Credits: 3-0-0-0- [9]
CS 628A or equivalent exposure to an introductory cyber security course and experience with hands-on project development, familiarity with experience with contents of CS 631A or equivalent course on cyber physical systems security would be essential for this course. Exposure to CS 658A or equivalent course on intrusion detection and malware analysis would also be very helpful. Some exposure to practical machine learning or data analytics will be helpful.
Who can take the course: PhD, Masters, 3rd and 4th year UG Students
Proposer: Prof. Sandeep Kumar Shukla
Departments that may be interested: CSE, EE
As we interact with various industry and their needs for cyber security, they often complain that the courses at academic institutions provide students with the fundamentals of cyber security, but the students are often not familiar with the practical issues associated with running a cyber security operation in a real organization. Also, while a lot of the theses at master’s level or dissertation at the PhD level are based on theoretical exploration of techniques, algorithms, or mathematical modeling of cyber security problems, there is a dearth of dissertation and thesis on the practical aspects of running cyber security operations. Having worked very closely with industry, we appreciate such concerns because there are very interesting problems to be solved for practical cyber security which also requires a great deal of fundamental thinking, reasoning, and concerns about human cognition of the inputs the operators and leaders receive from cyber security tools, dashboards, policy formulations but then in the crowd of details, fundamentals are lost, reasoning is replaced by ad hoc decisions. To change that, we need workforce, as well as academics who can abstract out the fundamentals from such practical problems are develop various practically oriented methods, methodologies, policy frameworks, and decision processes which would simplify cyber operations. This course is meant to be a first step towards that line of thinking, modeling, and methodology development.
On completion of this course, a student should be able to: (i) articulate how various aspects of computer science (machine learning, vulnerability assessment and penetration testing, mathematical modeling, cyber security and cyber defense) come together to develop a wholesome cyber operations methodology and practice; (ii) articulate cyber security policy framework and the effect of fine tuning policies on the cyber operations; (iii) develop cyber security risk models and risk driven cyber security control paradigms; (iv) model the effect of cyber security tooling and features on the cognition of cyber threats of cyber operators; (v) advise or articulate how a tool interface, dashboard for operators be better designed for more impact on the operations; (vi) model end-to-end cyber security operation in an organization.
|
Module |
Topic |
No. of 1 hour Lectures |
|
Introduction |
Cyber Security Operations (CyOps), and integration of cyber security operations to software development and operation process (DevSecOps), and integration of relevant operations (MLops, AIops, DevOps)
|
5 |
|
Cyber Operation Planning and Analysis |
Planning of a Cyber Security operation in an IT organization vs an OT/ICS Planning and Risk Analysis |
8 |
|
Incident Detection and Characterization |
Incident Indicators and Incident Detection Analyzing Incidents |
4 |
|
Vulnerability and Consequence Analysis |
Vulnerability Detection Methods and Tools, System Model and Consequence analysis, Threat Intelligence and Threat activation of Vulnerabilities |
6 |
|
Incident Response and Recovery |
Data Analytics support for Incident Response, Backup and Recovery, Recovery from Incident Methods |
4 |
|
Cloud and API security issues |
Cloud Security, Cloud and API security |
5 |
|
Case Studies |
Industrial Case Students |
8 |
|
Total Lecture hours |
|
40 hours |
There is no textbook for such a course yet. Research Papers will be the main sources of study material.
There will be other resources put on the web by the instructor.