INFS2701 Week 1 Fundamentals of Cybersecurity Part 1 INTRODUCTION Lesley Land • Education (BSc UCL, MSc Brunel) • Academic at UWA (1990-1993), UNSW since (1993- ). 1 Staff Details Tutorial Capacity Day/Times Venue Matt 211 T09A 11/23 Tue 9-11 • Lesley (l.land@unsw.edu.au) LIC T11A 23/23 Tue 11-1 Matt 211 T14A 23/23 Tue 2-4 Matt 211 • Kevin Kuan (Co-Lecturer) T16A 7/15 Tue 4-6 Online W13A 23/23 Wed1-3 Matt 211 W16A 24/24 Wed4-6 Matt 211 Teaching times and locations • Week 1–5, 7- 10: Monday, 9-11 am, Online (recorded) • Week 6: Flexibility week no scheduled class Consultation times • During teaching weeks (2-5, 7-10), Monday 11am–1pm. • Please email me for an appointment prior. • Tutorials will begin in Week 2 Course Assessments Assessment Task Weighti Length ng Due Date Participation 10 During tutorial sessions Ongoing Week 15, 7-10 Individual Assignment 15 2000 words maximum Week 5 Team Assignment 25 3000 words report Week 10 and group oral presentation Final Exam 50 TBA During exam period Textbook and Resources All course materials on Moodle including recordings. Michael Whitman and Herbert Mattord (2018). Management of Information Security, 6th edition, Cengage Learning, Boston, MA, USA. Hardcopy: https://www.bookshop.unsw.edu.au/ Digital: https://unswbookshop.vitalsource.com/ Leganto Reading list 4 Addressing myExperience Feedback Issues Resolutions Not muting microphone Mute during lecture. Unmute and turn on video when you wish to speak. Old theories Revisit theories and applications of theories. Incorporate new theories. But please note that fundamental “old” theories can still be very useful. Guest lecture to be organized subject to availability. Guest lectures Low online interaction (student-student, student-LIC) 5 Add Moodle online forum to those students who do not listen to synchronous lectures. You may ask questions after lectures through online forums or during tutorials. Occasional polls to test knowledge. I welcome regular feedback and suggestions for improvement Course Overview Fundamental of IS Security (Weeks 1,2) CLO 1 Risk Management (Weeks 3-5) CLO 2 Data Governance (Weeks 7,8) CLO3 Trends (Week 9) CLO4 Course Learning Outcomes 1. Explain the fundamentals of cybersecurity highlighting both the human and technical elements of cybersecurity 2. Discuss the risk management perspective in managing the cybersecurity protection of modern organisations 3. Discuss the importance of data governance for cybersecurity initiatives 4. Discuss emerging cybersecurity trends 7 Week 1: Fundamentals of Cybersecurity This week you will learn about the following: 1. IS security vs Cybersecurity 2. Interdisciplinary nature of cybersecurity (technical vs nontechnical) 3. Sources of threats 3. Human elements – why? Insider threats 4. In your Week 2 tutorial, you will : 1. Get to know one another in your tutorial 2. Human and non-human elements of cybersecurity 3. Differentiating between insider threats What is Security? Security means being free from danger. To be secure is to be protected from the risk of loss, damage, unwanted modification, or other hazards. Achieving an appropriate level of security for an organization also depends on the implementation of a multilayered system. Security is often achieved by means of several strategies undertaken simultaneously or used in combination with one another It is the role of management to ensure that each strategy is properly planned, organized, staffed, directed, and controlled. 9 What is Information Security? Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction 10 What is Cybersecurity? • Data vs Information Cybersecurity — or computer security — involves a range of practices, processes, and technologies intended to protect devices, networks, programs, and data from attacks and unauthorized access. • Cybersecurity not only secures data, but it also secures the resources and the technologies involved in storing that data 11 Cybersecurity vs. Information Security 1. Definition 2. Domain 3. Process 4. Professionals 5. Protection 12 CYBERSECURITY DISCIPLINES • Interdisciplinary Technical Non-technical Computer engineering Computer science Information systems Information technology Software engineering Psychology Criminology Ethics Business administration Policy Law Human Factors Risk Management 13 STRUCTURE OF CYBERSECURITY DISCIPLINE (ACM) 14 EMERGING SCIENCE Social Cybersecurity – “an emerging scientifc area focused on the science to characterize, understand, and forecast cyber-mediated changes in human behavior, social, cultural, and political outcomes, and to build the cyber-infrastructure needed for society to persist in its essential character in a cyber-mediated information environment under changing conditions, actual or imminent social cyber-threats.” (Beskow et al 2019) 15 16 Employees as “weakest link” Transforming humans from the “weakest link” into a cybersecurity asset via Human Risk Management (HRM) 17 Humans - #1 cause of breaches 85% of data breaches involve the human element 18 Why are employees an Insider Threat? 19 Types of Insider Threats Malicious Insider Negligent Insider Professional Insider Compromised Insider 20 Cyberbiosecurity (Bio-cybersecurity) A new specialty at understanding and mitigating new biological security risks emerging at the interface between biosecurity and cybersecurity. 21 22