Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how...
Transcript of Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how...
![Page 1: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/1.jpg)
Intro to CYBR 3600
Dr. HaleUniversity of Nebraska at OmahaInformation Security and Policy – Lecture 1
![Page 2: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/2.jpg)
Welcome to CYBR 3600
![Page 3: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/3.jpg)
What is this class?
Introductions
You will be learning about risk and how effective governance can mitigate it
through good policy.
![Page 4: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/4.jpg)
Sounds boring?
Introductions
![Page 5: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/5.jpg)
Its not.
Introductions
![Page 6: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/6.jpg)
Its not. Ok, It is a little.
Introductions
![Page 7: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/7.jpg)
But it will build extremely marketable skills.
Introductions
![Page 8: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/8.jpg)
and…You will learn by doing.
Introductions
![Page 9: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/9.jpg)
You will get to see where policies fail so you can create good ones.
Introductions
![Page 10: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/10.jpg)
You will see how major corporations and the federal government create policies
Introductions
![Page 11: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/11.jpg)
We will even explore some system assessment and social engineering in the context of security policies.
Introductions
![Page 12: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/12.jpg)
Who am I and why should you trust me?
Introductions
I’m Dr. Matt Hale. I’m a software engineering that is big into secure web and mobile
applications with rich UI and functionality.
![Page 13: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/13.jpg)
Introductions
A few major web applications I’ve made include..
![Page 14: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/14.jpg)
SEREBROa collaborative online environment that features a set of project management tools and an innovative idea network for tracking how ideas evolve over time in software engineering teams.
![Page 15: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/15.jpg)
Idea Network
![Page 16: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/16.jpg)
OTHER
SEREBRO
MODULES
![Page 17: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/17.jpg)
CYBERTRUSTa secure client-side web application that serves as a simulation platform for neuroscientists and psychologists to capture subject data about trust cues. It features data capture techniques like eye and decision tracking.
![Page 18: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/18.jpg)
CYBERTRUST
PLATFORM
![Page 19: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/19.jpg)
CYBERTRUST
PLATFORM
https://www.youtube.com/watch?v=8FMemUlOtfc
![Page 20: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/20.jpg)
Who am I and why should you trust me?
Introductions
But...despite being a ‘maker’ my dissertation was all about policy, security controls, and how they impact systems in the “cloud.”
![Page 21: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/21.jpg)
Introductions
We’ll probably talk about some of that work later in the class
![Page 22: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/22.jpg)
Some stuff I’m working on now.
Introductions
Identifying trust cues and predicting phishing victimization
Testing and securing wearable devices(e.g. fitbit, Jawbone, Nike Fuel)
Promoting Cybersecurity in STEM ed.
![Page 23: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/23.jpg)
Introductions
Enough about me…
![Page 24: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/24.jpg)
Who are you?
Introductions
Preferred Pronoun /
Name
+
Interesting fact about you that not many
people know (NSFW not allowed)
![Page 25: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/25.jpg)
Introductions
Ice breaker activity(this class is a no shyness zone)
![Page 26: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/26.jpg)
Introductions
• Stacking cups is hard• Teamwork is a give and take• Collective vision is essential for success• Building Policies based on stakeholder needs and interests isn’t all that
different.
Some Takeaways
![Page 27: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/27.jpg)
Today’s topics:Introductions
What is this class?Who am I?Who are you?
Class OverviewSyllabus (tedious, I know)Topic Roadmap
What is Governance and why should you care?RiskThe role of governanceBenefits of good governance
![Page 28: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/28.jpg)
GO TO Syllabus
Class Overview
![Page 29: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/29.jpg)
• Risk Analysis• Information Governance• Security Policies and Procedures• Regulatory Security Standards and Compliance• Security Awareness and Training• Legality and ethics of security practices• Social Engineering and Phishing Prevention
Class Overview
Topics Covered
![Page 30: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/30.jpg)
Introductions
What is slack?
![Page 31: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/31.jpg)
What is information security governance?
Risk & Governance
![Page 32: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/32.jpg)
“all processes of governing, whether undertaken by a government, market or network, whether over a family, tribe, formal or informal organization or territory and whether
through laws, norms, power or language”
Risk & Governance
What you get when you google “Governance”
Thanks for nothing wiki…
![Page 33: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/33.jpg)
the mechanisms, processes, rights, responsibilities, policies, decision making, and objective setting that determine how an
entity (e.g., a company) is controlled and directed.
Risk & Governance
What governance really means
![Page 34: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/34.jpg)
Now apply this definition to information security
Risk & Governance
![Page 35: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/35.jpg)
a set of practices in an organization that align security strategies with business objectives to ensure objectives are achieved, verify that resources
are used responsibly, and define responsibility and accountability so that the organization can achieve an acceptable level of risk
Risk & Governance
What is information security governance (ISG)?
![Page 36: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/36.jpg)
• Defined Organizational structure• Policies and procedures• Awareness and training• Technical Security Controls and countermeasures• Auditing, Monitoring, and Metrics
Key elements of ISG
Risk & Governance
![Page 37: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/37.jpg)
Maintain… • Confidentiality – Disclose information only to approved entities• Integrity – No unauthorized modification• Availability – Information can be accessed by those that need it
when they need it• Nonrepudiation – No one can say that they didn’t do something
when they did. Provides accountability of actions
ISG tasks
…Across all info., systems, employees, and physical resources in the entire organization
Risk & Governance
![Page 38: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/38.jpg)
Effective governance prevents or limits…
Risk & Governance
![Page 39: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/39.jpg)
Risk & Governance
UN-Happy supreme leaders
![Page 40: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/40.jpg)
Risk & Governance
Easy Targets
![Page 41: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/41.jpg)
Risk & Governance
Other data breach puns…
![Page 42: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/42.jpg)
• Strategic Alignment – security supports business strategy Ex. integrity is more important for banks, while availability might
be more important for facebook• Risk Management – mitigate or minimize risk by limiting exposure or
reducing impact• Business process convergence – increase effectiveness and efficiency
through integrating related security activitiesEx. single sign-on (active directory), ubiquitous auditing, etc
• Resource and performance management – understand resource usage for increased efficiency and effectiveness
…benefits of effective IS governance
Risk & Governance
![Page 43: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/43.jpg)
Reading
Read Ch. 1 in Brotby
![Page 44: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/44.jpg)
Homework
None
![Page 45: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/45.jpg)
Next
Ti
me
Risks
![Page 46: Intro to CYBR 3600 · What is this class? Introductions You will be learning about risk and how effective governancecan mitigate it through good policy. Sounds boring? Introductions.](https://reader034.fdocuments.net/reader034/viewer/2022052018/603219ffd7c7a97ebe52c416/html5/thumbnails/46.jpg)
Questions?
Matt Hale, PhDUniversity of Nebraska at OmahaAssistant Professor of Cybersecurity
[email protected]: @mlhale_
© 2014-2017 Matthew L. Hale