A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A...
Transcript of A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A...
![Page 1: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/1.jpg)
A Taxonomy and a Knowledge Portal for Cybersecurity
David Klaper
Adviser: Eduard Hovy
19.06.2014 DG.O 2014 1
![Page 2: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/2.jpg)
Outline
• Why Cybersecurity Education for Smart Governments?
• Taxonomy:
– Technical Aspects
– Impact of Cybercrime
• Knowledge Portal
• Conclusion
19.06.2014 DG.O 2014 2
![Page 3: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/3.jpg)
Smart Government
• Improve efficiency by offering services online
• Provide important data online
• Provide statistical information
• Provide reliable press releases
• Allow personnel remote access to network
• …
19.06.2014 DG.O 2014 3
![Page 4: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/4.jpg)
Cyber Threats
• Disruption of service
• Misinformation
• Data Theft
• All destroy trust in smart government
• Prevention requires all involved to know risks
19.06.2014 DG.O 2014 4
![Page 5: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/5.jpg)
Mitigation
• Effective training to prevent such threats requires understanding
• Understanding needs mental model developed by carefully structured training
• Cybersecurity field and teaching fragmented
• Most training relies on simple checklists with unrelated points.
19.06.2014 DG.O 2014 5
![Page 6: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/6.jpg)
Cyber Defense
• Cybersecurity commercialized early
– Focus on tools not people
– Specialization and fragmentation
• Nobody knows how to instruct laymen
– In a way that makes ‘intuitive sense’ to them
• Organize overview of cybersecurity
– Taxonomy as first step to mental model
19.06.2014 DG.O 2014 6
![Page 7: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/7.jpg)
Taxonomy
• Topics of cybersecurity
• Each concept has brief description and possibly external references
• Organized as a hierarchy of concepts
19.06.2014 DG.O 2014 7
![Page 8: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/8.jpg)
Example Concept
• Description, Cross-links, Resources
19.06.2014 DG.O 2014 8
![Page 9: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/9.jpg)
Taxonomy Overview
• High Level Map of concepts
• Provides quick navigation
19.06.2014 DG.O 2014 9
Technical Aspects
Impact of Cybercrime
![Page 10: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/10.jpg)
Technical Aspects of Cybersecurity
• Focus on research
• Present various important areas of cybersecurity
• Fairly detailed, well developed
19.06.2014 DG.O 2014 10
![Page 11: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/11.jpg)
Example Goal for Related Training Unit
Authentication and Authorization
19.06.2014 DG.O 2014 11
• Types of Authentication
• Advantages of multi-factor authentication
• Principle of least privileges
• Understand why you should never give your credentials to your co-workers
![Page 12: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/12.jpg)
Example Goal for Related Training Unit
Intrusion Detection
19.06.2014 DG.O 2014 12
• Types of Malware: Virus vs. Trojan …
• Self-replication and Hiding
• Paths of infection: Internet, E-mail, USB
• Understand why just removing the symptoms of a virus is dangerous
![Page 13: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/13.jpg)
Example Goal for Related Training Unit
Cryptography
19.06.2014 DG.O 2014 13
• Private-key and public-key cryptography
• SSL Certificates and their implications
• Understand what the lock in your internet browser actually means
![Page 14: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/14.jpg)
Taxonomy as Starting Point
• Provides links for further inquiry
• Taxonomy serves as starting point for finding out what you want to know more about
• Provide abstract of linked papers to allow user judging whether the link is interesting
19.06.2014 DG.O 2014 14
![Page 15: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/15.jpg)
Extracted Abstract
19.06.2014 DG.O 2014 15
![Page 16: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/16.jpg)
Impact of Cybercrime
• Look at aspects beyond technology
• Cybersecurity has considerable influence on other areas, such as education or investments
• Less materials, less detailed
19.06.2014 DG.O 2014 16
![Page 17: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/17.jpg)
Example Goal for Related Training Unit
Economic Impact
19.06.2014 DG.O 2014 17
• Estimated costs of cybercrime
• Costs of prevention
• “We estimate that the likely annual cost to the global
economy from cybercrime is more than $400 billion” (McAfee, Net Losses: Estimating the Global Cost of Cybercrime, June 2014.)
• Understand the cost of recovering from an attack that you can help prevent
![Page 18: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/18.jpg)
Example Goal for Related Training Unit
Policy and Law
19.06.2014 DG.O 2014 18
• Cybercrime laws and their effects
• Data protection regulations (e.g. HIPAA)
• International (e.g. Council of Europe ETS 185)
• Understand why you could become a criminal if you are clueless about cybersecurity
![Page 19: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/19.jpg)
Example Goal for Related Training Unit
Education
19.06.2014 DG.O 2014 19
• Education initiatives at different levels
• Online resources for further information
• Learn about where you can find further information and materials to train your team
![Page 20: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/20.jpg)
Knowledge Portal
• Comment on cybercrime and cybersecurity issues of websites
• Write comments through Chrome browser plugin
• Discuss others’ comments
• Provides situational knowledge
19.06.2014 DG.O 2014 20
![Page 21: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/21.jpg)
Short Demo
19.06.2014 DG.O 2014 21
![Page 22: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/22.jpg)
Linking Knowledge
• Link the situational knowledge to taxonomy
• Taxonomy provides background knowledge
• Encourage users to learn more about issues
19.06.2014 DG.O 2014 26
![Page 23: A Taxonomy and a Knowledge Portal for Cybersecuritydklaper/files/dgoDKlaper.pdf · 2014-07-07 · A Taxonomy and a Knowledge Portal for Cybersecurity David Klaper Adviser: Eduard](https://reader034.fdocuments.in/reader034/viewer/2022042302/5eccf9597f03df4e9b7be57d/html5/thumbnails/23.jpg)
Conclusion
• Cybersecurity for smart government
– Requires training of staff
• Taxonomy http://www.cs.cmu.edu/~dklaper/cybersecurity/website/
• Knowledge portal http://erie.lti.cs.cmu.edu
19.06.2014 DG.O 2014 27