Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham Cyber Security Lecture for June 25, 2010 Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Outline What is Cyber Security? What is C. I. A.? Ten Major Modules of Cyber Security Topics for June 25, 2010 Introduction to Cyber Security Information Security and Risk Management
Cyber Security Security traditionally has been about CIA (Confidentiality, Integrity, Availability) Security now also includes areas like Trustworthiness, Quality, Privacy Dependability includes Security, Reliability and Fault Tolerance Initially the term used was Computer Security (Compusec); it then evolved into Infosec – Information security – to include data and networks – now with web its called Cyber Security
C. I.A. Confidentiality: Preventing from unauthorized disclosure Integrity: Preventing from unauthorized modification Availability: Preventing denial of service
Ten Major Modules of Cyber Security Information Security and Risk Management Access Control Security Architecture and Design Physical and Environmental Security Telecommunications Security Cryptography Business Continuity Planning Legal Regulations, Compliance and Investigations Applications Security Operations Security
Information Security and Risk Management Security Management Security Administration Organizational Security Model Information Risk Management Risk Analysis Policies, Standards, Guidelines, Procedures Information Classification Layers of Responsibility Security Awareness Training
Access Control Security Principles Identification, Authentication, Authorization, Accountability Access Control Models Access Control techniques Access Control Administration Access Control Methods Access Control Types Accountability Access Control practices Access Control Monitoring Threats to Access Control
Security Architecture and Design Computer Architecture Systems Architecture Security Models Security Modes of Operation Systems Evaluation Methods Open vs. Closed Systems Enterprise Architecture Security Threats
Physical and Environmental Security What is Physical Security Planning Process Protecting assets Internal Support Systems Perimeter Security Other aspects
Telecommunications and Network Security Open Systems Interconnection Reference Model TCP/IP Types of Transmission LAN Networking Routing Protocols Networking Devices Networking services and protocols Intranets and Extranets Metropolitan Area networks Remote access Wireless technologies Rootkits
Cryptography History, Definitions and Concepts Types of Ciphers Methods of Encryption Type of Asymmetric Systems Message Integrity PKI Key Management Link / End-to-end Encryption Email standards Internet security Attacks
Legal Regulation and Compliance Investigation Cyber law and Cyber crime Intellectual property law Privacy Liability and Ramifications Digital Forensics and Investigations Ethics
Applications Security Software and applications security issues Database Security Secu4e systems development Application development and security Object-oriented systems and security Distributed computing and security Expert systems and security Web security Mobile code Patch management
Operations Security Role of the Operations Department Administrative Management Assurance Levels Configuration management Media Controls Data Leakage Network and Resource Availability Mainframes Email Security Vulnerability testing