Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters.

Slides:



Advertisements
Similar presentations
Computer Fraud Chapter 5.
Advertisements

Computer Fraud Chapter 5.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
CSCE 201 Introduction to Information Security Fall 2010.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Protection of Classified Information & Cyber Security
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Information Warfare Theory of Information Warfare
Lecture 1: Overview modified from slides of Lawrie Brown.
Legal, Ethical, and Professional Issues in Information Security
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Information Systems Security Computer System Life Cycle Security.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Presented by: Dr. Munam Ali Shah
Offensive IW Open Sources. CSCE Farkas2 Reading List – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
CSCE 727 Information Warfare
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Information Warfare Playgrounds to Battlegrounds.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
CSCE 522 Secure Software Development Best Practices.
Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
CSCE 201 Open Source Information Privacy. CSCE Farkas2 Reading List Recommended reading: – Open Source Intelligence: Private Sector Capabilities.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Chap1: Is there a Security Problem in Computing?.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
CSCE 548 Secure Software Development Security Operations.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Information Warfare Playgrounds to Battlegrounds.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Security and Ethics Safeguards and Codes of Conduct.
Copyright © 2013 – Curt Hill Computer Security An Overview.
Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
IS3220 Information Technology Infrastructure Security
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance.
CS457 Introduction to Information Security Systems
Issues and Protections
Security Standard: “reasonable security”
BINF 711 Amr El Mougy Sherif Ismail.
NET 311 Information Security
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Cybersecurity Threat Assessment
Chapter # 3 COMPUTER AND INTERNET CRIME
Prevention, Intelligence
THE USA’S NEW POLICY DIRECTIVE ON NATIONAL PREPAREDNESS
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Information Warfare Midterm Overview

Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters 1, 2, 3, 4, 5, 7, 13 (access control), 14 (Risk management, Incident handling) – Additional reading materials (next slide) CSCE Farkas2

Additional reading Familiarity with CSCE 522 lecture notes, 2013 Fall, as needed, Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, (.pdf)Future Internet 2012, 4, pdf Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, NSA revelations hobble pursuit of a comprehensive cyberdefense initiative, Homeland Security News Wire, 08/16, 2013, revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiativehttp:// revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiative Expert calls for “surveillance minimization” to restore public trust, Homeland Security News Wire, 01/27/2014, calls-for-surveillance-minimization-to-restore-public-trusthttp:// calls-for-surveillance-minimization-to-restore-public-trust CSCE Farkas3

Additional Reading Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, NIST special publications, Incident Handling Updated Guidelines, (general understanding only) Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996, Information Security Policy - A Development Guide for Large and Small Companies, security-policy-development-guide-large-small-companies_ security-policy-development-guide-large-small-companies_1331 CSCE Farkas4

5 Information Security (INFOSEC) Protection of information against intentional or unintentional unauthorized –Disclosure (confidentiality) –Modification (integrity) –Destruction (availability) Concerned mainly with owned resources

CSCE Farkas6 Security Tradeoffs COST Security Functionality Ease of Use

CSCE Farkas7 Information Assurance Information security (prevention) plus –Authenticity and non-repudiation –Detection and reaction capabilities –Additional threats, like perception managements and exploitation of public media Addresses intentional or unintentional threats

CSCE Farkas8 Information Warfare Addresses only intentional attacks Information in any form and transmitted over any media Defensive operations: – Protection against attacks – Concerned with non-owned and owned resources Offensive operations: – Exploit vulnerabilities in information resources – Motives, means, opportunities WIN-LOSE NATURE OF OPERATIONS

CSCE Farkas9 Gain-Loss Nature of IW defenseoffense ensure availability prevent availability ensure integrity increase availability decrease availability decrease integrity From: Denning Figure 2.1

CSCE Farkas10 Activities Play: hackers vs. owners Crime: perpetrators vs. victims Individual rights: individuals vs. individuals/organizations/government National security: national level activities – State activities – Terrorism

CSCE Farkas11 Intention of Attackers Defensive IW Difficult to guess Determines response and incident handling

Offensive Information Warfare

CSCE Farkas13 Win-Lose Activity Alter availability and integrity of resources to benefit the offense Old vs. new methods Areas: 1.Open source and competitive intelligence 2.Psyops and perception management 3. Signal intelligence Not yet covered : 1. Insiders threat 2. Computer attacks 3. Malicious software

CSCE Farkas14 1 Open Source Intelligence Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data Goal: answer specific question in support of some mission Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

CSCE Farkas15 1 Privacy and Copyright Piracy –Copyright Infringement Acquisition of protected work without the owner’s permission Human perception: not serious crime Significant loss for marketing/manufacturing/owner –Trademark Infringement Intellectual property disputes Domain name disputes

CSCE Farkas16 2 Psyops and Perception Management Information operations that aim to affect perception of others Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship –Offensive: denies population access to certain materials –Defensive: protect society from materials that would undermine its culture or governance

CSCE Farkas17 4 Signal Intelligence Operations that involves interception and analysis of signals across electromagnetic spectrum Intelligence report, criminal investigations, employee monitoring U.S. Federal wiretap restrictions Foreign intelligence Privacy rights

Defensive Information Warfare

CSCE Farkas19 Defensive Information Warfare Protect information resources from attacks Preserve the value of resource or recover lost value Security Policy Methods Response

CSCE Farkas20 Vulnerability Monitoring Identify security weaknesses Methods: automated tools, human walk- through, surveillance, audit, background checks Red team: organized group of people attempting to penetrate the security safeguards of the system

CSCE Farkas21 Incident Handling Not all incidents can be prevented  Incident handling –Prevention and preparedness –Detection and analysis –Containment and recovery –Post-incident activity Benefits: –Systematic and appropriate response to incidents –Quick response  reduce loss and damage –Strengthen security –Satisfy legal requirements Federal agency requirements

Sample tests Posted on class website Will be discussed on March 16, Monday CSCE Farkas22