CSCE 727 Information Warfare Instructor Csilla Farkas l

CSCE 727 Information Warfare

Instructor: Csilla Farkas l Class time: T, Th 11: 40 am – 12: 55 pm, SWGN 2 A 11 l Class Homepage: https: //cse. sc. edu/~farkas/csce 727. htm l Office Hours: – Tuesday, Thursday 10: 00 – 11: 30 am; or by appointment l CSCE 727 - Farkas 2

l Prerequisite(s) or corequisite(s): CSCE 522 or permission of instructor l Course objectives: Introduction to information warfare principles and technologies. – Defensive information warfare – Offensive information warfare CSCE 727 - Farkas 3

Basic Bibliography l Required: – D. Denning: Information Warfare and Security (Addison Wesley, 1998, ISBN: 0201433036) – Lecture handouts and references listed for each lecture CSCE 727 - Farkas 4

Student Work l Project: there will be one project with a final submission of a research proposal. l Homework and class participation: there will be several homework assignments based on textbook material and reading assignments l Class Presentation: Students will be required to identify new materials relevant to the discussion topics. CSCE 727 - Farkas 5

GRADING Research project: 35% l Presentation of related work: 25% l Homework assignments: 40% l Final grades are calculated from a total score of 100: l 90 < A 87 < B+ <= 90 80 < B <= 87 76 < C+ <= 80 65 < C <= 76 60 < D+ <= 65 50 < D <= 60 CSCE 727 - Farkas 6

Tentative Schedule l Week 1 -3: Fundamental IW concepts l Week 4 -9: Offensive Activities l Week 10 -13: Defensive Information Warfare l Week 14 -15: Student Project Panels CSCE 727 - Farkas 7

Questions? CSCE 727 - Farkas 8

Student Introduction Your Name Major Exposure to Information Assurance What you expect to gain from this class Area of interest CSCE 727 - Farkas 9

Information Assurance Studies CSCE 727 - Farkas 10

IA Specialization l Graduate level l Core Requirement (3 Hours) – CSCE 522: Information Security Principles (3 credits) – meets CNSS 4011 standard l Additional Requirements: – Elective IA course (3 credit) – 2 nd elective course (3 credits) or 500 -level or above CSCE course with IA project component CSCE 727 - Farkas 11

CNSS Certifications l Old criteria: l National Training Standard for Information Systems Security Professionals, CNSSI No. 4011 National Training Standard for System Administrators in Information Systems Security, CNSSI No. 4013 l National Training Standard for Information Systems Security Officers, CNSSI No. 4014 l New criteria: Knowledge Units l CSCE 727 - Farkas 12

IA&S Courses l Offered since 2000 l 12 new courses – 4 undergraduate and graduate – 8 graduate students only l Approved by USC l Accredited by the Committee on National Security Systems (CNSS) CSCE 727 - Farkas 13

IA&S Certificate Program http: //www. cse. sc. edu/isl/education/iaands (modifications are approved, starting Fall 2016) CSCE 727 - Farkas 14

Graduation requirements 12 hours of graduate study with B average – 6 hours core courses – 6 hours of elective courses CSCE 727 - Farkas 15

Core Courses l CSCE 522 – Information Systems Security Principles – offered every Fall semester -- APOGEE l CSCE 715– Network Security – offered every Fall semester CSCE 727 - Farkas 16

Elective Courses l CSCE 517 – Computer Crime and Forensics CSCE 557 – Introduction to Cryptography CSCE 548 – Secure Software Construction CSCE 716 – Design for Reliability CSCE 717 – Comp. Systems Performance • CSCE 727 – Information Warfare l l CSCE 813 – Internet Security l CSCE 814 – Distributed Systems Security l CSCE 824 – Secure Databases l CSCE 727 - Farkas 17

Center for Information Assurance Engineering (CIAE) l http: //www. cse. sc. edu/isl l Information about: – Research – Education – Publications – People – Useful links CSCE 727 - Farkas 18

More Questions?

Committee on National Security Systems (CNSS) CNSS 4011: National Information Assurance Training Standard for Information Systems Security Professionals • CSCE 522 + 1 additional IA course + 1 course with IA project • CNSS 4013: National Information Assurance Training Standard for System Administrators • CNSS 4011 requirements + CSCE 727 • CNSS 4014: National Information Assurance Training Standard for Information Systems Security Officers • CNSS 4011 requirements + CSCE 727 + CSCE 715 • CSCE 727 - Farkas 20 20

Information Systems Security (Overview) http: //www. cse. sc. edu/~farkas/cs ce 522 -2013/csce 522. htm CSCE 727 - Farkas 21

Security Objectives l Confidentiality: prevent/detect/deter improper disclosure of information l Integrity: prevent/detect/deter improper modification of information l Availability: prevent/detect/deter improper denial of access to services l Authenticity: Verify claimed identity l Non-Repudiation: Cannot deny action CSCE 727 - Farkas 22

Achieving Security l Policy – What to protect? l Mechanism – How to protect? l Assurance – How good is the protection? CSCE 727 - Farkas 23

Security Tradeoffs Security Functionality COST Ease of Use CSCE 727 - Farkas 24

Information Security Planning l Organization Analysis l Risk management l Mitigation approaches and their costs l Security policy and procedures l Implementation and testing l Security training and awareness CSCE 727 - Farkas 25

Risk Management Framework (Business Context) Who Cares? Understand Business Context Why care? Identify Business and Technical Risks What should be done? Synthesize and Rank Risks Carry Out Fixes and Validate Define Risk Mitigation Strategy Strengthen system How to mitigate risk? Measurement and Reporting CSCE 727 - Farkas 26

The Art… l Policies and procedures l Privacy l Best practices l Ethics and Law l National-level considerations l International considerations l Etc. CSCE 727 - Farkas 27

Next Class Refresh IA Concepts CSCE 727 - Farkas 28