This 3-day experience combines independent learning, group exercises and instructor lead discussions to provide those considering a career in cybersecurity with an opportunity to explore the various occupations and certifications available. If you are looking to pivot your career…this course is for you!
2. Learning Objectives
Upon completion of this discussion students should be able to:
Define cyberspace and cybersecurity
Understand the basic security principles of confidentiality, integrity, and availability
Describe some common threats to information security
Understand basic security fundamentals
3. Introductory Concepts
Cyberspace is "the notional environment in
which communication over computer networks
occurs.“
- Wikipedia
An operational domain whose distinctive and
unique character is framed by the use of
electronics and the electromagnetic spectrum to
create, store, modify, exchange, and exploit
information via interconnected and internetted
information systems and their associated
infrastructures
- US Military Joint Doctrine
4. What is cybersecurity?
“Computer security, also known as cyber security or IT security, is the protection of
computer systems from the theft or damage to their hardware, software or information, as
well as from disruption or misdirection of the services they provide.”
Gasser, Morrie (1988). Building a Secure Computer System.
[Online] Available at
https://ece.uwaterloo.ca/~vganesh/TEACHING/S2014/ECE458/
building-secure-systems.pdf Retrieved 6 September 2015.
5. Principles
“The CIA Triad”
Confidentiality
Protecting information from disclosure to unauthorized entities
Integrity
Ensuring that information is not altered accidentally or by entities
unauthorized to make alterations
Availability
Ensuring information can be used when and where needed
10. Some other terms
Asset
◦ Stuff we care about: information, software, hardware, bandwidth…
◦ Reputation, privacy, money…
Threat
◦ The potential for an occurrence that would cause an undesirable effect on an asset
◦ Threats are often evaluated with respect to the CIA triad
Safeguard
◦ A control implemented to reduce the risk posed by a threat
Vulnerability
◦ The absence (or weakness) of safeguards, allowing a threat to affect an asset
Exploit
◦ A technique that takes advantage of a specific vulnerability to achieve some effect.
15. Cost-benefit and Risk
Risk is the exposure created by vulnerabilities to certain cyber threats
◦ Often referred to using this equation: risk = threat X vulnerability X consequence
◦ Risk assessment - analyzing threats, vulnerabilities, and consequences to determine individual risks and
the potential loss to the organization
◦ Risk management – taking steps to reduce threats, vulnerabilities, or consequences
Principle
◦ Do not devote more resources than the potential loss
Cost of loss
◦ How much does it cost if I fail to maintain CIA?
◦ Do not ignore secondary costs
Cost of prevention
◦ How much does it cost to provide safeguards?
16. Careers in Cybersecurity
Security Researchers
- Consultants
- Student researchers
- Freelance researchers/bug hunters
Operational Analysts
- Incident responders
- Host/network forensic experts
- Data analytics experts
- Penetration testers
Tool Builders
- High skill set in:
- Coding
- Internet protocols
- System administration
- Network management
- Encryption
Compliance
- Legal, regulatory knowledge
- Help ensure organizations are in
compliance with federal regs
17. How do I get there?
Technical pathways/majors
◦ Computer Science
◦ Computer Engineering
◦ Cybersecurity major/minor
◦ Mathematics
Less technical
◦ Political Science
◦ Law
◦ Ethics
◦ Business IT