A Systems Engineering Approach to Developing Cyber Security Professionals

Similar documents
Jort Kollerie SonicWALL

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

CEH Version8 Course Outline

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

CYBERTRON NETWORK SOLUTIONS

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

CRYPTUS DIPLOMA IN IT SECURITY

FORBIDDEN - Ethical Hacking Workshop Duration

Certified Ethical Hacker (CEH)

[CEH]: Ethical Hacking and Countermeasures

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Loophole+ with Ethical Hacking and Penetration Testing

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Detailed Description about course module wise:

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

CS5008: Internet Computing

LINUX / INFORMATION SECURITY

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

EC Council Certified Ethical Hacker V8

Network Security: A Practical Approach. Jan L. Harrington

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

External Supplier Control Requirements

CompTIA Security+ (Exam SY0-410)

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Ethical Hacking Course Layout

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

13 Ways Through A Firewall

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Preliminary Course Syllabus

Web App Security Audit Services

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

Principles of Information Assurance Syllabus

Cyber R &D Research Roundtable

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

13 Ways Through A Firewall What you don t know will hurt you

Introduction to Cyber Security / Information Security

The Protection Mission a constant endeavor

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Cyber Security Lexicon

Secure Code Development

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

EC-Council. Certified Ethical Hacker. Program Brochure

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Description: Objective: Attending students will learn:

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

The McAfee SECURE TM Standard

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Course Content: Session 1. Ethics & Hacking

locuz.com Professional Services Security Audit Services

BUY ONLINE FROM:

Post-Access Cyber Defense

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Passing PCI Compliance How to Address the Application Security Mandates

Build Your Own Security Lab

MODULES FOR TRAINING PROGRAMMES ON CYBER SECURITY

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

Effective Defense in Depth Strategies

Keyword: Cloud computing, service model, deployment model, network layer security.

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

DeltaV System Cyber-Security

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Where every interaction matters.

MS Information Security (MSIS)

BlackRidge Technology Transport Access Control: Overview

Certified Cyber Security Analyst VS-1160

RMAR Technologies Pvt. Ltd.

Security Goals Services

Course Title: Course Description: Course Key Objective: Fee & Duration:

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Designing a security policy to protect your automation solution

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Transcription:

A Systems Engineering Approach to Developing Cyber Security Professionals D r. J e r r y H i l l Approved for Public Release; Distribution Unlimited. 13-3793 2013 The MITRE Corporation. All rights reserved.

What is Cyber Security? Great Question! 2

Starting Point 3 Comprehensive approach to protecting data and the infrastructure that moves, stores, accesses, and manipulates that data.

Things to Cover Page 1 4 Malware Networks Bots Trojans Attack vectors Ports Defensive posture in depth Public Key Infrastructure Zero Day Exploit Intrusion Detection System Computer architecture SYN Flood Attack Cloud access Network Address Translation Access Data Encryption Standard Supply Chain Management Advanced Encryption Standard Spoofing Digital Forensics Confidentiality Integrity Availability Wireless Ethernet Honey Pot Patching IPv6 TCP/UDP MAC address Denial of Service Script Kiddies Auditing Back Doors Cryptography Viruses Worms Phishing Algorithm SQL Injects Authentication Buffer Overflows Domain Name Server Firewalls Hijacking Browser Helper Objects Ping Web Server Cookies Redirects Keystroke Loggers Configuration Errors Remote Access Virtual Private Network Password Strength Dictionary Attack Rootkits Protocols Sniffers

Today will just touch the surface 5

Goal Today 6 Suggest a methodology for analyzing and identifying the high level knowledge requirements of a cyber security professional Highlight key areas of knowledge a cyber security professional should have

Elements of Data Security 7 Secured Data Availability

Components of a Program of Instruction Confidentiality 8 Protection of data from disclosure to unauthorized persons Focus on data protection Major Sub-disciplines Cryptography Design and Creation of Algorithms Threat Analysis Algorithm Analysis Mathematics

Components of a Program of Instruction Integrity 9 Ensuring data remains as composed by the owner Balanced focus on Data and Infrastructure Major Sub-disciplines Information Security System Administration Operating Systems Intrusion Detection Systems Auditing Threat Analysis Penetration Testing Software & Malware Analysis Network Analysis

Components of a Program of Instruction Availability 10 Ensuring data is accessible to the owner/user when needed Focus is on Infrastructure Major Sub-disciplines Network Engineering Network Security Threat Analysis Supply chain management National infrastructure protection (SCADA)

The SE Process 11 Requirements Requirements Analysis Requirements Loop Functional Analysis* and Allocation Design Loop System Analysis & Control (Balance) Mil Std 499B Verification *Including decomposition Synthesis Design Alternative Design 1 Alternative Design 1 Alternative Design 1 Alternative 1 Specification The system shall The system shall The system shall The system shall The system shall The system shall The system shall System Architecture This document describes the technical references defining the constraining principles of the system s operation and the regulatory and statutory. TOC Server ABCS ABCS systems ABCS systems ABCS systems systems Organizational Architecture Conversion to 10Base2 for FBCB2 ATIA ATIA Web Server Ft Hood System Design

Creating a Curriculum to Satisfy Requirements 12 Requirements Secured Data Availability Graduate Skills The graduate shall be able to The graduate shall be able to The graduate shall be able to The graduate shall be able to The graduate shall understand The graduate shall understand The graduate shall understand 1. Analyze elements of data security 2. Identify basic skills required to accomplish those elements 3. Establish courses to impart those skills 4. Establish the overall Cyber Security discipline 5. Package courses for specific subdisciplines Program of Instruction (POI) Design Alternative Design 1 Alternative Design 1 Alternative Design 1 Alternative 1 Curricula

Summary 13 Cyber Security is a broad field with many subdisciplines. Focus of a cyber security professional is on protection of data and information systems. Cyber security professionals should be broadly knowledgeable of most sub-disciplines and preferably expert in one. Cyber security education involves a lot of OJT and is a continual process.

14 Final Thoughts The Future of Cyber Security Threat Based Defense Information Sharing Ethics must be a curricula item Professionals police themselves Professional Rules of Conduct Thin line between black hat and white hat; skills are easily transferrable

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information