[MUSIC] In this unit we will briefly discuss

the facets that make up the subject of information security. At the end of this
unit, you'll be
the position to outline the key knowledge areas that typically make up
the information or cyber security area. As well as the surrounding knowledge
that you may need to engage with as a security professional. Today the scope of
informational cyber
security is still being defined. There are a number of international
efforts that are seeking to determine what should be in the curriculum of a cyber
security undergraduate or masters degree. A major effort is from
the Association of Computer Machinery which has a joint task force
that was launched in 2015, consisting of several
major computing societies. It grew out of the Cyber Educational
Program in the United States. One of the societies that has been looking
into this area for a long time is IFIP, the International Federation for
Information Processing, who have a working group on
information security education. This has been running since 1991 and
its goal is to promote the information security education
an training at the university level and in government and industry. As we saw on
the previous section, the ACM
Joint Task Force defines cybersecurity as a computer based discipline
in evolving technology, people, information, and
processes to enable assured operations. It involves the creation,
operation, analysis and testing of secured computer systems. It is an
interdisciplinary course of
study including aspects of law, policy, human factors, ethics, and risk
management in the context of adversaries. So, what are the knowledge areas
that have been identified? The first is cyber defense, which
includes aspects, such as cryptography, computer security, network security,
and information assurance. We provide an introduction
to these in this course. The next is cyber operations, this covers
cyber attack, and penetration testing. In penetration testing,
we play the attacker, so that we understand what
can be done to a system. We also include here reverse
engineering and cryptanalysis. Next is digital forensics, which includes
hardware and software forensics on hosts and service, mobile devices, right down to
embedded systems, such as set top boxes. Here we are looking to identify
incursions into our systems by attackers. In this area, we also see incident
response, cyber crime, and cyber law enforcement as
part of the curriculum. Cyber physical systems, such as
supervisory control and data acquisition, so called SCADA Systems,
the Internet of Things, and industrial control systems move us out
of the office and into the factory. And this is an essential
part of cyber security, because a lot of value is
created in the factory setting. The next is secure software developments. And this
includes a number of different
factors such as secure systems design, secure coding, deployments and
maintenance to the system. And importantly,
the usability of a secure system. We, of course, wish that all software was
secure and usable, but that, of course, is not the case. Cyber policy, governance
and
law is the next, there are a range of regulations that
apply for cyber systems and operations. And, of course, cyber laws are very
important to us as individuals, as well as the organizations
such as the Data Protection Act. Cyber risk management includes
cyber resiliency and assurance. For example, we need to think
about disaster recovery and business continuity as an organization. How to achieve
this in the face of
an attack, or a failure of a system. In this,
we also have security evaluations. And we need to consider cyber economics as an
integral part of
the curriculum at this point. The last knowledge area is human behaviors
relating to cyber systems and operations. Such as the social
engineering by attackers who use social networks to
infiltrate our organizations. In addition, user experience,
and not organizational behavior, are essential to understanding and
developing secure systems. You can see that information security
is a multi disciplinary study and a professional activity. We're concerned with the
developments and implementation of secure
mechanisms of all types. Technical Organisational Human Legal. [MUSIC]