This course will provide you with a better understanding of how security principles should be integrated into operations once an application or cyber system has been deployed into production. To begin, we will provide an overview of the cyber threat landscape and discuss general frameworks for conceptualizing intrusions and defenses. Topics include both proactive (e.g., monitoring, patching) and reactive (e.g., incident response) processes, as well as approaches to end-of-life processes such as decommissioning and disposal. As part of the course, you will also learn about the current legislative and regulatory environment within which production systems operate, such as laws governing data privacy and security controls. While we focus primarily on the United States, companies increasingly operate across national boundaries, so we will also discuss relevant international regulations, directives, and agreements. Finally, we will examine risk assessment and risk management as a framework for navigating the economic tradeoffs associated with securing operations.
By the end of the course, students should be able to:
- Identify weaknesses in hypothetical security protocols and recommend improvements
- Summarize the similarities and differences in various approaches to monitoring, patching, and incident response
- Assess the implications of securityrelated policies, laws, and norms on system operations
- Evaluate what changes would be required to comply with proposed new policy requirements
- Structure an analysis of economic impacts associated with best practices and regulatory compliance
Anatomy of an Intrusion, and the Cyber Kill Chain Framework, Defense-in-Depth, Red Teams, Blue Teams, Threat Actors, Legal and Regulatory Environment, Risk Analysis and Economic Decision-Making
J. Sherwood, A. Clark, D. Lynas. 2005. Enterprise Security Architecture: A Business-Driven Approach. San Francisco, CA: CMP Books. D. Clark, T. Berson, and H. S. Lin, editors. 2014. At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues. National Academies Press.
Week 1: Anatomy of an Intrusion, and the Cyber Kill Chain Framework
Week 2: Defense-in-Depth
Week 3: Red Teams
Week 4: Blue Teams
Week 5: Threat Actors
Week 6: Legal and Regulatory Environment
Weeks 7 and 8: Risk Analysis and Economic Decision-Making