Information Security in the undergraduate curriculum



Similar documents
The UK cyber security strategy: Landscape review. Cross-government

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

TLP WHITE. Denial of service attacks: what you need to know

CYBER SECURITY TRAINING SAFE AND SECURE

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

CYBER STREETWISE. Open for Business

HMG Security Policy Framework

All Rights Reserved Index No. SCHOOL OF ACCOUNTING AND BUSINESS BSc. (APPLIED ACCOUNTING) GENERAL / SPECIAL DEGREE PROGRAMME

CYBER-ATTACKS THE GLOBAL RESPONSE

How small and medium-sized enterprises can formulate an information security management system

Addressing Cyber Risk Building robust cyber governance

State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. 1/11

Cyber/ Network Security. FINEX Global

Cyber Security Strategy

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley

EDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Corporate Security in 2016.

How a Cloud Service Provider Can Offer Adequate Security to its Customers

Crime and Policing newsletter: March 2013

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate

AN ANALYSIS OF THE CURRICULUM COMPONENTS OF COMPUTER FORENSICS UNDERGRADUATE COURSES IN THE UNITED KINGDOM

ESKISP Conduct security testing, under supervision

The 7 Disaster Planning Essentials

Information Security Group Active-client based identity management

A Guide to the Cyber Essentials Scheme

Secure by design: taking a strategic approach to cybersecurity

Helping the police to support people with vulnerabilities

Cyber R &D Research Roundtable

ESKISP Assist security testing, under supervision

CYBERSECURITY RESEARCH AND INNOVATION FOR A MORE SECURE BRITAIN CYBERSECURITY ISSUE 2.0

ISO Information Security Management Services (Lot 4)

Mitigating and managing cyber risk: ten issues to consider

CYBER RISK SECURITY, NETWORK & PRIVACY

Internet security: Shutting the doors to keep hackers off your network

Higher Education Commission Postgraduate Education Inquiry. Response from the Council for the Mathematical Sciences

How To Protect Your Business From A Cyber Attack

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

Introduction to Cyber Security

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

CYBER SECURITY STRATEGY AN OVERVIEW

LETTER TO BROKERS. Today we are launching Reputation Risk Solutions Limited:

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Technology Crime Services

Cyber security in an organization-transcending way

IT and Cyber Security Training Courses

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Who s next after TalkTalk?

SMALL BUSINESS REPUTATION & THE CYBER RISK

Information Security Summit 2005

City Technology Platform Technical Architecture Context

Nokia Networks. security you can rely on

The Danish Cyber and Information Security Strategy

New challenges in Data privacy.

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Recognize Nefarious Cyber Activity and Catch Those Responsible with IBM InfoSphere Entity Analytic Solutions

Cyber Security Management

CYBER LIABILITY RISKS SEMINAR Programme overview. THURSDAY 1 OCTOBER am 1.00pm Green Park Conference Centre, Reading

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

IT courses For Senior Managers

Cybersecurity in the Commonwealth: Setting the Stage

ESKISP Direct security testing

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Addressing threats to real-world identity management systems

Professional Certificate in Operational Risk Management (including Conduct Risk) 2015/2016

RUAG Cyber Security. More security for your data

Hope for the best, prepare for the worst:

THE STRATEGIC POLICING REQUIREMENT. July 2012

Research Topics in the National Cyber Security Research Agenda

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Committees Date: Subject: Public Report of: For Information Summary

Cyber security trends & strategy for business (digital?)

AISA NATIONAL CONFERENCE 2015 TRUST IN INFORMATION SECURITY. 14 October 2015 OPENING ADDRESS LYNWEN CONNICK

About the Survey Respondents

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

The Influence of Software Vulnerabilities on Business Risks 1

ALASTAIR CLARK EXECUTIVE DIRECTOR, BANK OF ENGLAND

Report on District Nurse Education in England, Wales and Northern Ireland 2012/13

What legal aspects are needed to address specific ICT related issues?

things you haven t done to protect your business from cybercrime

REPORT. Next steps in cyber security

MANAGING DIGITAL RISKS IN THE RETAIL WORLD

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security in the University of Oxford: Collaborating without Conforming?

Certificate in Cyber Security

IT Outsourcing. Third Time Lucky? Winter 2014/15 INSIGHTS

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Teaching in Secondary Schools. Department of Education and Children. Rheynn Ynsee as Paitchyn

Standardising privacy and security for the cloud

IT Security Management 100 Success Secrets

Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined?

Transcription:

Information Security in the undergraduate curriculum Chris Mitchell Royal Holloway, University of London www.isg.rhul.ac.uk/~cjm 1

Background I Some years ago, computer hacking was mainly done for fun. Today, organised crime is driving serious attacks on corporate and end user systems; a huge variety of malicious software and attack techniques now available. Systems many of us rely on in our daily lives are under constant attack by malicious criminal gangs. 2

Background II IT industry has recognised the paramount importance of restoring trust and security to today s computing environments. E.g., in 2003, Microsoft formed the Trustworthy Computing Academic Advisory Board, to advise on security, privacy and reliability issues RHUL is unique amongst UK universities in being represented on this board. 3

Background III Huge risks to personal and corporate data have also been recognised by the UK government. Aug 2007: House of Lords (UK Government) Science and Technology Committee Report on Personal Internet Security points out: The Internet is now increasingly the playground of criminals. Where a decade ago the public perception of the e-criminal was of a lonely hacker searching for attention, today s bad guys belong to organised crime groups, are highly skilful, specialised, and focused on profit. 4

Background IV 2008 White Paper on Secure Software Development, published by UK Government s Technology Strategy Board-supported Cyber Security Knowledge Transfer Network, states: It is evident that many of the [IT security] problems [that] we [have] encountered would have been mitigated and sometimes removed completely if the software on ICT systems had been developed with fewer software flaws and better security design. This is a neglected area in the UK in that there are some very good examples of best practice but these are few and desperately need to be shared so all can benefit. 5

Background V In June 2009, the Prime Minister presented to Parliament a Cyber Security Strategy for the United Kingdom. Key theme of which is to improve knowledge and capabilities in the area. 6

Masters-level education I All organisations are now being forced to take security and privacy threats seriously. Yet these efforts have been hampered by serious shortages of suitable staff. To date, the role of universities in addressing this pressing need has primarily been in underlying research and delivering masters courses aimed at developing information security experts. 7

Masters-level education II Such specialists are, of course, essential, and these courses play a vital role in providing staff for information security departments of companies and government departments worldwide. Royal Holloway continues to play its part, with its Information Security masters programme which, when launched in 1992, was the first programme of its kind. 8

New directions I However, it is becoming clear that educating a small core of security specialists is not enough. All IT staff need to be aware of the huge security risks arising from everyday decisions, including when writing software, procuring and configuring products, or integrating complex IT systems. 9

New directions II A huge proportion of threats to our information processing infrastructure arises from vulnerabilities introduced into software through programming or configuration shortcomings. So undergraduate computing education must play a key role. 10

BSc Computer Science (Information Security) At Royal Holloway we have taken on this challenge by introducing a ground-breaking undergraduate programme in Computer Science (started in 2007). This degree programme is designed to help address the urgent need for greater security awareness Huge opportunities exist for security-literate software developers, system administrators, and IT managers. 11

Content I One key element of this new degree programme is a course on secure software, the development of which was funded by Microsoft, reflecting their belief in the importance of this topic. The first cohort of students from this programme will graduate in 2010, and will enter a job market where there is an evergrowing need for security-aware staff. 12

Content II Students in the programme take a standard Computer Science first year. The 2nd year is 75% standard Computer Science and 25% Information Security, including: a general introduction to all Information Security topics; and a group software development project on a security-related subject. 13

Content III The 3rd and final undergraduate year is 50% Computer Science and 50% Information Security. Topics include: software security; trusted computing; a major individual project on a security topic. 14

The future We can expect to see rapid growth in degree programmes offering a more substantial security component. For the moment, the numbers of graduates with a high degree of securityawareness is small, and the prospects for such graduates seem rosy indeed. 15

Questions? Please contact me at: c.mitchell@rhul.ac.uk 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information