csce 727 information warfare

CSCE 727 CSCE 727 Information WarfareInformation Warfare

CSCE 727 - Farkas 2

Instructor: Csilla Farkas Class time: M, W 2:50 – 4:05 pm Class Homepage:

http://www.cse.sc.edu/~farkas/csce727-2014/csce727.htm

Office Hours: – M, W 2:00 – 2:30 pm and 4:15 – 5:15 pm or by

appointment

CSCE 727 - Farkas 3

Prerequisite(s) or corequisite(s): CSCE 522 or permission of instructor

Course objectives: Introduction to information warfare principles and technologies. – Defensive information warfare– Offensive information warfare

CSCE 727 - Farkas 4

Basic BibliographyBasic Bibliography Required:

– D. Denning: Information Warfare and Security (Addison Wesley, 1998, ISBN: 0201433036)

– Lecture handouts and references listed for each lecture

Recommended:– Cyber Warfare: Mapping the Cyber

Underworld (O’Reilly Media,2nd edition, 2011, ISBN-10: 1449310044, ISBN-13: 978-1449310042)

CSCE 727 - Farkas 5

Student WorkStudent WorkResearch project: there will be one

individual research project with a final submission of a research paper

Homework and class participation: there will be several homework assignments based on textbook material and reading assignments

Tests: there will be two in-class, open book tests

CSCE 727 - Farkas 6

GRADINGGRADING Research project: 25% Presentation of related work: 5%) Homework assignments: 25% Tests: 45% (midterm 20%, final 25%) Final grades are calculated from a total score of 100:

90 < A 87 < B+ <= 90 80 < B <= 87

76 < C+ <= 80 65 < C <= 76

60 < D+ <= 65 50 < D <= 60

CSCE 727 - Farkas 7

Tentative ScheduleTentative ScheduleWeek 1-3: Fundamental IW conceptsWeek 4-9: Offensive ActivitiesWeek 10-13: Defensive Information WarfareWeek 14-15: Student Presentations

CSCE 727 - Farkas 8

Questions?Questions?

Student IntroductionStudent Introduction

Your NameYour NameMajorMajorExposure to Information AssuranceExposure to Information AssuranceWhat you expect to gain from this classWhat you expect to gain from this classArea of interestArea of interest

CSCE 727 - Farkas 9

CSCE 727 - Farkas 10

Information Assurance Studies

IA SpecializationIA Specialization

Undergraduate and Graduate levelCore Requirement (3 Hours)

– CSCE 522: Information Security Principles (3 credits) – meets CNSS 4011 standard

Additional Requirements:– Elective IA course (3 credit)– 2nd elective course (3 credits) or 500-level or

above CSCE course with IA project component



CNSS CertificationsCNSS Certifications National Training Standard for Information

Systems Security Professionals, CNSSI No. 4011

National Training Standard for System Administrators in Information Systems Security, CNSSI No. 4013

National Training Standard for Information Systems Security Officers, CNSSI No. 4014


IA&S CoursesIA&S CoursesOffered since 200012 new courses

– 4 undergraduate and graduate – 8 graduate students only

Approved by USCAccredited by the Committee on National

Security Systems (CNSS)


IA&S Certificate ProgramIA&S Certificate Programhttp://www.cse.sc.edu/isl/education/iaands

(modifications are being proposed)(modifications are being proposed)


12 hours of graduate study with B average – 6 hours core courses– 6 hours of elective courses

Graduation requirementsGraduation requirements


Core CoursesCore Courses

CSCE 522 – Information Systems Security Principles – offered every Fall semester -- APOGEE

CSCE 715– Network Security– offered every Fall semester


Elective CoursesElective Courses

CSCE 517 – Computer Crime and Forensics CSCE 557 – Introduction to Cryptography CSCE 548 – Secure Software Construction CSCE 716 – Design for Reliability CSCE 717 – Comp. Systems Performance

• CSCE 727 – Information Warfare CSCE 813 – Internet Security CSCE 814 – Distributed Systems Security CSCE 824 – Secure Databases


Center for Information Center for Information Assurance Engineering Assurance Engineering (CIAE) (CIAE) http://www.cse.sc.edu/isl Information about:

– Research– Education– Publications– People– Useful links

More Questions?More Questions?


Committee on National Committee on National Security Systems (CNSS)Security Systems (CNSS)

• CNSS 4011: National Information Assurance Training Standard for Information Systems Security Professionals• CSCE 522 + 1 additional IA course + 1 course with IA

project• CNSS 4013: National Information Assurance Training

Standard for System Administrators• CNSS 4011 requirements + CSCE 727

• CNSS 4014: National Information Assurance Training Standard for Information Systems Security Officers• CNSS 4011 requirements + CSCE 727 + CSCE 715

20


Information Systems SecurityInformation Systems Security(Overview)(Overview)

http://www.cse.sc.edu/~farkas/csce522-2013/csce522.htm


Security ObjectivesSecurity Objectives

Confidentiality: prevent/detect/deter improper disclosure of information

Integrity: prevent/detect/deter improper modification of information

Availability: prevent/detect/deter improper denial of access to services

Authenticity: Verify claimed identityNon-Repudiation: Cannot deny action


Achieving SecurityAchieving Security

Policy– What to protect?

Mechanism– How to protect?

Assurance– How good is the protection?


Security Tradeoffs

COST

Security Functionality

Ease of Use


Information Security PlanningInformation Security Planning

Organization AnalysisRisk managementMitigation approaches and their costsSecurity policy and proceduresImplementation and testingSecurity training and awareness


Risk Management Framework(Business Context)

Understand BusinessContext

Identify Business and Technical Risks

Synthesize and RankRisks

Define RiskMitigation Strategy

Carry Out Fixesand Validate

Measurement and Reporting

Who Cares?

Why care?

What should be done?

How to mitigate risk?

Strengthen system

The Art…The Art…

Policies and proceduresPrivacyBest practicesEthics and LawNational-level considerationsInternational considerations Etc.



Next ClassNext ClassRefresh IA ConceptsRefresh IA Concepts

csce 727 information warfare

Documents