1
An Overview of Cybersecurity for
Information Systems

Susan D. Urban, Ph.D
Department of Industrial Engineering
Texas Tech University
Lubbock, Texas
susan.urban@ttu.edu
This research was supported by the National Science Foundation (Grant No.1241735). Opinions,
findings, and conclusions/recommendations are those of the authors and do not necessarily reflect
the views of the NSF.
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
2
Cybersecurity for Information Systems
 A core course in the Cybersecurity for Critical
Infrastructure certificate program
 Covers a wide breadth of practices for assuring
information systems security
 Fundamentals of Information Systems Security, by D. Kim
and M. Solomon, Jones & Bartlett, Information Systems
Security & Assurance Series, 2014.

Covers the seven domains of the International
Information Systems Security Certification Consortium
(ISC)2
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
3
Seven Domains of an IT Infrastructure
From Fundamentals of Information Systems Security, D. Kim and E.
Solomon, 2nd Edition, Jones and Bartlett, 2014.
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
4
Topics Covered
 Access Controls
 Security Operations and Administration
 Auditing, Testing, and Monitoring
 Risk, Response, and Recovery
 Cryptography
 Networks and Telecommunications
 Malicious Code and Activity
 IS Standards, Education, Certifications, and Laws
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
5
Additional Topics Covered
 Case Studies
 TJX Case, Maroochy Water Breach, Stuxnet, Other highprofile cases, Current events
 Biometrics
 Legal Issues
 Freedom of Information Act, Einstein NIS, US Patriot Act,
Computer Fraud and Abuse Act
 Compliance Laws
 Federal Information Systems Management Act, GrammLeach –Bliley Act, Sarbannes-Oxley Act, Family
Educational Rights and Privacy Act
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
6
Virtual Security Cloud Lab
 Hands-on lab in a cloud computing environment using
cutting edge technology
 Students can test their skills with realistic security
scenarios that they will encounter in their careers
 The mock IT infrastructure was designed to mimic a
real-world IT infrastructure consisting of the seven
domains of a typical IT infrastructure
 Each lab provides learning objectives, step-by-step
instructions, evaluation criteria, and lab assessment
questions
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
7
VSCL Mock IT Infrastructure
From Fundamentals of Information Systems Security, D. Kim and E. Solomon, 2nd Edition, Jones and Bartlett, 2014.
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
8
VSCL Lab Topics
 Performing Reconnaissance and Probing Using Common
Tools
 Performing a Vulnerability Assessment
 Enabling Windows Active Directory and User Access
Controls
 Using Group Policy Objects and MS Baseline Security
Analyzer for Change Control
 Performing Packet Capture and Traffic Analysis
 Implementing a Business Continuity Plan
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
9
VSCL Topics
 Using Encryption to Enhance Confidentiality and Integrity
 Performing a Website and Database Attack by Exploiting
Identified Vulnerabilities
 Eliminating Threats with a Layered Security Approach
 Implementing an Information Systems Security Policy
 https://www.youtube.com/watch?v=vH6agAr2WKg
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15
10
Assessment Activities
 Exams
 Virtual Cloud Labs
 Lab deliverables and assessment worksheets
 Students present lab deliverables and assessment
 In-class, team-led discussions of case studies and
related topics
 Information systems security policy project
 Graduate research papers and presentations
TTU Faculty Workshop on Cybersecurity for Critical Infrastructure
5/1/15