conceptual overview of organizational and institutional environment of cybersecurity! New modes of governance at the domestic organizational level! New modes of governance at the transnational level! Public-private partnerships! Delegation and intermediary responsibility! Information sharing

4 10:00-10:20 Break 10:20-11:20 Human performance in cyber security! The high reliability organization (HRO) -- operational excellence applied to cyber, specific practices.! Security policy development and security management roles and responsibilities.! Tradeoffs between effective cyber hygiene and organizational effectiveness, training! Change management 11:20 1:20 Lunch and Company Tour 1:20 2:20 Assessing Corporate Cyber Risk 1.0 2:20 2:40 Break 2:40 5:00 Organizational Readiness! What you should be asking your organization! Meeting regulation and compliance requirements! Who s at the table when it happens?! Readiness and resilience - attacks on other entities! Corporate responsibilities 5:00-5:40 BREAK 5:45 Bus to Atlanta Federal Reserve (security check on arrival) 6:15-7:00 Cocktails on the Patio at the Atlanta Federal Reserve 7:00-8:30 Dinner and Keynote - Protection of Financial and Credit Card Transactions Thursday, July 28th - Government, Law, and Policy 7:30-8:30 Continental Breakfast & Networking 8:30 10:00 U.S. Domestic Law and Policy Initiatives in the Cyber Area! Cyber after Snowden! 4th Amendment, DCPA, CFAA, FISAA! The NIST cybersecurity framework! Jurisdiction debates! Relationship between civilian and Military 10:00-10:20 BREAK 10:30-12:00 Cyber in the Global Arena 1! The geopolitics of Internet governance! The global institutions of Internet governance! Trade in ICT and national cybersecurity concerns

5 ! CERTS, CSIRTS and national cybersecurity policies 12:00-12:45 Lunch 1:00 2:15 Cyber in the Global Arena 2! Intergovernmental negotiations and norm setting! How much of a threat is cyber-terrorism?! Cyber attribution and deterrence 2:15 2:30 BREAK 2:30 5:00 Cyber Tabletop Exercise 5:15-6:00 BREAK 6:00 Dinner and Keynote Friday, July 29th - Bringing It All Together 7:30-8:00 Continental Breakfast & Networking 8:00 9:30 Lessons and Feedback from the Exercises 9:30 9:45 BREAK 9:45 11:30 Panel Discussion 11:30-12:00 Evaluation and Presentation of Certificates 12:00 - Adjourn Confirmed Speakers & Facilitators! Mustaque Ahamad - Professor, School of Computer Science, Georgia Institute of Technology, Co-Founder and Chief Scientist at Pindrop Security! Dimitri Alperovitch - Co-Founder and CTO, Crowdstrike! Raheem Beyah - Professor, School of Electrical and Computer Engineering, Georgia Institute of Technology! Kirk Carver - Enterprise Strategy and Architecture Consulting, Microsoft Corporation! Marcus A. Christian - Partner, Mayer Brown Washington DC! Tarun Chaudhray - Doctoral Candidate, Sam Nunn School of International Affairs, Georgia Institute of Technology! Michael Ferrell - Chief Scientist of the Cyber Technology & Information Security Laboratory (CTISL) at the Georgia Tech Research Institute (GTRI)! R. William (Bill) Ide Partner, Dentons! Chris Kirchhoff - Director for Strategic Planning, National Security Council! Christopher Klaus - former Founder and CTO of Internet Security Systems! Hans Klein - Associate Professor, School of Public Policy, Georgia Institute of Technology

6 ! Wenke Lee - Co-Director, Institute for Information Security and Privacy, Professor and John P. Imlay Jr. Chair in the School of Computer Science, Georgia Institute of Technology! Jimmy Lummis - Information Security Policy and Compliance Manager, Georgia Institute Of Technology! Milton Mueller - Professor, School of Public Policy, Georgia Institute of Technology! Tom Noonan - Executive Chairman-Board of Directors, Ionic Security! Michael Salomone - Professor, Sam Nunn School of International Relations, Georgia Institute of Technology! Chris Smoak - Research Scientist and Division Chief in the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute! Teresa Shea - Executive Vice President and Director of Cyber Reboot, In-Q-Tel and former Director of Signals Intelligence, NSA! Peter Swire - Nancy J. and Lawrence P. Huang Professor of Law and Ethics, Scheller College of Business, Georgia Institute of Technology! Manos Tentzeris - Professor, School of Electrical and Computer Engineering, Georgia Institute of Technology! Admiral James A. Winnefeld, Jr. - former Vice Chairman of the Joint Chiefs of Staff and Professor, Sam Nunn School of International Relations, Georgia Institute of Technology