Cybersecurity Definitions and Academic Landscape



Similar documents
Cybersecurity: What CFO s Need to Know

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Big Data, Big Risk, Big Rewards. Hussein Syed

Cyber Education triangle clarifying the fog of cyber security through targeted training

Bellevue University Cybersecurity Programs & Courses

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

NICE and Framework Overview

John Essner, CISO Office of Information Technology State of New Jersey

Network Security Administrator

Information Security Basic Concepts

CMS Operational Policy for VPN Access to 3-Zone Admin and Development /Validation Segments

Cybersecurity for the C-Level

Defending Against Data Beaches: Internal Controls for Cybersecurity

Information Security Policy

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

An Overview of Large US Military Cybersecurity Organizations

Supplier Information Security Addendum for GE Restricted Data

Cybersecurity Health Check At A Glance

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends

UNM Information Assurance Scholarship for Service (SFS) Program

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

BM482E Introduction to Computer Security

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Guideline on Auditing and Log Management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURITY CONSIDERATIONS FOR LAW FIRMS

The Protection Mission a constant endeavor

Introduction to NICE Cybersecurity Workforce Framework

Introduction to Cyber Security / Information Security

National Initiative for Cybersecurity Education

INTRODUCTION TO NETWORK SECURITY. Nischit Vaidya, CISSP Instructor

How To Become A Cybersecurity Consultant

Network Security. Instructor: Adam Hahn

Enterprise Risk Management taking on new dimensions

Human Factors in Information Security

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute

Course Content Summary ITN 267 Legal Topics in Network Security (3 Credits)

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

The Information Security Problem

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cybersecurity Education

Principles of Information Assurance Syllabus

Actions and Recommendations (A/R) Summary

HIPAA Security Alert

Security + Certification (ITSY 1076) Syllabus

CESG Certification of Cyber Security Training Courses

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Altius IT Policy Collection Compliance and Standards Matrix

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Security Overview. BlackBerry Corporate Infrastructure

Goal. Vision. CAE 2Y Program Eligibility and Summary

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

LINUX / INFORMATION SECURITY

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA Office: Fax:

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Certified Information Systems Auditor (CISA)

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Release: 1. ICA60308 Advanced Diploma of Information Technology (E-Security)

Certification for Information System Security Professional (CISSP)

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Office of Inspector General

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Achieving PCI-Compliance through Cyberoam

Cybersecurity The role of Internal Audit

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Get Confidence in Mission Security with IV&V Information Assurance

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

DeltaV System Cyber-Security

Reliable, Repeatable, Measurable, Affordable

QUESTIONS & RESPONSES #2

National Initiative for Cyber Security Education

July 12, 2013 Page 1 of 5 BellHawk Systems Corporation

COSC 472 Network Security

VA Office of Inspector General

White Paper: Consensus Audit Guidelines and Symantec RAS

Enterprise Security Architecture Concepts and Practice

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

White Paper. Information Security -- Network Assessment

INCIDENT RESPONSE CHECKLIST

Transcription:

Cybersecurity Definitions and Academic Landscape Balkrishnan Dasarathy, PhD Program Director, Information Assurance Graduate School University of Maryland University College (UMUC) Email: Balakrishnan.Dasarathy@umuc.edu Talk at the NPSMA Workshop Arlington, VA November 13, 2013

Talk Overview Definitions Key Concepts in Information Assurance (IA) / Cybersecurity Drivers in determining the contents of a Cybersecurity Program Cybersecurity education characteristics 2

Definitions Security: In its most basic sense means the protection of assets from harm. Information Security: Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability. Federal Information Security Management Act (FISMA) definition) (H. R. 245848 (2002). Retrieved from: http://csrc.nist.gov/drivers/documents/fismafinal.pdf) Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources NIST (1995). An Introduction to Computer Security: The NIST Handbook, Retrieved from:: http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf 3

Definitions (Contd.) Cybersecurity: The ability to protect or defend the use of cyberspace from cyber attacks. Cyberspace: A global domain consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. NIST (2013). Glossary of Key Information Terms. NISTR 7298, Revision 2, Retrieved from: http://nvlpubs.nist.gov/nistpubs/ir/2013/nist.ir.7298r2.pdf Information Assurance Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems DoD (2007). DoD Directive 8500.01E Subject: Information Assurance. Retrieved from: http://www.dtic.mil/whs/directives/corres/pdf/850001p.pdf IA in practice Emphasizes risk analysis (Is money being spent wisely?) and corporate governance issues such as privacy, regulatory and standards compliance, business continuity and disaster recovery as they relate to information systems 4

Definitions (Contd.) Computer Science: Computer Science is the study of the feasibility, structure, expression, and mechanization of the methodical processes (or algorithms) that underlie the acquisition, representation, processing, storage, communication of, and access to information Boston University. (n.d.). Computer Science Definition. Retrieved from: http://www.cs.bu.edu/aboutcs/whatiscs.pdf Information Assurance Compliance Governance Cybersecurity Computer Science 5

Key Concepts in Cybersecurity Confidentiality CIA Triad of Information Security They often conflict; so trade-offs needed Authenticity and non-repudiation are often added to CI Your security is only as strong as your weakest link or point Risk Analysis There is no infinite budget Mediate completely Least privilege Mutual suspicion Security should be baked in Defense in depth 6

Secure Design Principles Separation of domains (Segmentation) Encapsulation (Minimize attack surfaces) Fail secure Genetic diversity 7

Defense in Depth Practice of layering defenses Not all controls will fail at the same time Use of multiple technologies and tools in the same layer Controls in multiple manner: technology, operations (trained people) and management NSA (n.d.) Defense in Depth. Retrieved from: http://www.nsa.gov/ia/_files/support/defenseindepth.pdf 8

Defense in Depth (with example technologies) Perimeter (Network Layer) Boundary Routers VPN Firewalls Network IDS/IPS RADIUS NAC Gateway Anti-Virus Software (Application Layer) Web Service Security Application Proxy Database Security Content Filter Data Encryption Proxy Servers Spam Blocker Input Validation Identity Management Personnel (User Layer) Multiple &Controls Across Multiple LayersTraining Authentication Authorization PKI RBAC Two-Factor Authentication Host IDS/IPS Desktop Anti-Virus Biometrics Clearances Host (Platform Layer) Server Anti-Virus Server Anti-Spyware Patch Management Server Certificates Physical Security Locks Biometrics PIV Credentials/ID Badges CCTV Disaster Recovery/COOP Guards RFID 9

Drivers for IA/Cybersecurity Program Content NSA/DHS Center for Academic Excellence (CAE) in Information Assurance/Cyber Defense Education Core and Optional Knowledge Units Many institutions now preparing for re-designation / designation National Cybersecurity Workforce Framework developed by the National Initiative for Cybersecurity Education (NICE) KSA (Knowledge, Skill and Ability) KSAs provide a basis for competency-based education 10

CAE IA-CD Knowledge Units National Security Agency (2013). National Center of Academic Excellence. Retrieved from: http://www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml Core Knowledge Units(KUs) 2 Year Core IA Fundamentals (Cyber defense, cyber threats, crypto) Security Design Principles Scripting., System Admin Law, Ethics and compliance Four year Includes 2 year core Programming, OS, DBMS, and Networks (Solid Computer Science background) Optional Knowledge Units Specialties (e.g., Forensics, Software Assurance) 11

National Cybersecurity Workforce Framework Categories Securely Provision Operate and Maintain Oversight and Development Course Replacement Framework Categories Protect and Analyze Defend Collect and Operate Investigate 12

Cybersecurity Workforce Framework KSAs Department of Homeland Security (n.d.). National Cybersecurity Workforce Framework: Knowledge, Skills and Abilities. Retrieved from: http://niccs.uscert.gov/training/tc/framework/ksas) Organized hierarchically (Top Level: Category, Middle Level: Area, Low Level: KSA) e.g., Category: Securely Provision Area: Technology R&D KSAs: Ability to apply network programming toward client/server models; knowledge of telecommunication concepts; Skill in applying and incorporating IT technologies into proposed solutions 13

Characteristics of Good IA/Cybersecurity Programs Characteristic Highlights Holistic databases, OS, networks, testing and V&V, law, privacy, risk analysis, cryptography Interdisciplinary IT, telecom; law, policy, digital crime investigation Diverse Offerings PhDs, Masters, Bachelors and Certificates in IA, Cybersecurity, Policy, Forensics and Homeland Security, etc. Hands-on Strong lab components Business Focus PSM, Industry scholarships Research Orientation Research at all offerings Global Global collaboration and perspectives and common language David Jarvis (April 2013). Cybersecurity education for the next generation. IBM Center for Applied Insights, Retrieved from: http://www.slideshare.net/dajarvis/cybersecurity-edu-forthenextgenexecdeck042513final 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information