an overview of ie 4382/5382 cybersecurity for information systems susan d. urban, ph.d department of...
TRANSCRIPT
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
1
An Overview of IE 4382/5382 Cybersecurity for Information Systems
Susan D. Urban, Ph.DDepartment of Industrial EngineeringTexas Tech UniversityLubbock, [email protected]
This research was supported by the National Science Foundation (Grant No.1241735). Opinions, findings, and conclusions/recommendations are those of the authors and do not necessarily reflect the views of the NSF.
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
2
Cybersecurity for Information Systems
A core course in the Cybersecurity for Critical Infrastructure certificate program
Covers a wide breadth of practices for assuring information systems security
Fundamentals of Information Systems Security, by D. Kim and M. Solomon, Jones & Bartlett, Information Systems Security & Assurance Series, 2014. Covers the seven domains of the International
Information Systems Security Certification Consortium (ISC)2
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
3
Seven Domains of an IT Infrastructure
From Fundamentals of Information Systems Security, D. Kim and E. Solomon, 2nd Edition, Jones and Bartlett, 2014.
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
4
Topics Covered
Access Controls
Security Operations and Administration
Auditing, Testing, and Monitoring
Risk, Response, and Recovery
Cryptography
Networks and Telecommunications
Malicious Code and Activity
IS Standards, Education, Certifications, and Laws
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5
Additional Topics Covered
Case Studies TJX Case, Maroochy Water Breach, Stuxnet, Other high-profile
cases, Current events
Biometrics
Legal Issues Freedom of Information Act, Einstein NIS, US Patriot Act,
Computer Fraud and Abuse Act
Compliance Laws Federal Information Systems Management Act, Gramm-Leach –
Bliley Act, Sarbannes-Oxley Act, Family Educational Rights and Privacy Act
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
6
Virtual Security Cloud Lab
Hands-on lab in a cloud computing environment using cutting edge technology
Students can test their skills with realistic security scenarios that they will encounter in their careers
The mock IT infrastructure was designed to mimic a real-world IT infrastructure consisting of the seven domains of a typical IT infrastructure
Each lab provides learning objectives, step-by-step instructions, evaluation criteria, and lab assessment questions
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
7
VSCL Mock IT Infrastructure
From Fundamentals of Information Systems Security, D. Kim and E. Solomon, 2nd Edition, Jones and Bartlett, 2014.5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
8
VSCL Lab Topics
Performing Reconnaissance and Probing Using Common Tools
Performing a Vulnerability Assessment
Enabling Windows Active Directory and User Access Controls
Using Group Policy Objects and MS Baseline Security Analyzer for Change Control
Performing Packet Capture and Traffic Analysis
Implementing a Business Continuity Plan5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
9
VSCL Topics
Using Encryption to Enhance Confidentiality and Integrity
Performing a Website and Database Attack by Exploiting Identified Vulnerabilities
Eliminating Threats with a Layered Security Approach
Implementing an Information Systems Security Policy
https://www.youtube.com/watch?v=vH6agAr2WKg
5/1/15
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
10
Assessment Activities
Exams
Virtual Cloud Labs Lab deliverables and assessment worksheets Students present lab deliverables and assessment
In-class, team-led discussions of case studies and related topics
Information systems security policy project
Graduate research papers and presentations
5/1/15