TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

1

An Overview of IE 4382/5382 Cybersecurity for Information Systems

Susan D. Urban, Ph.DDepartment of Industrial EngineeringTexas Tech UniversityLubbock, Texassusan.urban@ttu.edu

This research was supported by the National Science Foundation (Grant No.1241735). Opinions, findings, and conclusions/recommendations are those of the authors and do not necessarily reflect the views of the NSF.

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

2

Cybersecurity for Information Systems

A core course in the Cybersecurity for Critical Infrastructure certificate program

Covers a wide breadth of practices for assuring information systems security

Fundamentals of Information Systems Security, by D. Kim and M. Solomon, Jones & Bartlett, Information Systems Security & Assurance Series, 2014. Covers the seven domains of the International

Information Systems Security Certification Consortium (ISC)2

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

3

Seven Domains of an IT Infrastructure

From Fundamentals of Information Systems Security, D. Kim and E. Solomon, 2nd Edition, Jones and Bartlett, 2014.

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

4

Topics Covered

Access Controls

Security Operations and Administration

Auditing, Testing, and Monitoring

Risk, Response, and Recovery

Cryptography

Networks and Telecommunications

Malicious Code and Activity

IS Standards, Education, Certifications, and Laws

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

5

Additional Topics Covered

Case Studies TJX Case, Maroochy Water Breach, Stuxnet, Other high-profile

cases, Current events

Biometrics

Legal Issues Freedom of Information Act, Einstein NIS, US Patriot Act,

Computer Fraud and Abuse Act

Compliance Laws Federal Information Systems Management Act, Gramm-Leach –

Bliley Act, Sarbannes-Oxley Act, Family Educational Rights and Privacy Act

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

6

Virtual Security Cloud Lab

Hands-on lab in a cloud computing environment using cutting edge technology

Students can test their skills with realistic security scenarios that they will encounter in their careers

The mock IT infrastructure was designed to mimic a real-world IT infrastructure consisting of the seven domains of a typical IT infrastructure

Each lab provides learning objectives, step-by-step instructions, evaluation criteria, and lab assessment questions

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

7

VSCL Mock IT Infrastructure

From Fundamentals of Information Systems Security, D. Kim and E. Solomon, 2nd Edition, Jones and Bartlett, 2014.5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

8

VSCL Lab Topics

Performing Reconnaissance and Probing Using Common Tools

Performing a Vulnerability Assessment

Enabling Windows Active Directory and User Access Controls

Using Group Policy Objects and MS Baseline Security Analyzer for Change Control

Performing Packet Capture and Traffic Analysis

Implementing a Business Continuity Plan5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

9

VSCL Topics

Using Encryption to Enhance Confidentiality and Integrity

Performing a Website and Database Attack by Exploiting Identified Vulnerabilities

Eliminating Threats with a Layered Security Approach

Implementing an Information Systems Security Policy

https://www.youtube.com/watch?v=vH6agAr2WKg

5/1/15

TTU Faculty Workshop on Cybersecurity for Critical Infrastructure

10

Assessment Activities

Exams

Virtual Cloud Labs Lab deliverables and assessment worksheets Students present lab deliverables and assessment

In-class, team-led discussions of case studies and related topics

Information systems security policy project

Graduate research papers and presentations

5/1/15