Ab 2. November 2020 findet das Herbstsemester 2020 online statt. Ausnahmen: Veranstaltungen, die nur mit Präsenz vor Ort durchführbar sind.
Bitte beachten Sie die per E-Mail kommunizierten Informationen der Dozierenden.

363-1070-00L  Cyber Security

SemesterFrühjahrssemester 2017
DozierendeS. Frei
Periodizitätjährlich wiederkehrende Veranstaltung
LehrspracheEnglisch


KurzbeschreibungThis course provides a solid understanding of the fundamental mechanics and limitations of cyber security to provide guidance for future leaders as well as individuals constituting our society.
Introdution to the concepts, developments, and the current state of affairs in the cyber security domain. We look at the topic from the attackers, defenders and societies perspective.
LernzielUpon completion of this course students understand the essential developments, principles, challenges as well as the the limitations and the state of practice in cyber security from the technological, economic, legal, and social perspective.
The course provides an interdisciplinary overview, guidance, and understanding of the dynamics in cyber security to guide decision making in business and society. Students understand the topics from the attackers, defenders, and societies perspective.
InhaltIntroduction
- Brief history of the rise of the Internet from the attackers, defenders, commercial and society perspective
- Learning points from past and current assumptions, approaches, successes, failures, and surprises

Internet Infrastructure
- Establish a high level understanding of the fundamental design principals and functional blocks of the Internet infrastructure
- Understand strengths and weaknesses of present design choices from security perspective
- High level understanding of relevant networking concepts, protocols, software applications, policies, processes & organizations in order to assess these topics
- Establish a functional, high level understanding of relevant aspects of cryptography

Cyber Security & Risk
- Recognize cyber security as an interdisciplinary, highly dynamic, complex and adaptive system where increased interaction and dependencies between physical, communication, and social layers brings fundamentally different (and unpredictable) threats
- Core security assets such as: confidentiality, integrity, availability, authenticity, accountability, non repudiation, privacy
- Dominant players, protocols, and technologies
- Different threat actors along the dimensions attacker goals, resources, approach, and threat

Economics of Cyber Security
Understand security challenges and limitations from an economic, rather than technological perspective
- From security perspective: incentives of industry vs. users, security as a negative externality, zero marginal cost of software, network effect, time to market, lock-in, switching cost, economics of usability, security as a trade-off
- Social and psychological aspects of security

Attacker Capabilities
- Attacker capabilities and the offensive use from technical, economic, organizational, and operational perspective
- Understand common and novel attack and evasion techniques, proliferation of expertise and tools, optimal timing to use zero-day attacks
- Attack types and malware development lifecycle and detection evasion techniques
- Botnets, exploit markets, plausible deniability, distributed denial of service (DDoS)
- Processes and dynamics in the (in)security community, cyber-underground

Defense Options and Limitations
- Functional principles, capabilities, and limitations of diverse protection and detection technologies
- Security effectiveness and evaluation/testing of security technologies
- Trade-off between efficiency and resilience against structurally novel attacks
- Effectiveness baseline security measures
- Know cyber information sources and frameworks

Cyber Security Challenges
- Increasing software complexity and vulnerabilities, the illusion of secure software
- Full disclosure debate, economics of bug bounty programs
- Internet of things, Industry control systems (SCADA/ICS)
- Security and integrity of the supply chain (IoT, Smart-X)
- Social media and mass protests
- Erosion of privacy

Legal Aspects
- Legal aspects of cyber security, compliance, and policies
- Know the fundamental national and international legal and regulatory requirements in connection with cyber security on a cross-sector and sector-specific level
- Understanding of legal risks and measures for risk mitigation

Guest Talks:
- Pascal Gujer - Digital Forensics Expert Kapo Zurich (Cantonal Police Departement Zurich)
- Marc Ruef - Security Expert, "Navigating the Cyber Underground"
SkriptLecture slides will be available on the site of the lecture:

https://innovwiki.ethz.ch/

Collaboradom: Cyber Security Course 2017
To get access ask freist@ethz.ch for the code
LiteraturPaper reading provided during the lectures
Voraussetzungen / Besonderesnone