The Security Theme: an introduction



Similar documents
Bellevue University Cybersecurity Programs & Courses

EC-Council. Certified Ethical Hacker. Program Brochure

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

InfoSec Academy Application & Secure Code Track

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

External Supplier Control Requirements

Detailed Description about course module wise:

Certified Cyber Security Analyst VS-1160

Introduction to Cyber Security / Information Security

McAfee Security Architectures for the Public Sector

McAfee - Overview. Anthony Albisser

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Jort Kollerie SonicWALL

Top tips for improved network security

Current Threat Scenario and Recent Attack Trends

Module 3 Applications of Information Systems: Enterprise Systems

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

External Supplier Control Requirements

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cybersecurity: Protecting Your Business. March 11, 2015

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Cyber Security Solutions:

Data Center security trends

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

Department of Information Systems and Cyber Security

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Internet threats: steps to security for your small business

The Information Security Problem

EC Council Certified Ethical Hacker V8

Practical Steps To Securing Process Control Networks

IT Networking and Security

Cyber Essentials KAMI VANIEA 2

Five keys to a more secure data environment

Computer Security and Investigations

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Defending Against Data Beaches: Internal Controls for Cybersecurity

COSC 472 Network Security

Cyber Security and Critical Information Infrastructure

Assessing the Effectiveness of a Cybersecurity Program

Protecting Organizations from Cyber Attack

MSc Cyber Security UKPASS P Course 1 Year Full-Time, 2-3 Years Part-Time

Security and Privacy

Cyber security Building confidence in your digital future

IBM Security Strategy

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

One Minute in Cyber Security

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

What Data? I m A Trucking Company!

Certified Cyber Security Analyst VS-1160

3 day Workshop on Cyber Security & Ethical Hacking

Principles of Information Assurance Syllabus

Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Unit 3 Cyber security

10 Smart Ideas for. Keeping Data Safe. From Hackers

Security Services. 30 years of experience in IT business

INFORMATION SECURITY FOR YOUR AGENCY

Paul Vlissidis Group Technical Director NCC Group plc

Evaluation of different Open Source Identity management Systems

Chapter 15: Computer and Network Security

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Bachelor of Information Technology (Network Security)

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

[CEH]: Ethical Hacking and Countermeasures

Certified Information Systems Auditor (CISA)

Research Topics in the National Cyber Security Research Agenda

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Internal Audit Takes On Emerging Technologies

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Teradata and Protegrity High-Value Protection for High-Value Data

Who s Doing the Hacking?

Transcription:

The Security Theme: an introduction School of Computer Science The University of Manchester 1

Outline Why do we need a Security Theme? Core Modules Cryptography Cyber security Some Research Activities Ratio of hackers to security professionals ~ 1000:1* Computer Security Military Intelligence The laws of thermodynamics** But you can manage the risks... disrupt and counter the kill chain... taking heed of the Security Theme! *SANS (SysAdmin, Audit, Network, Security) Institute **You can t win... you can t even break even 2

The challenge 3

Hacking -as-a-service Consulting services such as botnet setup ($350-$400) Infection/spreading services (~$100 per 1K installs) Botnets & Rentals [Direct Denial of Service (DDoS) $535 for 5 hours a day for one week], e-mail spam ($40 / 20K e-mails) and Web spam ($2/30 posts) Blackhat Search Engine Optimization (SEO) ($80 for 20K spammed backlinks) Inter-Carrier Money Exchange and Mule services (25% commission) Recruited CAPTCHA Breaking ($1/1000 CAPTCHAs) Crimeware Upgrade Modules: Using Zeus Modules as an example, range anywhere from $500 to $10K Source: Fortinet 2013 Cybercrime Report 4

So we need a fifth column to protect the systems of today and build tomorrow s systems safely 5

Cyber Security: topics Risk assessment Requirement and policy specifications Solutions and countermeasures Intrusion detection/prevention Secure software Authentication and authorisation Virtual Private Networks Firewalls Digital certification and Public Key Infrastructures Real-life exemplar security systems (cloud computing security, web security, email security wireless network security, electronic payment systems, etc) Audits and reviews System security planning Penetration testing Digital forensics 6

How Lectures Guest lectures CY40R; Digital forensics McAfee; Malware and intruders: vulnerabilities and countermeasures NCC Group; Penetration Testing Cryptography Examination (60%) Coursework (40%) Cyber security Coursework (2x25%) Groupwork Case studies Report Review/inspect Templates Report Risk treatment plan Examination (50%) Employment potential 7

Cyber security COMP61421 Advanced Computer Science Security Theme Business Continuity Security Incidents and Events Information Information Assets Information Assets Information Assets Assets Realised Risk Dependencies Business Impact (Value C-I-A) Risk Assessment (Risk Register) Controls Controls Risk Treatments Controls (Controls) Risk Attitude People: Human Factors Behaviour Process Technology 8

Objectives Advanced Computer Science Security Theme Conformance Business Continuity Evaluate Leadership Direct Monitor Performance Security Incidents and Events Ethical framework IT Governance Use Development Operations Information Information Assets Information Assets Information Assets Assets Abuse Failure Realised Risk Dependencies Risk Appetite Business Impact (Value C-I-A) Risk Assessment (Risk Register) Controls Controls Risk Treatments Controls (Controls) Project Management Portfolio Management Risk Attitude People: Human Factors Behaviour IT Governance Programme Process Technology COMP60721 Management 9 Security Architecture

Help new and constant Bad 20000 new pieces of malware per hour (McAfee) 15 friends invited on Facebook 21,000 accepted 60,000 for losing an unencrypted laptop Fined 100,000 for faxing details of a child sex abuse case to a member of the public Fined 2.75m for loosing a laptop with records of 46,000 people Good You become the Fifth Column 1. Cryptography 2. Cyber security 10

11

Summary: the two laws of security 1.Never reveal everything you know. And now Dr Zhang on some more projects 12

Some research Projects/Activities Designs of systems or solutions for security and privacy in distributed systems Cloud and Ubiquitous Computing, and electronic commerce covering issues such as risk-based authentication, authorisation, intrusion detections, and trust management. FAME-Permis Traceable Identity Privacy FIDES Context-aware Security Provision Wireless Network Security Adaptive Security Solutions 13

The FAME - Permis Project A middleware extension to Shibboleth to support Inter-organisational resource sharing Single sign-on User identity privacy Fine-grained access control 14

ASI-API 6. Authentication is successful Advanced Computer Science Security Theme LoA linked AC (FAME-permis) User s Home Site Web Server Shib-HS Protected by F-LS FAME Login Server (F-LS) AuthServices x, y, z, 3. Re-direct to HS WAYF Where Are You From? 4. Authenticate yourself with AuthService x Host Authentication Module (HAM) Browser TI-API PKCS#11 tokens, Java Cards,... 1. User request 5. Authentication dialogue The Internet 7. Handle 2. Re-direct to WAYF for Handle Shib Target - Resource Gateway SHIRE SHAR 8.Handle 15

FIDES Aim to secure e-commerce transactions, e.g. e-payment vs e-goods (e-purchase). e-goods/e-mail vs Signed receipt (Certified delivery). Signed contract vs Signed contract (Contract signing). e-goods vs e-goods (Barter). can be used to develop new secure business applications, such as e-procurement. 16

Context-aware Security Provision Use your context data to determine the level of security protection Your location This room, or Airport lunge Your device Wireless PDA, or More capable desktop Your past access history/profile Have you been a good guy, or You have tried to breach some rules 17

Context-aware Access Control Resource Policy Store Policy PDP Policy Decision PEP Access Requester Context Acquisition Context Service Context Source Sensors 18

Context-aware Adaptive Routing in MANETs Context-aware multiple route adaptation can increase reliability with low costs. B P A M Internet X C 19

Other project opportunities may include Whitelisting software A method to articulate requirements for security (MARS) Measuring security maturity to understand the costs and benefits of countermeasures Security dashboard Information and cyber security threat analyser IT Strategy design tool Protect- Operate - Selfpreserve: designing a universal secure architecture Rules of engagement: Legitimate use of the Dark Internet and Deep Web Security economics modeller Balancing technical security controls with human factors An application to test websites for compliance and award a commensurate trust mark 20

Module Leader/Lecturers Dr Ning Zhang ning.zhang@manchester.ac.uk Dr Daniel Dresner Minst.ISP daniel.dresner@manchester.ac.uk Dr Richard Banach banach@manchester.ac.uk 21

22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information