Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters.

Published byCory Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters."— Presentation transcript:

1 Information Warfare Midterm Overview

2 Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters 1, 2, 3, 4, 5, 7, 13 (access control), 14 (Risk management, Incident handling) – Additional reading materials (next slide) CSCE 727 - Farkas2

3 Additional reading Familiarity with CSCE 522 lecture notes, 2013 Fall, as needed, http://www.cse.sc.edu/~farkas/csce522-2013/lecture.htmhttp://www.cse.sc.edu/~farkas/csce522-2013/lecture.htm Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, 672- 687. (.pdf)Future Internet 2012, 4, 672- 687.pdf Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, http://www.fas.org/irp/eprint/oss980501.htmhttp://www.fas.org/irp/eprint/oss980501.htm NSA revelations hobble pursuit of a comprehensive cyberdefense initiative, Homeland Security News Wire, 08/16, 2013,http://www.homelandsecuritynewswire.com/dr20130816-nsa- revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiativehttp://www.homelandsecuritynewswire.com/dr20130816-nsa- revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiative Expert calls for “surveillance minimization” to restore public trust, Homeland Security News Wire, 01/27/2014, http://www.homelandsecuritynewswire.com/dr20140127-expert- calls-for-surveillance-minimization-to-restore-public-trusthttp://www.homelandsecuritynewswire.com/dr20140127-expert- calls-for-surveillance-minimization-to-restore-public-trust CSCE 727 - Farkas3

4 Additional Reading Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999,http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993 NIST special publications, Incident Handling Updated Guidelines, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf (general understanding only)http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996,http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdfhttp://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdf Information Security Policy - A Development Guide for Large and Small Companies, http://www.sans.org/reading_room/whitepapers/policyissues/information- security-policy-development-guide-large-small-companies_1331 http://www.sans.org/reading_room/whitepapers/policyissues/information- security-policy-development-guide-large-small-companies_1331 CSCE 727 - Farkas4

5 5 Information Security (INFOSEC) Protection of information against intentional or unintentional unauthorized –Disclosure (confidentiality) –Modification (integrity) –Destruction (availability) Concerned mainly with owned resources

6 CSCE 727 - Farkas6 Security Tradeoffs COST Security Functionality Ease of Use

7 CSCE 727 - Farkas7 Information Assurance Information security (prevention) plus –Authenticity and non-repudiation –Detection and reaction capabilities –Additional threats, like perception managements and exploitation of public media Addresses intentional or unintentional threats

8 CSCE 727 - Farkas8 Information Warfare Addresses only intentional attacks Information in any form and transmitted over any media Defensive operations: – Protection against attacks – Concerned with non-owned and owned resources Offensive operations: – Exploit vulnerabilities in information resources – Motives, means, opportunities WIN-LOSE NATURE OF OPERATIONS

9 CSCE 727 - Farkas9 Gain-Loss Nature of IW defenseoffense ensure availability prevent availability ensure integrity increase availability decrease availability decrease integrity From: Denning Figure 2.1

10 CSCE 727 - Farkas10 Activities Play: hackers vs. owners Crime: perpetrators vs. victims Individual rights: individuals vs. individuals/organizations/government National security: national level activities – State activities – Terrorism

11 CSCE 727 - Farkas11 Intention of Attackers Defensive IW Difficult to guess Determines response and incident handling

12 Offensive Information Warfare

13 CSCE 727 - Farkas13 Win-Lose Activity Alter availability and integrity of resources to benefit the offense Old vs. new methods Areas: 1.Open source and competitive intelligence 2.Psyops and perception management 3. Signal intelligence Not yet covered : 1. Insiders threat 2. Computer attacks 3. Malicious software

14 CSCE 727 - Farkas14 1 Open Source Intelligence Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data Goal: answer specific question in support of some mission Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

15 CSCE 727 - Farkas15 1 Privacy and Copyright Piracy –Copyright Infringement Acquisition of protected work without the owner’s permission Human perception: not serious crime Significant loss for marketing/manufacturing/owner –Trademark Infringement Intellectual property disputes Domain name disputes

16 CSCE 727 - Farkas16 2 Psyops and Perception Management Information operations that aim to affect perception of others Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship –Offensive: denies population access to certain materials –Defensive: protect society from materials that would undermine its culture or governance

17 CSCE 727 - Farkas17 4 Signal Intelligence Operations that involves interception and analysis of signals across electromagnetic spectrum Intelligence report, criminal investigations, employee monitoring U.S. Federal wiretap restrictions Foreign intelligence Privacy rights

18 Defensive Information Warfare

19 CSCE 727 - Farkas19 Defensive Information Warfare Protect information resources from attacks Preserve the value of resource or recover lost value Security Policy Methods Response

20 CSCE 727 - Farkas20 Vulnerability Monitoring Identify security weaknesses Methods: automated tools, human walk- through, surveillance, audit, background checks Red team: organized group of people attempting to penetrate the security safeguards of the system

21 CSCE 727 - Farkas21 Incident Handling Not all incidents can be prevented  Incident handling –Prevention and preparedness –Detection and analysis –Containment and recovery –Post-incident activity Benefits: –Systematic and appropriate response to incidents –Quick response  reduce loss and damage –Strengthen security –Satisfy legal requirements Federal agency requirements

22 Sample tests Posted on class website Will be discussed on March 16, Monday CSCE 727 - Farkas22

Download ppt "Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters."

Similar presentations

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
CSCE 201 Introduction to Information Security Fall 2010.

CSCE 201 Introduction to Information Security Fall 2010.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Protection of Classified Information & Cyber Security

Protection of Classified Information & Cyber Security
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Information Warfare Theory of Information Warfare

Information Warfare Theory of Information Warfare
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.

Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Similar presentations

Ads by Google