An Introduction to Cybersecurity
Warren T. Jones, Ph.D., P.E.
Course Outline
This 4 hour online course discusses the meaning of cybersecurity, the basics of computing and communications technology that provide vulnerabilities, the nature of adversarial activities in cyberspace and approaches to improving security. This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course materials.
This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course content.
Learning Objectives
At the conclusion of this course, the student will:
Intended Audience
This course is intended for all engineers, architects and land surveyors.
Benefit to Attendee
Attendee of this course will be made aware of the increasing importance and vulnerability of IT systems in all organizations, approaches to improving security and sources for additional information on cybersecurity.
Course Introduction
Former U.S. Defense Secretary Leon Panetta has repeatedly warned of a “Perl Harbor” referring to what he terms huge vulnerability of the U.S. to cyberattacks by China. Control systems of multiple U.S. artificial satellites used for air traffic control and global positioning systems have experienced waves of cyberattacks.
Cybersecurity issues arise because of three factors taken together – the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the inevitable presence of vulnerabilities in IT systems that are accessible to malevolent actors. However, despite these factors, we still expect information technologies to do what they are supposed to do and only when they are supposed to do it, and to never do things that they are not supposed to do. Fulfilling this expectation is the purpose of cybersecurity.
Cybersecurity is a complex subject whose understanding requires knowledge and expertise from multiple disciplines, including but not limited to computer science and information technology, psychology, economics, organizational behavior, political science, engineering, sociology, decision sciences, international relations and law. Although technical measures are an important element, cybersecurity is not primarily a technical matter, although it is easy for policy analysts and others to get lost in the technical details. Furthermore, what is known about cybersecurity is often “siloed” along disciplinary lines, reducing the insights available from cross-fertilization.
The cybersecurity problem will never be solved once and for all. Solutions to the problem, limited in scope and longevity though they may be, are at least as much nontechnical as technical in nature.
Course Content
You are required to study Sections 1.1 through 4.3 of the 2014 National Research Council Report entitled “At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues”.
This report can be downloaded as a PDF file by clicking:At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues
Please click on the above underlined hypertext to view, download or print the document for your study. Because of the file size, we recommend that you first save the file to your computer by right-clicking the mouse and choosing "Save Target As ...", and then open the file in Adobe Acrobat Reader from your computer.
Course Summary
Cybersecurity is a complex subject whose understanding requires knowledge and expertise from multiple disciplines, including but not limited to computer science and information technology, psychology, economics, organizational behavior, political science, engineering, sociology, decision sciences, international relations, and law. In practice, although technical measures are an important element, cybersecurity is not primarily a technical matter, although it is easy for policy analysts and others to get lost in the technical details. Furthermore, what is known about cybersecurity is often “siloed” along disciplinary lines, reducing the insights available from cross-fertilization. The report in this course seeks to illuminate some of these connections and serve as a primer for the subject.
Additional Information
For additional technical information related to this subject, please see below:
Books
Mowbray, Thomas J., “Cybersecurity: Managing Systems, Conducting Testing and Investigating Intrusions”, Wiley, 2013
Shoemaker, Dan and Wm Arthur Conklin, “Cybersecurity: The Essential Body of Knowledge”, Cengage Learning, 2011.
Hasib, Mansur,” Cybersecurity Leadership: Powering the Modern Organization”, CreateSpace Independent Publishing Platform, 2014.
Singer, P.W. and Allan Friedman, “Cybersecurity and Cyberwar: What Everyone Needs to Know”, Oxford University Press, 2014.
Macaulay, Tyson and Bryan L. Singer,”Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI and SIS”, Auerbach Publications, 2011.
Knapp, Eric D. and Raj Samani, “Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure”, Syngress, 2013.
Organizations with Cybersecurity Resources
IEEE Computer Society – This society sponsors conferences and workshops at various times that relate to cybersecurity. Current information and schedules can be found by browsing this site.
Association for Computing Machinery - This association sponsors conferences and workshops at various times that relate to cybersecurity. Current information and schedules can be found by browsing this site.
The Internet Security Alliance (ISA) - Structured as a multi-sector trade association, it combines the thought leadership that might be found in a “think tank” with advocacy one would expect from a trade organization and operational security programs that might be found in a professional association.
InfraGuard – This is a partnership between the FBI and the private sector dedicated to the sharing information and intelligence to prevent hostile acts against the U.S.
Reports
See additional National Research Council reports published by National Academy Press listed at the end of the report in this course.
Websites
Homeland Security – the official website of the U.S. Department of Homeland Security. This link connects to the Cybersecurity page which contains information on the topics: Cybersecurity Overview, Secure Cyber Networks, Cybersecurity Results, Cybersecurity and Privacy, Combat Cyber Crime, What You Can Do and How to Secure Your Web Browser.
UAB Center for Information Assurance and Joint Forensics Research - This multidisciplinary research center has a broad focus on Information Assurance and how our modern connected society impacts that information.
Auburn University Cyber Research Center – The mission of this Center is to be a nationally recognized leader in all forms of software engineering with emphasis on secure systems, mobile and embedded systems, wireless systems and systems that interact directly with people for both civilian and military applications.
National Cybersecurity Center of Excellence (NCCoE) – The Center is a partnership among the National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. It is dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions.
National Initiative for Cybersecurity Education (NICE) – the goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use.
Cybersecurity Resources – a collection of websites that are related to cybersecurity.
Framework for Improving Critical Infrastructure Cybersecurity – This Framework, created by the National Institute of Standards and Technology (NIST), through collaboration between industry and government, consists of standards, guidelines and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
The Internet Security Alliance (ISA) – structured as a multi-sector trade organization, it combines the thought leadership that might be found in a “think tank” with advocacy one would expect from a trade organization and operational security programs that might be found in a professional trade association.
InfraGuard – a partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
Journals and Magazines
International Journal of Cyber-Security and Digital Forensics (IJCSDF) – This is an open access journal which means that all content is freely available without charge to the user or his/her institution. Users are allowed to read, download, copy, distribute, print, search or link to the full texts of the articles in this journal without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open access.
Quiz
Once you finish studying the above course content, you need to take a quiz to obtain the PDH credits.