A Taxonomy and a Knowledge Portal for Cybersecurity

Transcription

1 A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard Hovy DG.O

2 Outline Why Cybersecurity Education for Smart Governments? Taxonomy: Technical Aspects Impact of Cybercrime Knowledge Portal Conclusion DG.O

3 Smart Government Improve efficiency by offering services online Provide important data online Provide statistical information Provide reliable press releases Allow personnel remote access to network DG.O

4 Cyber Threats Disruption of service Misinformation Data Theft All destroy trust in smart government Prevention requires all involved to know risks DG.O

5 Mitigation Effective training to prevent such threats requires understanding Understanding needs mental model developed by carefully structured training Cybersecurity field and teaching fragmented Most training relies on simple checklists with unrelated points DG.O

6 Cyber Defense Cybersecurity commercialized early Focus on tools not people Specialization and fragmentation Nobody knows how to instruct laymen In a way that makes intuitive sense to them Organize overview of cybersecurity Taxonomy as first step to mental model DG.O

7 Taxonomy Topics of cybersecurity Each concept has brief description and possibly external references Organized as a hierarchy of concepts DG.O

8 Example Concept Description, Cross-links, Resources DG.O

9 Taxonomy Overview High Level Map of concepts Provides quick navigation Impact of Cybercrime Technical Aspects DG.O

10 Technical Aspects of Cybersecurity Focus on research Present various important areas of cybersecurity Fairly detailed, well developed DG.O

11 Authentication and Authorization Types of Authentication Advantages of multi-factor authentication Principle of least privileges Example Goal for Related Training Unit Understand why you should never give your credentials to your co-workers DG.O

12 Intrusion Detection Types of Malware: Virus vs. Trojan Self-replication and Hiding Paths of infection: Internet, , USB Example Goal for Related Training Unit Understand why just removing the symptoms of a virus is dangerous DG.O

13 Cryptography Private-key and public-key cryptography SSL Certificates and their implications Example Goal for Related Training Unit Understand what the lock in your internet browser actually means DG.O

14 Taxonomy as Starting Point Provides links for further inquiry Taxonomy serves as starting point for finding out what you want to know more about Provide abstract of linked papers to allow user judging whether the link is interesting DG.O

15 Extracted Abstract DG.O

16 Impact of Cybercrime Look at aspects beyond technology Cybersecurity has considerable influence on other areas, such as education or investments Less materials, less detailed DG.O

17 Economic Impact Estimated costs of cybercrime Costs of prevention We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion (McAfee, Net Losses: Estimating the Global Cost of Cybercrime, June 2014.) Example Goal for Related Training Unit Understand the cost of recovering from an attack that you can help prevent DG.O

18 Policy and Law Cybercrime laws and their effects Data protection regulations (e.g. HIPAA) International (e.g. Council of Europe ETS 185) Example Goal for Related Training Unit Understand why you could become a criminal if you are clueless about cybersecurity DG.O

19 Education Education initiatives at different levels Online resources for further information Example Goal for Related Training Unit Learn about where you can find further information and materials to train your team DG.O

20 Knowledge Portal Comment on cybercrime and cybersecurity issues of websites Write comments through Chrome browser plugin Discuss others comments Provides situational knowledge DG.O

21 Short Demo DG.O

22 Linking Knowledge Link the situational knowledge to taxonomy Taxonomy provides background knowledge Encourage users to learn more about issues DG.O

23 Conclusion Cybersecurity for smart government Requires training of staff Taxonomy Knowledge portal DG.O