363-1070-00L  Cyber Security

SemesterSpring Semester 2018
LecturersS. Frei
Periodicityyearly recurring course
Language of instructionEnglish



Courses

NumberTitleHoursLecturers
363-1070-00 GCyber Security2 hrs
Mon10:15-12:00ML F 39 »
S. Frei

Catalogue data

AbstractThis course provides a solid understanding of the fundamental mechanics and limitations of cyber security to provide guidance for future leaders as well as individuals constituting our society.
Introdution to the concepts, developments, and the current state of affairs in the cyber security domain. We look at the topic from the attackers, defenders and societies perspective.
Learning objectiveUpon completion of this course students understand the essential developments, principles, challenges as well as the the limitations and the state of practice in cyber security from the technological, economic, legal, and social perspective.
The course provides an interdisciplinary overview, guidance, and understanding of the dynamics in cyber security to guide decision making in business and society. Students understand the topics from the attackers, defenders, and societies perspective.
ContentIntroduction
- Brief history of the rise of the Internet from the attackers, defenders, commercial and society perspective
- Learning points from past and current assumptions, approaches, successes, failures, and surprises

Internet Infrastructure
- Establish a high level understanding of the fundamental design principals and functional blocks of the Internet infrastructure
- Understand strengths and weaknesses of present design choices from security perspective
- High level understanding of relevant networking concepts, protocols, software applications, policies, processes & organizations in order to assess these topics
- Establish a functional, high level understanding of relevant aspects of cryptography

Cyber Security & Risk
- Recognize cyber security as an interdisciplinary, highly dynamic, complex and adaptive system where increased interaction and dependencies between physical, communication, and social layers brings fundamentally different (and unpredictable) threats
- Core security assets such as: confidentiality, integrity, availability, authenticity, accountability, non repudiation, privacy
- Dominant players, protocols, and technologies
- Different threat actors along the dimensions attacker goals, resources, approach, and threat

Economics of Cyber Security
Understand security challenges and limitations from an economic, rather than technological perspective
- From security perspective: incentives of industry vs. users, security as a negative externality, zero marginal cost of software, network effect, time to market, lock-in, switching cost, economics of usability, security as a trade-off
- Social and psychological aspects of security

Attacker Capabilities
- Attacker capabilities and the offensive use from technical, economic, organizational, and operational perspective
- Understand common and novel attack and evasion techniques, proliferation of expertise and tools, optimal timing to use zero-day attacks
- Attack types and malware development lifecycle and detection evasion techniques
- Botnets, exploit markets, plausible deniability, distributed denial of service (DDoS)
- Processes and dynamics in the (in)security community, cyber-underground

Defense Options and Limitations
- Functional principles, capabilities, and limitations of diverse protection and detection technologies
- Security effectiveness and evaluation/testing of security technologies
- Trade-off between efficiency and resilience against structurally novel attacks
- Effectiveness baseline security measures
- Know cyber information sources and frameworks

Cyber Security Challenges
- Increasing software complexity and vulnerabilities, the illusion of secure software
- Full disclosure debate, economics of bug bounty programs
- Internet of things, Industry control systems (SCADA/ICS)
- Security and integrity of the supply chain (IoT, Smart-X)
- Social media and mass protests
- Erosion of privacy

Legal Aspects
- Legal aspects of cyber security, compliance, and policies
- Know the fundamental national and international legal and regulatory requirements in connection with cyber security on a cross-sector and sector-specific level
- Understanding of legal risks and measures for risk mitigation

Guest Talks:
- Pascal Gujer - Digital Forensics Expert Kapo Zurich (Cantonal Police Departement Zurich)
- Maxim Salomon - Cyber Security Expert at Roche Diagnostics, "The safety vs. security of cyber physical systems"
- Marc Ruef - Security Expert, "Navigating the Cyber Underground"
- Roger Halbheer - Executive Security Advisor for Microsoft in EMEA
Lecture notesLecture slides will be available on the site of the lecture:

https://www.xyotta.com

Collaboradom: Cyber Security Course 2018
To get access ask freist@ethz.ch for the registration code
LiteraturePaper reading provided during the lectures
Prerequisites / Noticenone

Performance assessment

Performance assessment information (valid until the course unit is held again)
Performance assessment as a semester course
ECTS credits3 credits
ExaminersS. Frei
Typegraded semester performance
Language of examinationEnglish
RepetitionRepetition only possible after re-enrolling for the course unit.

Learning materials

No public learning materials available.
Only public learning materials are listed.

Groups

No information on groups available.

Restrictions

There are no additional restrictions for the registration.

Offered in

ProgrammeSectionType
MAS in Management, Technology, and EconomicsElectivesWInformation
Management, Technology and Economics MasterAdditional Electives CoursesWInformation
Public Policy BachelorElective CoursesWInformation