CSCE 727 CSCE 727 Information WarfareInformation Warfare
CSCE 727 - Farkas 2
Instructor: Csilla Farkas Class time: M, W 2:50 – 4:05 pm Class Homepage:
http://www.cse.sc.edu/~farkas/csce727-2014/csce727.htm
Office Hours: – M, W 2:00 – 2:30 pm and 4:15 – 5:15 pm or by
appointment
CSCE 727 - Farkas 3
Prerequisite(s) or corequisite(s): CSCE 522 or permission of instructor
Course objectives: Introduction to information warfare principles and technologies. – Defensive information warfare– Offensive information warfare
CSCE 727 - Farkas 4
Basic BibliographyBasic Bibliography Required:
– D. Denning: Information Warfare and Security (Addison Wesley, 1998, ISBN: 0201433036)
– Lecture handouts and references listed for each lecture
Recommended:– Cyber Warfare: Mapping the Cyber
Underworld (O’Reilly Media,2nd edition, 2011, ISBN-10: 1449310044, ISBN-13: 978-1449310042)
CSCE 727 - Farkas 5
Student WorkStudent WorkResearch project: there will be one
individual research project with a final submission of a research paper
Homework and class participation: there will be several homework assignments based on textbook material and reading assignments
Tests: there will be two in-class, open book tests
CSCE 727 - Farkas 6
GRADINGGRADING Research project: 25% Presentation of related work: 5%) Homework assignments: 25% Tests: 45% (midterm 20%, final 25%) Final grades are calculated from a total score of 100:
90 < A 87 < B+ <= 90 80 < B <= 87
76 < C+ <= 80 65 < C <= 76
60 < D+ <= 65 50 < D <= 60
CSCE 727 - Farkas 7
Tentative ScheduleTentative ScheduleWeek 1-3: Fundamental IW conceptsWeek 4-9: Offensive ActivitiesWeek 10-13: Defensive Information WarfareWeek 14-15: Student Presentations
CSCE 727 - Farkas 8
Questions?Questions?
Student IntroductionStudent Introduction
Your NameYour NameMajorMajorExposure to Information AssuranceExposure to Information AssuranceWhat you expect to gain from this classWhat you expect to gain from this classArea of interestArea of interest
CSCE 727 - Farkas 9
CSCE 727 - Farkas 10
Information Assurance Studies
IA SpecializationIA Specialization
Undergraduate and Graduate levelCore Requirement (3 Hours)
– CSCE 522: Information Security Principles (3 credits) – meets CNSS 4011 standard
Additional Requirements:– Elective IA course (3 credit)– 2nd elective course (3 credits) or 500-level or
above CSCE course with IA project component
CSCE 727 - Farkas 11
CSCE 727 - Farkas 12
CNSS CertificationsCNSS Certifications National Training Standard for Information
Systems Security Professionals, CNSSI No. 4011
National Training Standard for System Administrators in Information Systems Security, CNSSI No. 4013
National Training Standard for Information Systems Security Officers, CNSSI No. 4014
CSCE 727 - Farkas 13
IA&S CoursesIA&S CoursesOffered since 200012 new courses
– 4 undergraduate and graduate – 8 graduate students only
Approved by USCAccredited by the Committee on National
Security Systems (CNSS)
CSCE 727 - Farkas 14
IA&S Certificate ProgramIA&S Certificate Programhttp://www.cse.sc.edu/isl/education/iaands
(modifications are being proposed)(modifications are being proposed)
CSCE 727 - Farkas 15
12 hours of graduate study with B average – 6 hours core courses– 6 hours of elective courses
Graduation requirementsGraduation requirements
CSCE 727 - Farkas 16
Core CoursesCore Courses
CSCE 522 – Information Systems Security Principles – offered every Fall semester -- APOGEE
CSCE 715– Network Security– offered every Fall semester
CSCE 727 - Farkas 17
Elective CoursesElective Courses
CSCE 517 – Computer Crime and Forensics CSCE 557 – Introduction to Cryptography CSCE 548 – Secure Software Construction CSCE 716 – Design for Reliability CSCE 717 – Comp. Systems Performance
• CSCE 727 – Information Warfare CSCE 813 – Internet Security CSCE 814 – Distributed Systems Security CSCE 824 – Secure Databases
CSCE 727 - Farkas 18
Center for Information Center for Information Assurance Engineering Assurance Engineering (CIAE) (CIAE) http://www.cse.sc.edu/isl Information about:
– Research– Education– Publications– People– Useful links
More Questions?More Questions?
CSCE 727 - Farkas 20
Committee on National Committee on National Security Systems (CNSS)Security Systems (CNSS)
• CNSS 4011: National Information Assurance Training Standard for Information Systems Security Professionals• CSCE 522 + 1 additional IA course + 1 course with IA
project• CNSS 4013: National Information Assurance Training
Standard for System Administrators• CNSS 4011 requirements + CSCE 727
• CNSS 4014: National Information Assurance Training Standard for Information Systems Security Officers• CNSS 4011 requirements + CSCE 727 + CSCE 715
20
CSCE 727 - Farkas 21
Information Systems SecurityInformation Systems Security(Overview)(Overview)
http://www.cse.sc.edu/~farkas/csce522-2013/csce522.htm
CSCE 727 - Farkas 22
Security ObjectivesSecurity Objectives
Confidentiality: prevent/detect/deter improper disclosure of information
Integrity: prevent/detect/deter improper modification of information
Availability: prevent/detect/deter improper denial of access to services
Authenticity: Verify claimed identityNon-Repudiation: Cannot deny action
CSCE 727 - Farkas 23
Achieving SecurityAchieving Security
Policy– What to protect?
Mechanism– How to protect?
Assurance– How good is the protection?
CSCE 727 - Farkas 24
Security Tradeoffs
COST
Security Functionality
Ease of Use
CSCE 727 - Farkas 25
Information Security PlanningInformation Security Planning
Organization AnalysisRisk managementMitigation approaches and their costsSecurity policy and proceduresImplementation and testingSecurity training and awareness
CSCE 727 - Farkas 2626
Risk Management Framework(Business Context)
Understand BusinessContext
Identify Business and Technical Risks
Synthesize and RankRisks
Define RiskMitigation Strategy
Carry Out Fixesand Validate
Measurement and Reporting
Who Cares?
Why care?
What should be done?
How to mitigate risk?
Strengthen system
The Art…The Art…
Policies and proceduresPrivacyBest practicesEthics and LawNational-level considerationsInternational considerations Etc.
CSCE 727 - Farkas 27
CSCE 727 - Farkas 28
Next ClassNext ClassRefresh IA ConceptsRefresh IA Concepts