Uploaded by ghtmpqozafutewheyx

INFS2701 Week 1 (1)

advertisement
INFS2701 Week 1
Fundamentals of Cybersecurity
Part 1
INTRODUCTION
Lesley Land
• Education (BSc UCL, MSc Brunel)
• Academic at UWA (1990-1993), UNSW since (1993- ).
1
Staff Details
Tutorial Capacity Day/Times Venue
Matt 211
T09A 11/23
Tue 9-11
• Lesley (l.land@unsw.edu.au) LIC
T11A
23/23
Tue 11-1
Matt 211
T14A
23/23
Tue 2-4
Matt 211
• Kevin Kuan (Co-Lecturer)
T16A
7/15
Tue 4-6
Online
W13A
23/23
Wed1-3
Matt 211
W16A
24/24
Wed4-6
Matt 211
Teaching times and locations
• Week 1–5, 7- 10: Monday, 9-11 am, Online (recorded)
• Week 6: Flexibility week no scheduled class
Consultation times
• During teaching weeks (2-5, 7-10), Monday 11am–1pm.
• Please email me for an appointment prior.
• Tutorials will begin in Week 2
Course Assessments
Assessment Task
Weighti Length
ng
Due Date
Participation
10
During tutorial
sessions
Ongoing Week 15, 7-10
Individual Assignment 15
2000 words
maximum
Week 5
Team Assignment
25
3000 words report Week 10
and group oral
presentation
Final Exam
50
TBA
During exam
period
Textbook and Resources
All course materials on Moodle including
recordings.
Michael Whitman and Herbert Mattord (2018).
Management of Information Security, 6th
edition, Cengage Learning, Boston, MA, USA.
Hardcopy: https://www.bookshop.unsw.edu.au/
Digital: https://unswbookshop.vitalsource.com/
Leganto Reading list
4
Addressing myExperience Feedback
Issues
Resolutions
Not muting microphone
Mute during lecture. Unmute and turn on video when you
wish to speak.
Old theories
Revisit theories and applications of theories. Incorporate
new theories. But please note that fundamental “old”
theories can still be very useful.
Guest lecture to be organized subject to availability.
Guest lectures
Low online interaction (student-student,
student-LIC)
5
Add Moodle online forum to those students who do not
listen to synchronous lectures. You may ask questions after
lectures through online forums or during tutorials.
Occasional polls to test knowledge.
I welcome regular feedback and suggestions for
improvement
Course Overview
Fundamental
of IS Security
(Weeks 1,2)
CLO 1
Risk
Management
(Weeks 3-5)
CLO 2
Data
Governance
(Weeks 7,8)
CLO3
Trends
(Week 9)
CLO4
Course Learning Outcomes
1. Explain the fundamentals of cybersecurity highlighting both the
human and technical elements of cybersecurity
2. Discuss the risk management perspective in managing the
cybersecurity protection of modern organisations
3. Discuss the importance of data governance for cybersecurity
initiatives
4. Discuss emerging cybersecurity trends
7
Week 1: Fundamentals of Cybersecurity
This week you will learn about the following:
1. IS security vs Cybersecurity
2. Interdisciplinary nature of cybersecurity (technical vs nontechnical)
3. Sources of threats
3. Human elements – why? Insider threats
4. In your Week 2 tutorial, you will :
1. Get to know one another in your tutorial
2. Human and non-human elements of cybersecurity
3. Differentiating between insider threats
What is Security?
Security means being free from danger. To be secure is to be
protected from the risk of loss, damage, unwanted modification, or
other hazards.
Achieving an appropriate level of security for an organization also
depends on the implementation of a multilayered system.
Security is often achieved by means of several strategies undertaken
simultaneously or used in combination with one another
It is the role of management to ensure that each strategy is properly
planned, organized, staffed, directed, and controlled.
9
What is Information Security?
Protecting information and information systems
from unauthorized access, use, disclosure,
disruption, modification, or destruction
10
What is Cybersecurity?
• Data vs Information
Cybersecurity — or computer security — involves a
range of practices, processes, and technologies
intended to protect devices, networks, programs, and
data from attacks and unauthorized access.
• Cybersecurity not only secures data, but it also
secures the resources and the technologies involved
in storing that data
11
Cybersecurity vs. Information Security
1. Definition
2. Domain
3. Process
4. Professionals
5. Protection
12
CYBERSECURITY DISCIPLINES
• Interdisciplinary
Technical
Non-technical
Computer engineering
Computer science
Information systems
Information technology
Software engineering
Psychology
Criminology
Ethics
Business administration
Policy
Law
Human Factors
Risk Management
13
STRUCTURE OF CYBERSECURITY
DISCIPLINE (ACM)
14
EMERGING SCIENCE
Social Cybersecurity – “an emerging scientifc area
focused on the science to characterize, understand,
and forecast cyber-mediated changes in human
behavior, social, cultural, and political outcomes, and
to build the cyber-infrastructure needed for society to
persist in its essential character in a cyber-mediated
information environment under changing conditions,
actual or imminent social cyber-threats.” (Beskow et al
2019)
15
16
Employees as “weakest link”
Transforming humans from the “weakest link”
into a cybersecurity asset via Human Risk
Management (HRM)
17
Humans - #1 cause of breaches
85% of data breaches involve the human element
18
Why are employees an Insider Threat?
19
Types of Insider Threats
Malicious Insider
Negligent Insider
Professional Insider
Compromised Insider
20
Cyberbiosecurity
(Bio-cybersecurity)
A new specialty at
understanding and
mitigating new
biological security
risks emerging at the
interface between
biosecurity and
cybersecurity.
21
22
Download