Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)

Who is Impacted by Cyber Attacks? Source: / /

Computer Science and Engineering 3 Ashley Madison adultery site hack: will I be found out? TheGuardian,

What can we do? Computer Science and Engineering 4

5 Information Assurance Program At USC

Computer Science and Engineering 6 Center for Information Assurance Engineering Mission P ROMOTE INFORMATION SECURITY AWARENESS O FFER HIGH QUALITY EDUCATION AND RESEARCH F OSTER COLLABORATION BETWEEN ACADEMIA, INDUSTRY AND GOVERNMENT

Computer Science and Engineering 7 IA&S Graduate Certificate ProgramIA&S Graduate Certificate Program NEW: Cyber Security Studies CS2NEW: Cyber Security Studies CS2 Approved for 2016 FallApproved for 2016 Fall Meeting National IA Training StandardsMeeting National IA Training Standards National Center of Academic Excellence in Information Assurance Education and ResearchNational Center of Academic Excellence in Information Assurance Education and Research IA Education

MS in Information Security Waiting CHE and SACS approval Core courses (9 credits): Introduce foundational knowledge of current information security theory and practice. –CSCE 522 – Information Systems Security Principles (3 credit hours) –CSCE 548 – Building Secure Software (3 credit hours) –CSCE 715 – Network Systems Security (3 credit hours) Computer Science and Engineering 8

MSIS Elective Courses –CSCE 517 – Computer Crime and Forensics (3 credit hours) –CSCE 557 – Introduction to Cryptography (3 credit hours) –CSCE 719 – Security and Privacy for Wireless Networks (3 credit hours) –CSCE 727 – Information Warfare (3 credits) –CSCE 747 – Software Testing and Quality Assurance (3 credits) –CSCE 813 – Internet Security (3 credit hours) –CSCE 824 – Secure Databases (3 credit hours) –CSCE 846 – Software Reliability and Safety (3 credits) Computer Science and Engineering 9

What is Cyber Security? Highly Technical People, processes, and technology Legislation and Regulation Risk management

Understanding Cyber Security Risk dreamsmademe.wordpress.com Cyber Security Threats Mobile Malware Virtual currencies Stealth attacks by state actors Social attack New PC and server attacks Cloud-based attacks Source: McAfee Labs 2014 Treats Predictions

Business Policy Decision Communication between technical and administrative employees Internal vs. external resources Legal and regulatory requirements Developing security capabilities Risk Assessment Cost Security level 0 %100% Optimal level of security at a minimum cost Security Investment Cost of Breaches

Workforce Education Certification Government initiatives

National Center of Academic Excellence in Information Assurance Education

Computer Science and Engineering 15 Courses and Faculty Courses CSCE 201 – Introduction to Security CSCE 517 – Computer Crime and Forensics CSCE 522 – Information Security Principles CSCE 557 – Introduction to Cryptography CSCE 548 – Secure Software Construction CSCE 590 – Penetration Testing Faculty  Caroline Eastman  Csilla Farkas  Chin-Tser Huang  Ronni Wilkinson  Wenyuan Xu

Undergraduate-Level IA Specialization Majors: CS, CE, CIS + any other USC major –need necessary prerequisites for CSCE 522 Courses to take: –CSCE 522 – Information Security Principles –1 additional IA course –1 additional course with IA component Computer Science and Engineering 16

Computer Science and Engineering 17 Graduate-Level IA Specialization Majors: CS, CE, CIS, MS, ME, PhD Courses to take: –CSCE 522 – Information Security Principles –2 additional IA courses or MS Thesis in IA

Computer Science and Engineering 18 IA&S Certificate Graduate Program Admission Requirements Baccalaureate degree in computer science, computer engineering, or a related field Admission requirements for graduate study at the Department of Computer Science and Engineering Meets Industry Certification Security + CISSP

Proposed Cyber Security Studies Graduate Certificate Core Courses: –CSCE 522 – Information Systems Security Principles (3 credit hours) –CSCE 715– Network Security (3 credit hours) Elective Courses (6 credits of the following) –CSCE 517 – Computer Crime and Forensics (3 credit hours) –CSCE 557 – Introduction to Cryptography (3 credit hours) –CSCE 548 – Secure Software Construction (3 credit hours) –CSCE 727 – Information Warfare (3 credit hours) –CSCE 813 – Internet Security (3 credit hours) –CSCE Distributed Systems Security (3 credits) –CSCE 824 – Secure Databases (3 credit hours) –CSCE 798 – Directed Study and Research (max. 3 credit hours) Computer Science and Engineering 19

Computer Science and Engineering 20 Global IA Workforce Trends A Frost & Sullivan Market Survey Sponsored by International Information Systems Security Certification Consortium (ISC) 2® Prepared by Robert Ayoub, CISSP, Global Program Director, Information Security Electronic survey, conducted through a Web- based portal 20

Computer Science and Engineering 21 Demand for IA Workforce Worldwide: –2010: 2.28 million –2015: 4.24 million (projected) –Compound Annual Growth Rate: 13.2% Americas: –2010: 920,845 –2015: 1,785,236 –Compound Annual Growth Rate: 14.2% Information Warfare - Farkas 21

Computer Science and Engineering 22 Salary 2011 Annual salary(ISC) 2® Member/non- member Worldwide: $98,600/$78,500 Americas: $106,900/$92,900 22

Computer Science and Engineering 23 IA Jobs Job market –Civil (Join Information Systems Security Association, ISSA, ) –Government (Internship available at USC-UTS, and SC Dept. of Probation, Parole, and Pardon Services) –Military (Internship available at SPAWAR, Charleston) Education and training requirements (B.S. degree, certification, hands-on experiments) Salary FUN

Computer Science and Engineering 24 IA Research Wenyuan Xu (since 2007) Wireless networking and security, sensor networks, network security and privacy, jamming detection and avoidance Chin-Tser Huang (since 2003) Intrusion detection, wireless security, distributed systems network security, network protocol design and verification Csilla Farkas (since 2000) Web data and application (WS & SOA) security, Access Control Policies, SCADA software reliability, economic and social impact of cyber attacks Application layer Transport layer Internet layer Network Interface

Computer Science and Engineering 25 Contact Information Center for Information Assurance Engineering Department of Computer Science and Engineering