Classification of Living Things. Taxonomy: Classification Taxonomy Song.
A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A...
Transcript of A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A...
A Taxonomy and a Knowledge Portal for Cybersecurity
David Klaper
Adviser: Eduard Hovy
19.06.2014 DG.O 2014 1
Outline
• Why Cybersecurity Education for Smart Governments?
• Taxonomy:
– Technical Aspects
– Impact of Cybercrime
• Knowledge Portal
• Conclusion
19.06.2014 DG.O 2014 2
Smart Government
• Improve efficiency by offering services online
• Provide important data online
• Provide statistical information
• Provide reliable press releases
• Allow personnel remote access to network
• …
19.06.2014 DG.O 2014 3
Cyber Threats
• Disruption of service
• Misinformation
• Data Theft
• All destroy trust in smart government
• Prevention requires all involved to know risks
19.06.2014 DG.O 2014 4
Mitigation
• Effective training to prevent such threats requires understanding
• Understanding needs mental model developed by carefully structured training
• Cybersecurity field and teaching fragmented
• Most training relies on simple checklists with unrelated points.
19.06.2014 DG.O 2014 5
Cyber Defense
• Cybersecurity commercialized early
– Focus on tools not people
– Specialization and fragmentation
• Nobody knows how to instruct laymen
– In a way that makes ‘intuitive sense’ to them
• Organize overview of cybersecurity
– Taxonomy as first step to mental model
19.06.2014 DG.O 2014 6
Taxonomy
• Topics of cybersecurity
• Each concept has brief description and possibly external references
• Organized as a hierarchy of concepts
19.06.2014 DG.O 2014 7
Example Concept
• Description, Cross-links, Resources
19.06.2014 DG.O 2014 8
Taxonomy Overview
• High Level Map of concepts
• Provides quick navigation
19.06.2014 DG.O 2014 9
Technical Aspects
Impact of Cybercrime
Technical Aspects of Cybersecurity
• Focus on research
• Present various important areas of cybersecurity
• Fairly detailed, well developed
19.06.2014 DG.O 2014 10
Example Goal for Related Training Unit
Authentication and Authorization
19.06.2014 DG.O 2014 11
• Types of Authentication
• Advantages of multi-factor authentication
• Principle of least privileges
• Understand why you should never give your credentials to your co-workers
Example Goal for Related Training Unit
Intrusion Detection
19.06.2014 DG.O 2014 12
• Types of Malware: Virus vs. Trojan …
• Self-replication and Hiding
• Paths of infection: Internet, E-mail, USB
• Understand why just removing the symptoms of a virus is dangerous
Example Goal for Related Training Unit
Cryptography
19.06.2014 DG.O 2014 13
• Private-key and public-key cryptography
• SSL Certificates and their implications
• Understand what the lock in your internet browser actually means
Taxonomy as Starting Point
• Provides links for further inquiry
• Taxonomy serves as starting point for finding out what you want to know more about
• Provide abstract of linked papers to allow user judging whether the link is interesting
19.06.2014 DG.O 2014 14
Extracted Abstract
19.06.2014 DG.O 2014 15
Impact of Cybercrime
• Look at aspects beyond technology
• Cybersecurity has considerable influence on other areas, such as education or investments
• Less materials, less detailed
19.06.2014 DG.O 2014 16
Example Goal for Related Training Unit
Economic Impact
19.06.2014 DG.O 2014 17
• Estimated costs of cybercrime
• Costs of prevention
• “We estimate that the likely annual cost to the global
economy from cybercrime is more than $400 billion” (McAfee, Net Losses: Estimating the Global Cost of Cybercrime, June 2014.)
• Understand the cost of recovering from an attack that you can help prevent
Example Goal for Related Training Unit
Policy and Law
19.06.2014 DG.O 2014 18
• Cybercrime laws and their effects
• Data protection regulations (e.g. HIPAA)
• International (e.g. Council of Europe ETS 185)
• Understand why you could become a criminal if you are clueless about cybersecurity
Example Goal for Related Training Unit
Education
19.06.2014 DG.O 2014 19
• Education initiatives at different levels
• Online resources for further information
• Learn about where you can find further information and materials to train your team
Knowledge Portal
• Comment on cybercrime and cybersecurity issues of websites
• Write comments through Chrome browser plugin
• Discuss others’ comments
• Provides situational knowledge
19.06.2014 DG.O 2014 20
Short Demo
19.06.2014 DG.O 2014 21
Linking Knowledge
• Link the situational knowledge to taxonomy
• Taxonomy provides background knowledge
• Encourage users to learn more about issues
19.06.2014 DG.O 2014 26
Conclusion
• Cybersecurity for smart government
– Requires training of staff
• Taxonomy http://www.cs.cmu.edu/~dklaper/cybersecurity/website/
• Knowledge portal http://erie.lti.cs.cmu.edu
19.06.2014 DG.O 2014 27