Course Overview:
Depending on the definition of a cyber attack, estimates for the total number of cyber attacks in the US during 2015 range from as low as a few thousand to over 77,000. Regardless of the definition of a cyber attack, cyber events inundate organizations today, requiring them to identify and respond to events that target their cyberspace operations.
This course presents real-world examples of cyber threats and events to enable students to understand how to apply multi-discipline knowledge to identify and respond to these cyber events, and to develop systems that can continue to function correctly despite the event. Cyber events that are prevalent in the news today provide insight into many of the gaps in today's approaches to engineering cyber security into our systems and infrastructure. For example, the 2015 Anthem breach highlights the lack of following best practices for data encryption; Stuxnet highlights issues with security of ICS; and, multiple breaches, including State of Arizona voter database and the breach of U.S. Federal Government personnel databases, highlight the need to follow best practices for data security.
Systems engineers must prioritize security controls to address the cyber risks of a holistic system. The use-case-based approach of this course provides students the applied knowledge needed to understand cyber security processes, adversary, environment, security controls, and frameworks needed to implement cyber security holistically.
Course Outline:
Introduction to Cyber Security o Cyber risk, threats, events, and attacks
o Understanding the cyber adversary
o Understanding the cyber environment
o Cyber attack kill chain
Computer security frameworks
Introduction to Cryptography
Securing computer systems o Networks (and Web)
o Operating System
o Data
Securing ICS
Securing Workstations
Human factors and cyber security o Safe internet usage
o Adversary inside
Cyber event monitoring, detection, and identification o Auditing Analysis
o Deception
o Cyber Attack Taxonomies and Models
Response and recovery o Ethics
o Communications
o Forensics
o Recovery of systems
o Intellectual property
Cyber security program management o Risk Management § Risk Acceptance
§ Risk Avoidance
§ Risk Mitigation
§ Risk Transfer
o Compliance and legal § Privacy
§ Health information (HIPAA and Hitech)
§ Financial
Developing a cyber security program
Key Learning Objectives:
Understand key cyber security concepts, such as cyber attack, cyber event, and cyber risk
Apply common computer security frameworks to address cyber security gaps
Apply cryptography to secure computer systems, and protect data at rest and in transit
Identify and implement appropriate security controls based on cyber environment, cyber threat, and the cyber adversary
Clean corrupted systems and restore system capabilities following a successful cyber attack
Use the Internet safely and apply safe usage rules for others to do the same
Apply forensic concepts in evidence collection and reporting required to respond to cyber attacks
Secure networks using firewalls, intrusion detection and prevention systems, and other network monitoring / management controls
Understand principles of web security
Analyze and respond to cyber events
Understand key concepts in cyber law, intellectual property and cyber crimes
Manage cyber risks
Develop a cyber security program