The Science, Engineering, and Business of Cyber Security



Similar documents
The Science, Engineering, and Business of Cyber Security

The Future of Access Control: Attributes, Automation and Adaptation

Cyber Security Research: A Personal Perspective

Cyber Security: What You Need to Know

Cyber Security: Past, Present and Future

Security Models: Past, Present and Future

The Future of Cyber Security

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It?

Foundations Applications Technologies

How To Secure Cloud Computing

Cyber Innovation and Research Consortium

INFRAGARD.ORG. Portland FBI. Unclassified 1

1. Introduction. 2. Background Cloud computing in a nutshell

ELEMENTS OF AN HYPOTHESIS

BM482E Introduction to Computer Security

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Zak Khan Director, Advanced Cyber Defence

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Institute for Cyber Security

Cisco Security Intelligence Operations

Security and Privacy

Security & privacy in the cloud; an easy road?

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Access Control Intro, DAC and MAC. System Security

Integrating basic Access Control Models for efficient security along with encryption for the ERP System

Digital Evidence and Threat Intelligence

Gregg Gerber. Strategic Engagement, Emerging Markets

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Agenda SAP AG or an SAP affiliate company. All rights reserved. 2

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Big 4 Information Security Forum

A Detailed Strategy for Managing Corporation Cyber War Security

White paper. The Big Data Security Gap: Protecting the Hadoop Cluster

PwC Cybersecurity Briefing

Looking at the SANS 20 Critical Security Controls

Access Control of Cloud Service Based on UCON

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Managing Web Security in an Increasingly Challenging Threat Landscape

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

How To Handle A Threat From A Corporate Computer System

White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

Testimony of Eunice Santos. House Oversight and Government Affairs Committee Subcommittee on Information Technology

Human Dimension in Cyber Operations Research and Development Priorities

September 20, 2013 Senior IT Examiner Gene Lilienthal

The Tested and Proven Performance* of Security Grade Chain Link Fencing Systems

Cybersecurity on a Global Scale

Cyber Security Research and Development: A Homeland Security Perspective

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

PCI DSS Overview and Solutions. Anwar McEntee

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

A Systems Engineering Approach to Developing Cyber Security Professionals

The development of Shinawatra University s international graduate program in joint public and business administration (PBA)

Emerging Security Technological Threats

Application of Technology to Create an Integrated, Multidisciplinary Approach to Safe and Secure Ports

ISSECO Syllabus Public Version v1.0

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Cyber Security Solutions:

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Towards Secure Information Sharing Models for Community Cyber Security

Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments

This focus on common themes has led to IFNA s motto of understanding through GLOBAL DIVERSITY, COOPERATION AND COLLABORATION.

2 School of Criminal Justice

Tuesday, August 19th Prevent, Detect, Respond: A Framework for Effective Cyber Defense Dr. Eric Cole, Fellow, SANS Institute

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

THE CHALLENGES OF CYBERSECURITY TRAINING

Palo Alto Networks. September 2014

CYBERSPACE SECURITY CONTINUUM

ATTRIBUTE-BASED ACCESS CONTROL MODELS AND IMPLEMENTATION IN CLOUD INFRASTRUCTURE AS A SERVICE

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Information Technology Risk Management

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Capabilities for Cybersecurity Resilience

SCADA/ICS Security in an.

Some Thoughts on the Future of Cyber-security

A white paper analysis from Orasi Software. Enterprise Security. Attacking the problems of application and mobile security

Research and Analysis on Network Security Modeling

Transcription:

Institute for Cyber Security The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at San Antonio IIT Roorkie, Cognizance 2014 March 21, 2014 ravi.sandhu@utsa.edu, www.profsandhu.com, www.ics.utsa.edu Ravi Sandhu 1

Cyber Security Status MicroSecurity Not too bad About as good as it is going to get Criminals can only defraud so many Big government/big business are real threats MacroSecurity New arena for researchers Highly asymmetric, includes offense, clandestine Dual goals: strong offense, strong defense Cyber should be controllable Nuclear, chemical, biological have been controlled Ravi Sandhu 2

Perennial State of Cyber Security Micro-security Macro-security Ravi Sandhu 3

21 st Century Cyberspace 2010 US Department of Defense epiphanies A new domain akin to land, sea, air and space Have and use offensive cyber weapons Malware penetrations in highly classified networks Consumerization of cyberspace Anytime, Anywhere, Anything BYOD: Bring your own device BYOC: Bring your own cloud Entanglement of cyber-physical-social space Just starting Ravi Sandhu 4

Cyber Security Goal Enable system designers and operators to say: This system is secure Not attainable There is an infinite supply of low-hanging attacks Ravi Sandhu 5

Cyber Security Goal Enable system designers and operators to say: This system is secure Not attainable There is an infinite supply of low-hanging attacks Alternate goal: This system is as secure as possible More secure is always better Not appropriate Ravi Sandhu 6

Cyber Security Goal Enable system designers and operators to say: This system is secure enough Many successful examples Mass scale, rather low assurance ATM network, On-line banking, E-commerce One of a kind, extremely high assurance US President s nuclear football Ravi Sandhu 7

Cyber Security Goal Enable system designers and operators to say: This system is secure enough Many successful examples Mass scale, rather low assurance ATM network, On-line banking, E-commerce One of a kind, extremely high assurance US President s nuclear football Engineering Science Business Ravi Sandhu 8

Cyber Security Ecosystem Science explains the cause of observed phenomenon Science Engineering Distinguishing Characteristics of Cyber/Cyber Security Cyberspace is an entirely man-made domain Evolves rapidly and unpredictably Validation primarily with respect to future systems Business Ravi Sandhu 9

Cyber Security Ecosystem Science explains the cause of observed phenomenon and enables better construction of future systems Science Engineering Distinguishing Characteristics of Cyber/Cyber Security Cyberspace is an entirely man-made domain Evolves rapidly and unpredictably Validation primarily with respect to future systems Business Ravi Sandhu 10

Scientific Method: Natural Sciences Hypothesis Prediction Experimentation Prediction Confirmed Prediction Falsified Hypothesis Law Reject Hypothesis Ravi Sandhu 11

Scientific Method: Natural Sciences Paradigms Hypothesis Prediction Experimentation Prediction Confirmed Prediction Falsified Hypothesis Law Reject Hypothesis Ravi Sandhu 12

Heliocentric versus Geocentric Ravi Sandhu 13

Epicycles Ravi Sandhu 14

Circles versus Ellipses Ravi Sandhu 15

Scientific Method: Cyber Sciences Science explains the cause of observed phenomenon and enables better construction of future systems Paradigms Hypothesis Prediction Experimentation Prediction Confirmed Prediction Falsified Hypothesis Law Reject Hypothesis Ravi Sandhu 16

Science Quadrants Utility H Edison Pasteur Fundamental Understanding L junk Bohr H Donald Stokes, 1997 Pasteur s Quadrant: Basic Science and Technological Innovation L Ravi Sandhu 17

Cyber Science Quadrants Utility H Jobs Cerf-Kahn Fundamental Understanding L junk Turing H L Ravi Sandhu 18

Cyber Security Quadrants Utility H???? Fundamental Understanding L junk?? H L Ravi Sandhu 19

Access Control Decomposition Policy Specification Policy Enforcement Policy Administration Ravi Sandhu 20

Access Control Decomposition Policy Specification Policy Enforcement Policy Reality Policy Administration Ravi Sandhu 21

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC),???? Ravi Sandhu 22

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 RBAC can be configured to do MAC or DAC Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC),???? Ravi Sandhu 23

Access Control Fixed Policy Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Flexible Policy Attribute Based Access Control (ABAC),???? Ravi Sandhu 24

Access Control Human Driven Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Role Based Access Control (RBAC), 1995 Automated Adaptive Attribute Based Access Control (ABAC),???? Ravi Sandhu 25

Access Control Discretionary Access Control (DAC), 1970 Mandatory Access Control (MAC), 1970 Messy or Chaotic? Role Based Access Control (RBAC), 1995 Attribute Based Access Control (ABAC),???? Ravi Sandhu 26

Perennial State of Cyber Security Micro-security Macro-security Ravi Sandhu 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information