Cyber Security Education 2.0:Minding the Gap for Computational Sovereignty in Computational Sovereignty in Norway and the Nordic’s

Professor Dr. Stewart KowalskiInformation Security Vice Dean of EducationFaculty of Computer and Media TechnologyNorwegian Information Security Lab (NISlab)Center for Cyber and Information Security

2

Education your Stairway to Heavenly Security

(2016/2017)

PhD in Information Security

Cisco Lab & Cyber range

Information Security Management Group

Bachelor in IT-Operations and Information Security (BITSEC)

Master in Information Security (MIS)

- Cybersecurity

- Forensics

- Information Security Management

Experienced Based Master in Information Security (MISEB)

Forensic Lab

Biometris Lab

3

NISLAB STUDY PROGRAMS

100

120

140

160142

108

Bachelor IT-Operations and Security (BISTSEC – merged Program 2016/17)*

Master Information Security (MIS) * Experienced Based Master Information

Security (MISEB) ** PhD Information Security (PhD-IS)*

0

20

40

60

80

100

BITSEC MIS MISEB PIS

1622

Number of Students

* Status intake 2015** 1st /2nd year only

(PhD-IS(PhD-IS

Norwegian Information Security Laboratory

(Practical Models vs Theoretical Models for Education Systems)

Find NTNU in the school of Athens?

Find HIG, NISlab, MTL, CCIS in the School of Athens

https://www.youtube.com/watch?v=uOrG6jfBzEU

A Systemic Gap

7

WHY IS THERE SUCH A GAP“AS CHANGE IN QUANTITY = CHANGE IN KIND”“COMPUTATION AS A COMMODITY” A NEW GAP

8

PROBLEM 1 CYBER SECURITY ANDCOMPUTATIONAL SOVEREIGNTY

Computation and IT Technology research and development, adoption and implementation is driven to a large extent by “hype” and security and privacy issues and legal constraints are neither thought about or taught correctly!

9

EXAMPLE GARTNERS SECURITY HYPE CURVES 2003

10PROBLEM 1 CYBER SECURITY ANDCOMPUTATIONAL SOVEREIGNTY

Computation and IT Technology research and development, adoption and implementation is driven to a large extent by “hype” and security and privacy issues and legal constraints are neither thought about or taught correctly!

Do you want to buy a parachute?

What ???????We need to make this thing a light as possiblle!

11

PROBLEM 1

Computer and Media Technology research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly correctly!

http://ca.news.yahoo.com/blogs/good-news/airplane-recovery-parachute-saves-three-lives-connecticut-crash-171749029.html

:Problem: A GAP in our Society between

Hypothesis: It is SystemicThere is always a control GAP with new technology !

13The idea of these lunch seminars is to create an informal setting, where a topic is presented during the first 15-20 minutes, and where the remaining time is set aside for discussion.

A 100,000,000 Reason to propose a Nordic Executive Masters in Business AdministrationSecurity & Privacy Technology and Law?

Computer World May 8th 2015

14The idea of these lunch seminars is to create an informal setting, where a topic is presented during the first 15-20 minutes, and where the remaining time is set aside for discussion.

Conceptual Socio-Technical Model of Nordic Executive MBA in Security Technology, Privacy and Law

15THE FIRST SWEDISH DOT

Swedish information security university education begain with the forming of IFIP TC 11 in 1983.

15

16

DETAILS OF THE FRAMEWORK

Context, geographical/space and time bound "system point"

Design/architecture

Theory/model

Process-Store- Communicate- Collect-Display

Technical Aspects Non-Technical Aspects

Theory/model

Physical constructionOperational

Administrative Managerial

Legal Ethical

Content subject areas

Systemic module - an epistemological device, - meta-science, and - criteria for control

16

Cyber Security Education 1.0

https://oldplay.dsv.su.se/hypercaster/3762/width=640/height=360/link.js

20Mapping to NIST NICE

21

Sept 2015

22

23MIND THE GAP “IS IT A THREE BODY PROBLEM?”

EXECUTIVE MBASECURITY & PRIVACY TECHNOLOGY AND LAW

Business

Technologies and Innovation Legal Informatics

Security and PrivacyManagement Governance

Public & PrivateSectors

24

FUTURE COMMON PROJECTS: EDUCATION

NordSecMob:

Dual Degreewith

Concordia University,

Canada (Autumn

Bachelor in IT-Operations

and Security

PhD in Information

Security

Norwegian MOOC

Common Body of Knowledge

Cyber Security and Privacy

Nordic Master: InfoSec Mgmt

& Privacy (Spring 2017)

NordSecMob: Nordic Master in Security &

Mobile Computing

(Autumn2016)

Master in Information

Security

Bachelor/Master Information

Security Introduction

Courses

Experience

Based

Masters

Police/Cyber

Defense

25

NISlab hosts COINS: Norway’sSecurity PhD Student Network

– Networking (Security Divas, SWITS, NordSec, NISK)Support students with travel grants

– Finse winter school (FRISC/COINS); Metochi summer school– Ph.D. student seminar (autumn): Ca. 30%-40% of students

plus Swedish/European partner network and invited speaker– Capture the flag team: International visibility of Norwegian

applied IT security– Increased visibility: Attract more and better candidates for – Increased visibility: Attract more and better candidates for

positions

26

END-TO-END SECURITY RESEARCH AND EDUCATION

Div

isio

ns/

Div

isio

ns/

Sci

enc

eA

ndE

ngin

eeringTech

nolo

gy/

Docu

me

nts

/Co

yl

NTNU NISlab CCIS NORSIS http://w

ww

.ndia

.org

/Div

isio

ns

eA

ndE

ngin

eeringTech

nolo

gy

e%

20N

DIA

.pdf

NORSIS

27

NISlab hosts CCIS: Norway’s most important Partner Network in Security

28

PLEASE JOIN US