Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRUST 2 nd Year Site Visit, March 19 th, 2007 Developing an Industry Supported Computer Security Curriculum Kristen Gates, UC Berkeley Maryanne McCormick,

Published byRalf Ross Modified over 9 years ago

Similar presentations

Presentation on theme: "TRUST 2 nd Year Site Visit, March 19 th, 2007 Developing an Industry Supported Computer Security Curriculum Kristen Gates, UC Berkeley Maryanne McCormick,"— Presentation transcript:

1 TRUST 2 nd Year Site Visit, March 19 th, 2007 Developing an Industry Supported Computer Security Curriculum Kristen Gates, UC Berkeley Maryanne McCormick, UC Berkeley Sigurd Meldal, SJSU John Mitchell, Stanford Robert Rodriguez

2 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell2 Starting point for initiative March 13, 2006 ITTC Panel – Mary Ann Davidson, CSO, Oracle – Mark Connelly, CISO, Sun Microsystems – Abe Smith, CSO, Xilinx – Pat Faith, Visa A challenging comment (as I heard it) – The big problem in computer security is that universities don’t teach students anything about computer security. There’s no reason we should have to hire programmers who don’t know what a buffer overflow is. What should we do about this?

3 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell3 Background National Security Agency (NSA) – National Centers of Academic Excellence in Information Assurance Education (CAEIAE) Association for Computing Machinery – Security as part of existing courses (CS) Network Security – 3 hours in networking course Operating system security – 2 hours OS course Cryptography – algorithms course elective Many fine efforts to develop valuable courses

4 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell4 Our Goals Provide students with – Specific and realistic IT security information – Success in their careers, service to industry Curriculum backed by industry leaders – Set of topics – Specific objectives and examples for each topic Materials to support and accelerate adoption – Sample teaching material – Case studies – Webinars Impact beyond top 10 research universities

5 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell5 TRUST team includes … Maryanne McCormick, Nick Bambos, Anupam Datta, Ann Miura-Ko, Deirdre Mulligan Robert Rodriguez Sigurd Meldal San Jose State John Mitchell Stanford Kristen Gates UC Berkeley TRUST

6 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell6 Process Convene industry/academia group – Draw on USSS, ITTC, CSO community – Meet: Sept 26, Nov 13, Dec 13, Feb 12, Mar 15 – Consensus Identify 8 topic areas – Divide and conquer Each area module assembled by two leaders Public presentation: IEEE FIE Panel, Oct 29 Outcome – Curriculum modules – Internship/summer school – Speaker series and video archive

7 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell7 Industrial contributors include … – Sanjay BahlTata Consultancy Services – Ken Baylor McAfee -> Symantec – James BeesonGeneral Electric Commercial Finance – Jeffrey CamielJefferson Wells – Mark ConnellySun Microsystems – Dave CullinaneWashington Mutual Bank -> eBay CISO – Mary Ann DavidsonOracle – Liz GlasserCSIA – Jason Hoffman Greater Bay Bank – Paul KurtzCSIA – Dennis Kushner Deliotte & Touche – Paul KurtzCSIA – Kemi MacaulayXilinx – Andrew NeilsonSilicon Valley Bank – Sherry RyanHP – Abe Smith Xilinx – George SullivanVP Global IT Security, Visa International – Johan (Hans) van TilburgVisa – Robert WeaverING – Robert Rodriguez Former USSS

8 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell8 Sample module Security Management (Jason Hoffman, James Beeson) Minimum core coverage time:.. hours Topics: – Security governance – Privacy – Roles & responsibilities – Security education & awareness – Policies & standards – Security strategy – Risk management – Security monitoring & reporting – Incident response & forensics – Security safeguards & controls Core learning outcomes: – … Elective learning outcomes: – …

9 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell9 Sample module Core learning outcomes: – Explain and give examples of security governance in a typical organization and list the components of an information security program. – Explain the importance of privacy and how protection of data is critical to the success of the organization, and describe business and user obligations and expectations. – List and describe the various security roles and responsibilities at different levels within the organization and explain options for the reporting structure. – Describe the relationship between the security organization and other business functions. – Describe the different types of security awareness, education, training approaches and tactics essential for every organization and explain how to establish awareness of individual behaviors and how they affect security. – Describe the differences among security policies, standards, and guidelines and how they are related to relevant regulatory requirements and privacy legislation. – …

10 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell10 Sample module Core learning outcomes: – … – Describe components of security strategy including layered security, how it should be integrated into IT strategy and organization’s business strategy. – Identify components of security risk management framework and explain how it helps organizations identify and manage security risk. – Explain why monitoring and reporting is important in measuring the effectiveness of an information security program and describe various types of reporting such as operational metrics versus senior management dashboards. – Describe process for managing a security incident and explain how forensics assists organizations during investigations. – List examples of security safeguards and controls in place that provide confidentiality, integrity and availability of information and are based on defense in depth. – Identify due diligence needed to assess security of an organization’s outsourced service provider and describe the different types of 3rd parties (i.e. vendors, customers, ASP’s, etc…) – Identify common approaches to selling security to senior management and understand the basics of ROSI (Return on Security Investment) and other payback strategies.

11 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell11 Sample module Elective learning outcomes: – Complete a security risk assessment on a local organization if possible. – Design a security awareness program for an organization. – Conduct a presentation to senior leadership on the importance of information protection. – Design a forensics program. – Create an incident response process (with storyboard examples).

12 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell12 Course Modules Security Architecture Security Management Host and OS Security Application Security Network Security Secure Software Engineering Risk Management Policy and Legal Compliance Convergence of physical and information security

13 TRUST 2 nd Year Site Visit, March 19 th, 2007"Security Curriculum", J. Mitchell13 Process Convene industry/academia group – Draw on USSS, ITTC, CSO community – Meet: Sept 26, Nov 13, Dec 13, Feb 12, Mar 15 – Consensus Identify 8 topic areas – Divide and conquer Each area module assembled by two leaders Public presentation: IEEE FIE Panel, Oct 29 Outcome – Curriculum modules – Internship/summer school – Speaker series and video archive

Download ppt "TRUST 2 nd Year Site Visit, March 19 th, 2007 Developing an Industry Supported Computer Security Curriculum Kristen Gates, UC Berkeley Maryanne McCormick,"

Similar presentations

Work Based Learning Codes of practice and beyond.

Work Based Learning Codes of practice and beyond.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
1 Improving School Leadership - Guidelines for Country Background Reports - Education and Training Policy Division Directorate of Education.

1 Improving School Leadership - Guidelines for Country Background Reports - Education and Training Policy Division Directorate of Education.
© 2011 IBM Corporation Improving Reliability and Making Things Cheaper to Run Tuesday 20th September James Linsell-Fraser, Senior Architect & Client Technical.

© 2011 IBM Corporation Improving Reliability and Making Things Cheaper to Run Tuesday 20th September James Linsell-Fraser, Senior Architect & Client Technical.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Moving from Analysis to Design

Moving from Analysis to Design
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
School of Business University of Bridgeport Admissions Presentation Robert Gilmore, Ph.D. Associate Dean School of Business.

School of Business University of Bridgeport Admissions Presentation Robert Gilmore, Ph.D. Associate Dean School of Business.
© Dr. C.Hicks, MMM Engineering, Newcastle University IEE/1 Delivery and assessment issues involved in very large group teaching Dr. Christian Hicks MMM.

© Dr. C.Hicks, MMM Engineering, Newcastle University IEE/1 Delivery and assessment issues involved in very large group teaching Dr. Christian Hicks MMM.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
3rd Party Risk Categorization Process

3rd Party Risk Categorization Process
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.
SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Similar presentations

Ads by Google