Professor Jill Slay
Australian Centre for Cyber Security
School of Engineering and IT
Training the Cyber Warrior
Agenda
• With the heightened focus on cyber operations this presentation
looks at the issues concerned in training the ‘ c...
Australian Centre for Cyber Security –
launched this week
• UNSW Canberra has been allocated strategic funds for
the perio...
Australian Centre for Cyber Security –
launched this week
• Incorporating existing cross-disciplinary research across
Law,...
Australian Centre for Cyber Security –
launched this week
• Developing and building on research linkages within the
cyber ...
Information Security v Cyber Defence
• The Civilian Perspective
• The traditional University Perspective
• The Israeli exp...
The Civilian Perspective (expanded from CISSP © BOK)
• Engineering, CS, IS, maths, OR, AI, legal, psychological, political...
The Civilian Perspective (expanded from CISSP © BOK)
Security Architecture and Design – contains the concepts, principles,...
Traditional University Perspective
• Some BIT degrees with a speciality in IT or NW Security
• Many others teach one or tw...
Perspective from Israel
• Cyber Defence is totally different to Information Security
• http://www.rafael.co.il/Marketing/5...
UNSW Canberra@ ADFA
• Undergraduate Education
• Postgraduate Education
• Short Courses
• Postgraduate Research
Cyber warrior ?
• “There is an industry-based and social need to teach Information Assurance
in disciplines other than Com...
Cyber warrior ?
“Law: national and international, Computer, Criminal, and Civil
Social Science: Socio-political issues (pr...
Introduction to Cyber Security
• What is cyber-security?
• The context of the contemporary cyber-security debate
• Laws, R...
Beyond the Undergraduate
• Short courses- taught by the community for the community
• Master of Cyber Security Operations
...
Upcoming SlideShare
Loading in …5
×

Prof. Jill Slay - Australian Defence Force Academy University of New South Wales - Educating the cyber warrior

953 views
699 views

Published on

Prof. Jill Slay delivered the presentation at the 2014 ADM Cyber Security Summit.

The 2014 ADM Cyber Security Summit focused on “Combatting Emerging and increasingly sophisticated cyber threats” both domestically and internationally, and showcased relevant organisational case studies and supporting research from academia.

For more information about the event, please visit: http://www.informa.com.au/cybersecuritysummit14

Published in: Business, Technology

Prof. Jill Slay - Australian Defence Force Academy University of New South Wales - Educating the cyber warrior

  1. 1. Professor Jill Slay Australian Centre for Cyber Security School of Engineering and IT Training the Cyber Warrior
  2. 2. Agenda • With the heightened focus on cyber operations this presentation looks at the issues concerned in training the ‘ cyber warrior’. • Australian Centre for Cyber Security • UNSW@ADFA and beyond • ZINT 2100 Introduction to Cyber Security • Short courses • Masters degrees: • Cyber Security Operations, • Cyber Security • Cyber Security (Digital Forensics) • Professional Doctorates and PhDs
  3. 3. Australian Centre for Cyber Security – launched this week • UNSW Canberra has been allocated strategic funds for the period 2015 – 2020 to stand up The Australian Centre for Cyber Security. • The Centre provides multidisciplinary, long-term, international thought leadership in cyber security through research, education and external engagement at a time when cyber security has moved to the top of political, scholarly and commercial agendas globally.
  4. 4. Australian Centre for Cyber Security – launched this week • Incorporating existing cross-disciplinary research across Law, Business, Political Science, Computer Science, Engineering and Information Systems (current membership is about 50 academic staff), achieving a critical mass of research activity in cyber security ; • Hiring, retaining and fostering up to 10 new leading, internationally recognized research staff in cyber security (at a broad range of academic levels and across a range of disciplines) providing a cutting-edge and truly interdisciplinary research environment;
  5. 5. Australian Centre for Cyber Security – launched this week • Developing and building on research linkages within the cyber industry, both domestically and internationally; • Being a source of thought leadership and expertise across a range of relevant communities (political, cyber industry, defence, academic, individual and organizational users, and media); • Being a significant contributor to (and promoter of) public debate about cyber security; • Cyber Test range: purchased from Northrop Grumman but also supported by range of vendors and advisers.
  6. 6. Information Security v Cyber Defence • The Civilian Perspective • The traditional University Perspective • The Israeli experience • A way forward
  7. 7. The Civilian Perspective (expanded from CISSP © BOK) • Engineering, CS, IS, maths, OR, AI, legal, psychological, political, business or sociological or other teaching / learning and research approaches that can be applied to: • Access Control – a collection of mechanisms that work together to create security architecture to protect the assets of the information system. • Telecommunications and Network Security – discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality. • Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines. • Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development. • Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.
  8. 8. The Civilian Perspective (expanded from CISSP © BOK) Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability. Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources. Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence. Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. Information Warfare; Electronic Warfare Political issues in Cyber Security Human Factors Psychology of acceptance of security; Economics of Security Critical Infrastructure and especially process control systems IS Security – Human and Business Issues Cyber Security and Culture National Security / Cyber Security nexus Cyber security / Intelligence nexus Privacy
  9. 9. Traditional University Perspective • Some BIT degrees with a speciality in IT or NW Security • Many others teach one or two courses in CS curriculum • new IEEE ACM curriculum requires this • Teach theory and formal security models with growing emphasis on what hackers do and how they do it • Always an ethical issue • But most use VMs and Metasploit or equivalent • Except one or two who teach security throughout the CS curriculum – Ass Prof Richard Buckland!
  10. 10. Perspective from Israel • Cyber Defence is totally different to Information Security • http://www.rafael.co.il/Marketing/556-1967-en/Marketing.aspx
  11. 11. UNSW Canberra@ ADFA • Undergraduate Education • Postgraduate Education • Short Courses • Postgraduate Research
  12. 12. Cyber warrior ? • “There is an industry-based and social need to teach Information Assurance in disciplines other than Computer Science or Software Engineering. • This curriculum can assume no technical prerequisites but does assume that the student comes from a background which is language rich and where knowledge will be applied in a social or business and commercial context. • This kind of approach would bring a richness to a field which is often ostrich-like in burying itself away from the social, legal, ethical and political outcomes of technology development and dependence which is currently inherent in our IEEE/ ACS/ ACM technically compliant approach.”
  13. 13. Cyber warrior ? “Law: national and international, Computer, Criminal, and Civil Social Science: Socio-political issues (privacy, encryption, surveillance), Activism, Hacktivism, Cyberterrorism and Cyber-warfare, Socio- psychological impacts of computing Physical Security Fundamentals of Cyber-crime Ethics, Values and Moral Decision Making Current Issues in Security Advanced Security Risk Management This curriculum would be appropriate to industry and to the protection of the Australian National Infrastructure. “ Slay, J 2005, ‘Developing the Cross-Disciplinary Nature of Information Assurance in the Undergraduate Curriculum’, in Proceedings of the 9th Colloquium for Information Systems Security Education, Atlanta June 7th 2005.
  14. 14. Introduction to Cyber Security • What is cyber-security? • The context of the contemporary cyber-security debate • Laws, Rules and Ethics of Cyber-security • Cultural Contexts of Cyber-security • Hard Cases for Cyber-security • Technical issues • Social Engineering • NW Security And 24 hours per student of practical in a Cyber Range!
  15. 15. Beyond the Undergraduate • Short courses- taught by the community for the community • Master of Cyber Security Operations • For the manager • Computer Defence • Risk • Acquisition • Master of Cyber Security • For the IT graduate • CNO • Cyber Kill Chain • Professional Doctorate • PhD

×