A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard Hovy 19.06.2014 DG.O 2014 1
Outline Why Cybersecurity Education for Smart Governments? Taxonomy: Technical Aspects Impact of Cybercrime Knowledge Portal Conclusion 19.06.2014 DG.O 2014 2
Smart Government Improve efficiency by offering services online Provide important data online Provide statistical information Provide reliable press releases Allow personnel remote access to network 19.06.2014 DG.O 2014 3
Cyber Threats Disruption of service Misinformation Data Theft All destroy trust in smart government Prevention requires all involved to know risks 19.06.2014 DG.O 2014 4
Mitigation Effective training to prevent such threats requires understanding Understanding needs mental model developed by carefully structured training Cybersecurity field and teaching fragmented Most training relies on simple checklists with unrelated points. 19.06.2014 DG.O 2014 5
Cyber Defense Cybersecurity commercialized early Focus on tools not people Specialization and fragmentation Nobody knows how to instruct laymen In a way that makes intuitive sense to them Organize overview of cybersecurity Taxonomy as first step to mental model 19.06.2014 DG.O 2014 6
Taxonomy Topics of cybersecurity Each concept has brief description and possibly external references Organized as a hierarchy of concepts 19.06.2014 DG.O 2014 7
Example Concept Description, Cross-links, Resources 19.06.2014 DG.O 2014 8
Taxonomy Overview High Level Map of concepts Provides quick navigation Impact of Cybercrime Technical Aspects 19.06.2014 DG.O 2014 9
Technical Aspects of Cybersecurity Focus on research Present various important areas of cybersecurity Fairly detailed, well developed 19.06.2014 DG.O 2014 10
Authentication and Authorization Types of Authentication Advantages of multi-factor authentication Principle of least privileges Example Goal for Related Training Unit Understand why you should never give your credentials to your co-workers 19.06.2014 DG.O 2014 11
Intrusion Detection Types of Malware: Virus vs. Trojan Self-replication and Hiding Paths of infection: Internet, E-mail, USB Example Goal for Related Training Unit Understand why just removing the symptoms of a virus is dangerous 19.06.2014 DG.O 2014 12
Cryptography Private-key and public-key cryptography SSL Certificates and their implications Example Goal for Related Training Unit Understand what the lock in your internet browser actually means 19.06.2014 DG.O 2014 13
Taxonomy as Starting Point Provides links for further inquiry Taxonomy serves as starting point for finding out what you want to know more about Provide abstract of linked papers to allow user judging whether the link is interesting 19.06.2014 DG.O 2014 14
Extracted Abstract 19.06.2014 DG.O 2014 15
Impact of Cybercrime Look at aspects beyond technology Cybersecurity has considerable influence on other areas, such as education or investments Less materials, less detailed 19.06.2014 DG.O 2014 16
Economic Impact Estimated costs of cybercrime Costs of prevention We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion (McAfee, Net Losses: Estimating the Global Cost of Cybercrime, June 2014.) Example Goal for Related Training Unit Understand the cost of recovering from an attack that you can help prevent 19.06.2014 DG.O 2014 17
Policy and Law Cybercrime laws and their effects Data protection regulations (e.g. HIPAA) International (e.g. Council of Europe ETS 185) Example Goal for Related Training Unit Understand why you could become a criminal if you are clueless about cybersecurity 19.06.2014 DG.O 2014 18
Education Education initiatives at different levels Online resources for further information Example Goal for Related Training Unit Learn about where you can find further information and materials to train your team 19.06.2014 DG.O 2014 19
Knowledge Portal Comment on cybercrime and cybersecurity issues of websites Write comments through Chrome browser plugin Discuss others comments Provides situational knowledge 19.06.2014 DG.O 2014 20
Short Demo 19.06.2014 DG.O 2014 21
Linking Knowledge Link the situational knowledge to taxonomy Taxonomy provides background knowledge Encourage users to learn more about issues 19.06.2014 DG.O 2014 26
Conclusion Cybersecurity for smart government Requires training of staff Taxonomy http://www.cs.cmu.edu/~dklaper/cybersecurity/website/ Knowledge portal http://erie.lti.cs.cmu.edu 19.06.2014 DG.O 2014 27