Cyber Security
University of South Carolina
Columbia
Center for Information Assurance Engineering (CIAE)
http://www.cse.sc.edu/isl
Computer Science and Engineering
1
Who is Impacted by Cyber
Attacks?
Source: http://www.cagle.com/2010/05/internet-privacy/
Ashley Madison adultery site hack: will I be found out?
TheGuardian,
http://www.theguardian.com/world/2015/jul/21/ashley-madison-adultery-site-hack-will-i-be-found-out-what-you-need-to-know
Computer Science and Engineering
3
What can we do?
Computer Science and Engineering
4
Information Assurance Program
At
USC
Computer Science and Engineering
5
Center for Information Assurance
Engineering
Mission
PROMOTE INFORMATION SECURITY AWARENESS
OFFER HIGH QUALITY EDUCATION AND RESEARCH
FOSTER COLLABORATION BETWEEN ACADEMIA,
INDUSTRY AND GOVERNMENT
Computer Science and Engineering
6
IA Education
• IA&S Graduate Certificate Program
• NEW: Cyber Security Studies CS2
• Approved for 2016 Fall
• Meeting National IA Training Standards
• National Center of Academic Excellence in
Information Assurance Education and Research
Computer Science and Engineering
7
What is Cyber Security?
Highly Technical
•
•
•
People, processes, and technology
Legislation and Regulation
Risk management
Understanding Cyber Security
Risk
Cyber Security Threats
• Mobile Malware
• Virtual currencies
• Stealth attacks by state
actors
• Social attack
• New PC and server attacks
• Cloud-based attacks
Source: McAfee Labs
2014 Treats Predictions
dreamsmademe.wordpress.com
Risk Assessment
• Business Policy Decision
• Communication between technical and
administrative employees
• Internal vs. external resources
• Legal and regulatory requirements
• Developing security capabilities
Optimal level of security
at a minimum cost
Cost
Security Investment
0%
Cost of Breaches
Security level
100%
Workforce
• Education
• Certification
• Government initiatives
National Center of Academic
Excellence in
Information Assurance Education
Courses and Faculty
Courses
• CSCE 201 – Introduction to Security
• CSCE 517 – Computer Crime and Forensics
• CSCE 522 – Information Security Principles
• CSCE 557 – Introduction to Cryptography
• CSCE 548 – Secure Software Construction
• CSCE 590 – Penetration Testing
Faculty
 Caroline Eastman
 Csilla Farkas
 Chin-Tser Huang
 Ronni Wilkinson
 Wenyuan Xu
Computer Science and Engineering
13
Undergraduate-Level IA
Specialization
• Majors: CS, CE, CIS + any other USC major
– need necessary prerequisites for CSCE 522
• Courses to take:
– CSCE 522 – Information Security Principles
– 1 additional IA course
– 1 additional course with IA component
Computer Science and Engineering
14
Graduate-Level IA
Specialization
• Majors: CS, CE, CIS, MS, ME, PhD
• Courses to take:
– CSCE 522 – Information Security Principles
– 2 additional IA courses or MS Thesis in IA
Computer Science and Engineering
15
IA&S Certificate Graduate
Program
Admission Requirements
• Baccalaureate degree in computer science, computer
engineering, or a related field
• Admission requirements for graduate study at the Department
of Computer Science and Engineering
http://www.cse.sc.edu/graduate/ias
Meets Industry Certification
• Security +
• CISSP
Computer Science and Engineering
16
Proposed Cyber Security
Studies Graduate Certificate
• Core Courses:
– CSCE 522 – Information Systems Security Principles (3 credit hours)
– CSCE 715– Network Security (3 credit hours)
• Elective Courses (6 credits of the following)
– CSCE 517 – Computer Crime and Forensics (3 credit hours)
– CSCE 557 – Introduction to Cryptography (3 credit hours)
– CSCE 548 – Secure Software Construction (3 credit hours)
– CSCE 727 – Information Warfare (3 credit hours)
– CSCE 813 – Internet Security (3 credit hours)
– CSCE 814 - Distributed Systems Security (3 credits)
– CSCE 824 – Secure Databases (3 credit hours)
– CSCE 798 – Directed Study and Research (max. 3 credit hours)
Computer Science and Engineering
17
Global IA Workforce
Trends
• A Frost & Sullivan Market Survey Sponsored
by International Information Systems
Security Certification Consortium (ISC)2®
• Prepared by Robert Ayoub, CISSP, Global
Program Director, Information Security
• Electronic survey, conducted through a Webbased portal
18
Computer Science and Engineering
18
Demand for IA
Workforce
• Worldwide:
– 2010: 2.28 million
– 2015: 4.24 million (projected)
– Compound Annual Growth Rate: 13.2%
• Americas:
– 2010: 920,845
– 2015: 1,785,236
– Compound Annual Growth Rate: 14.2%
Computer Science and Engineering
Information Warfare - Farkas
19
19
Salary
• 2011 Annual salary(ISC)2® Member/nonmember
• Worldwide: $98,600/$78,500
• Americas: $106,900/$92,900
20
Computer Science and Engineering
20
IA Jobs
• Job market
– Civil (Join Information Systems Security Association, ISSA,
https://www.issa.org/ )
– Government (Internship available at USC-UTS, and SC Dept.
of Probation, Parole, and Pardon Services)
– Military (Internship available at SPAWAR, Charleston)
• Education and training requirements (B.S. degree,
certification, hands-on experiments)
• Salary
• FUN
Computer Science and Engineering
21
IA Research
Csilla Farkas (since 2000)
http://www.cse.sc.edu/~farkas
Application layer
Web data and application (WS & SOA) security,
Access Control Policies, SCADA software reliability,
economic and social impact of cyber attacks
Transport layer
Chin-Tser Huang (since 2003)
http://www.cse.sc.edu/~huangct
Intrusion detection, wireless security, distributed systems
network security, network protocol design and verification
Wenyuan Xu (since 2007)
http://www.cse.sc.edu/~wyxu
Wireless networking and security, sensor networks, network security
and privacy, jamming detection and avoidance
Computer Science and Engineering
22
Internet layer
Network
Interface
Contact Information
Center for Information Assurance Engineering
Department of Computer Science and Engineering
http://www.cse.sc.edu/
Computer Science and Engineering
23