Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

CSCE 201 Introduction to Information Security Fall 2010.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Protection of Classified Information & Cyber Security
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Warfare Theory of Information Warfare
Information Warfare an Information Management Perspective JS Vorster & R P van Heerden Research Funding: DST, CSIR DPSS.
The Information Systems Audit Process
Stephen S. Yau CSE , Fall Security Strategies.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
1. 2 Learning Objectives To understand: the elements or stages of the strategic management process the different perspectives on strategy development.
Introduction to Network Defense
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple.
Developing an IS/IT Strategy
1. 2 Learning Objectives To understand: the elements or stages of the strategic management process the different perspectives on strategy development.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Information Systems Security Computer System Life Cycle Security.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #33 Information Warfare November 19, 2007.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Offensive IW Open Sources. CSCE Farkas2 Reading List – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
CSCE 727 Information Warfare
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Information Warfare Playgrounds to Battlegrounds.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters.
PACIFIC RIM SECURITY CONFERENCE CYBERATTACK: A NEW STRATEGIC WEAPON David Elliott February 24, 2010.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
CSCE 522 Secure Software Development Best Practices.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Legitimate Vulnerability Markets By: Jeff Wheeler.
CSCE 201 Open Source Information Privacy. CSCE Farkas2 Reading List Recommended reading: – Open Source Intelligence: Private Sector Capabilities.
CSCE 548 Secure Software Development Security Operations.
CSCE 201 Secure Software Development Best Practices.
Information Warfare Playgrounds to Battlegrounds.
1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.
Threat Prevention and Detection (within Critical Infrastructures) under EU Data Protection Legislation– Purpose Specification and Limitation. Laurens Naudts.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Insider Threat. CSCE Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat.
Fiscal Year 2007 Urban Area Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.
Security Mindset Lesson Introduction Why is cyber security important?
Management Practices Lecture-5 1. Recap Behavioral Management The Hawthorne Studies Theory X and Y Theory X v. Theory Y Theory Z Systems Considerations.
CSCE 727 Awareness and Training Secure System Development and Monitoring.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance.
CSCE 548 Secure Software Development Security Operations
Issues and Protections
Compliance with hardening standards
CSCE 548 Secure Software Development Test 1 Review
COSC 316: Host Computer Security
Cyber defense management
8 Building Blocks of National Cyber Strategies
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
The Broader Picture Laws Governing Hacking and Other Computer Crimes
Final Project Part 1: Paper and Storyboard
Operations Security (OPSEC)
Cybersecurity ATD technical
Presentation transcript:

Information Warfare Summary

Information Security Information Assurance Information Warfare Information Dominance

CSCE Farkas3 Information Warfare Addresses only intentional attacks Information in any form and transmitted over any media Defensive operations: – Protection against attacks – Concerned with non-owned and owned resources Offensive operations: – Exploit vulnerabilities in information resources – Motives, means, opportunities WIN-LOSE NATURE OF OPERATIONS

CSCE Farkas4 Gain-Loss Nature of IW defenseoffense ensure availability prevent availability ensure integrity increase availability decrease availability decrease integrity From: Denning Figure 2.1

CSCE Farkas5 Activities Play: hackers vs. owners Crime: perpetrators vs. victims Individual rights: individuals vs. individuals/organizations/government National security: national level activities – State activities – Terrorism

CSCE Farkas6 Intention of Attackers Defensive IW Difficult to guess – International Conflict in Cyber Space – Schmitt Analysis Determines response and incident handling – NIST guideliness

Offensive Information Warfare

CSCE Farkas8 Win-Lose Activity Alter availability and integrity of resources to benefit the offense Technical Aspect of offensive actions Areas of activities 1.Critical infrastructure attacks 2.Psyops and perception management – soft power 3.Intelligence Domestic intelligence Foreign intelligence - open source and competitive 4.Computer attacks – insiders threat 5. Risk Management

CSCE Farkas9 9 Cyber Terrorism Protection of national infrastructure SCADA systems – Stuxnet Electric grid, finance, etc. Traditional: – Intelligence collection – Psyops and perception management New forms: – Exploitation of computer technologies Internet propaganda via social networking Untraditional targets, e.g., media organizations

CSCE Farkas10CSCE Farkas10 Scope of Intelligence Government – national security – Range from peace time to war time intelligence – Type of government Domestic Intelligence – depends on nature of regime Business corporations – competitive advantage Economics and Intelligence – Government-run economy – Economic well-being of nation Non-traditions Intelligence – Environmental issues

CSCE Farkas11CSCE Farkas11 Intelligence and Information Age Increased amount of digital data – How to collect – How to analyze Technology: dependency on computing technologies – Who is vulnerable? Behavioral and institutional change: information as the key of organizational activities Intelligent Services vs. competing organizations

CSCE Farkas12 Open Source Intelligence Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data Goal: answer specific question in support of some mission Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

CSCE Farkas13 Insider Threat Employees working for an organization –Generally trusted –Easy access to resources –Know how the system works Domains –State and military espionage –Economic espionage –Corporate espionage –Privacy compromises Motivation of offense – Financial gain, ideology, revenge

CSCE Farkas14 Psyops and Perception Management Information operations that aim to affect perception of others Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship –Offensive: denies population access to certain materials –Defensive: protect society from materials that would undermine its culture or governance

CSCE Farkas15 Computer Attacks Passive vs. active attacks Attack phases: –Intelligence gathering –Planning –Attack –Inside the system: Hiding Future attacks Types of attacks

CSCE Farkas16Information Warfare - Farkas16 Risk Management Framework (Business Context) Understand Business Context Identify Business and Technical Risks Synthesize and Rank Risks Define Risk Mitigation Strategy Carry Out Fixes and Validate Measurement and Reporting

Defensive Information Warfare

CSCE Farkas18 Defensive Information Warfare Protect information resources from attacks Preserve the value of resource or recover lost value Security Policy Methods Response

CSCE Farkas19 Vulnerability Monitoring Identify security weaknesses Methods: automated tools, human walk- through, surveillance, audit, background checks Red team: organized group of people attempting to penetrate the security safeguards of the system

CSCE Farkas20 Secure System Development National Computer Security Center (NCSC): Rainbow Series Common Criteria (with Canada and Europe) National Information Assurance Partnership (NIAP) Security Awareness and Training

CSCE Farkas21 Incident Handling Not all incidents can be prevented  Incident handling –Prevention and preparedness –Detection and analysis –Containment and recovery –Post-incident activity Benefits: –Systematic and appropriate response to incidents –Quick response  reduce loss and damage –Strengthen security –Satisfy legal requirements Federal agency requirements

National Level Information Warfare

CSCE Farkas23 National Level Security Domestic –Posse Commitatus (military involvement for counter terrorism) –Information sharing and intelligence oversight International –Jus in Pace (law of peace) –Jus ad Bellum (law of conflict management) –Jus in Bello (law of war)

Next Class Project Evaluations CSCE Farkas24

Proposal Evaluation Each reviewer writes a short evaluation of each proposal based on: – Intellectual merit (Strength, weakness) – Broader impact (Strength, weakness) – General comments – Summary of recommendations Upload reviews via dropbox by noon, April 24 Bring hard copy of your reviews with you to the class CSCE Farkas25

Panel Evaluation Maximum10 minutes per proposal: One of the reviewers briefly describe the proposal Other reviewers compare and debate their evaluation Rest of the class participates in ranking the proposal based on the reviews Create final ranking of the proposal CSCE Farkas26

Schedule April 24: – Evaluate groups 5, 8, 9, 10, 11, 12 April 29: – Evaluate group 1, 2, 3, 4, 6, 7 – Rank all proposals CSCE Farkas27

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.