A Taxonomy and a Knowledge Portal for Cybersecurity

Similar documents
NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

How do you decide what s best for you?

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

Critical Hygiene for Preventing Major Breaches

Cybersecurity, Trade, and Economic Development

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Cybersecurity Strategy of the Republic of Cyprus

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

ClearPath OS 2200 System LAN Security Overview. White paper

Course Outline (version 2)

ISACA January 2016 Cybersecurity Snapshot US Results. Number of respondents (n) = 862

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

E-guide Getting your CISSP Certification

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

What is Zemana AntiLogger?

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Cyber security. Strategic delivery: Setting standards Increasing and. Details: Output:

Todd Sander Vice President, Research e.republic Inc.

CCISO Blueprint v1. EC-Council

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Protecting Your Cloud

Outsourcing & remote teams: cyber security vulnerabilities

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Security Standards for Electric Market Participants

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Bradford J. Willke. 19 September 2007

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

McAfee Network Security Platform Administration Course

Layer Security White Paper

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Security in India: Enabling a New Connected Era

Legal Foundation and Enforcement: Promoting Cybersecurity

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Digital Health Cyber Security Centre

Cyber Security in Europe

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Defining cybersecurity.

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Critical Information Infrastructure Protection Law

Understanding the Changing Cybersecurity Problem

Keys to a more secure data environment

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

THE ACCENTURE CYBER DEFENSE SOLUTION

Itu regional workshop

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Personal Cybersecurity

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

Data Security at Smart Assessor

ISACA West Florida Chapter - Cybersecurity Event

Combating Cyber Risk in the Supply Chain

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

CYBERSECURITY SAVE YOUR BOTTOM LINE IBC Annual Convention Anne Benigsen, Bankers Bank of the West

Collaboration on Cybersecurity program between California University and Shippensburg University

Security+ SY0-501 Study Guide Table of Contents

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

IPM Secure Hardening Guidelines

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

It Takes the Village to Secure the Village SM

ISAO SO Product Outline

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Enterprise Simply Trustworthy?

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

OUR CUSTOMER TERMS CLOUD SERVICES MCAFEE ENDPOINT PROTECTION ESSENTIAL FOR SMB

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

Checklist: Credit Union Information Security and Privacy Policies

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

Enabling Compliance for Physical and Cyber Security in Mobile Devices. Chip Epps & Daniel Bailin HID Global

Cyber Defense Operations Center

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Project 2020: Preparing Your Organization for Future Threats Today

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

An Aflac Case Study: Moving a Security Program from Defense to Offense

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

LESSONS LEARNED IN SMART GRID CYBER SECURITY

The Information Age has brought enormous

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Heavy Vehicle Cyber Security Bulletin

Position Title: IT Security Specialist

Protecting productivity with Industrial Security Services

Cybersecurity and Nonprofit

Building Resilience in a Digital Enterprise

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Transcription:

A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard Hovy 19.06.2014 DG.O 2014 1

Outline Why Cybersecurity Education for Smart Governments? Taxonomy: Technical Aspects Impact of Cybercrime Knowledge Portal Conclusion 19.06.2014 DG.O 2014 2

Smart Government Improve efficiency by offering services online Provide important data online Provide statistical information Provide reliable press releases Allow personnel remote access to network 19.06.2014 DG.O 2014 3

Cyber Threats Disruption of service Misinformation Data Theft All destroy trust in smart government Prevention requires all involved to know risks 19.06.2014 DG.O 2014 4

Mitigation Effective training to prevent such threats requires understanding Understanding needs mental model developed by carefully structured training Cybersecurity field and teaching fragmented Most training relies on simple checklists with unrelated points. 19.06.2014 DG.O 2014 5

Cyber Defense Cybersecurity commercialized early Focus on tools not people Specialization and fragmentation Nobody knows how to instruct laymen In a way that makes intuitive sense to them Organize overview of cybersecurity Taxonomy as first step to mental model 19.06.2014 DG.O 2014 6

Taxonomy Topics of cybersecurity Each concept has brief description and possibly external references Organized as a hierarchy of concepts 19.06.2014 DG.O 2014 7

Example Concept Description, Cross-links, Resources 19.06.2014 DG.O 2014 8

Taxonomy Overview High Level Map of concepts Provides quick navigation Impact of Cybercrime Technical Aspects 19.06.2014 DG.O 2014 9

Technical Aspects of Cybersecurity Focus on research Present various important areas of cybersecurity Fairly detailed, well developed 19.06.2014 DG.O 2014 10

Authentication and Authorization Types of Authentication Advantages of multi-factor authentication Principle of least privileges Example Goal for Related Training Unit Understand why you should never give your credentials to your co-workers 19.06.2014 DG.O 2014 11

Intrusion Detection Types of Malware: Virus vs. Trojan Self-replication and Hiding Paths of infection: Internet, E-mail, USB Example Goal for Related Training Unit Understand why just removing the symptoms of a virus is dangerous 19.06.2014 DG.O 2014 12

Cryptography Private-key and public-key cryptography SSL Certificates and their implications Example Goal for Related Training Unit Understand what the lock in your internet browser actually means 19.06.2014 DG.O 2014 13

Taxonomy as Starting Point Provides links for further inquiry Taxonomy serves as starting point for finding out what you want to know more about Provide abstract of linked papers to allow user judging whether the link is interesting 19.06.2014 DG.O 2014 14

Extracted Abstract 19.06.2014 DG.O 2014 15

Impact of Cybercrime Look at aspects beyond technology Cybersecurity has considerable influence on other areas, such as education or investments Less materials, less detailed 19.06.2014 DG.O 2014 16

Economic Impact Estimated costs of cybercrime Costs of prevention We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion (McAfee, Net Losses: Estimating the Global Cost of Cybercrime, June 2014.) Example Goal for Related Training Unit Understand the cost of recovering from an attack that you can help prevent 19.06.2014 DG.O 2014 17

Policy and Law Cybercrime laws and their effects Data protection regulations (e.g. HIPAA) International (e.g. Council of Europe ETS 185) Example Goal for Related Training Unit Understand why you could become a criminal if you are clueless about cybersecurity 19.06.2014 DG.O 2014 18

Education Education initiatives at different levels Online resources for further information Example Goal for Related Training Unit Learn about where you can find further information and materials to train your team 19.06.2014 DG.O 2014 19

Knowledge Portal Comment on cybercrime and cybersecurity issues of websites Write comments through Chrome browser plugin Discuss others comments Provides situational knowledge 19.06.2014 DG.O 2014 20

Short Demo 19.06.2014 DG.O 2014 21

Linking Knowledge Link the situational knowledge to taxonomy Taxonomy provides background knowledge Encourage users to learn more about issues 19.06.2014 DG.O 2014 26

Conclusion Cybersecurity for smart government Requires training of staff Taxonomy http://www.cs.cmu.edu/~dklaper/cybersecurity/website/ Knowledge portal http://erie.lti.cs.cmu.edu 19.06.2014 DG.O 2014 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback