363-1070-00L Cyber Security
Semester | Spring Semester 2018 |
Lecturers | S. Frei |
Periodicity | yearly recurring course |
Language of instruction | English |
Courses
Number | Title | Hours | Lecturers | ||||
---|---|---|---|---|---|---|---|
363-1070-00 G | Cyber Security | 2 hrs |
| S. Frei |
Catalogue data
Abstract | This course provides a solid understanding of the fundamental mechanics and limitations of cyber security to provide guidance for future leaders as well as individuals constituting our society. Introdution to the concepts, developments, and the current state of affairs in the cyber security domain. We look at the topic from the attackers, defenders and societies perspective. |
Learning objective | Upon completion of this course students understand the essential developments, principles, challenges as well as the the limitations and the state of practice in cyber security from the technological, economic, legal, and social perspective. The course provides an interdisciplinary overview, guidance, and understanding of the dynamics in cyber security to guide decision making in business and society. Students understand the topics from the attackers, defenders, and societies perspective. |
Content | Introduction - Brief history of the rise of the Internet from the attackers, defenders, commercial and society perspective - Learning points from past and current assumptions, approaches, successes, failures, and surprises Internet Infrastructure - Establish a high level understanding of the fundamental design principals and functional blocks of the Internet infrastructure - Understand strengths and weaknesses of present design choices from security perspective - High level understanding of relevant networking concepts, protocols, software applications, policies, processes & organizations in order to assess these topics - Establish a functional, high level understanding of relevant aspects of cryptography Cyber Security & Risk - Recognize cyber security as an interdisciplinary, highly dynamic, complex and adaptive system where increased interaction and dependencies between physical, communication, and social layers brings fundamentally different (and unpredictable) threats - Core security assets such as: confidentiality, integrity, availability, authenticity, accountability, non repudiation, privacy - Dominant players, protocols, and technologies - Different threat actors along the dimensions attacker goals, resources, approach, and threat Economics of Cyber Security Understand security challenges and limitations from an economic, rather than technological perspective - From security perspective: incentives of industry vs. users, security as a negative externality, zero marginal cost of software, network effect, time to market, lock-in, switching cost, economics of usability, security as a trade-off - Social and psychological aspects of security Attacker Capabilities - Attacker capabilities and the offensive use from technical, economic, organizational, and operational perspective - Understand common and novel attack and evasion techniques, proliferation of expertise and tools, optimal timing to use zero-day attacks - Attack types and malware development lifecycle and detection evasion techniques - Botnets, exploit markets, plausible deniability, distributed denial of service (DDoS) - Processes and dynamics in the (in)security community, cyber-underground Defense Options and Limitations - Functional principles, capabilities, and limitations of diverse protection and detection technologies - Security effectiveness and evaluation/testing of security technologies - Trade-off between efficiency and resilience against structurally novel attacks - Effectiveness baseline security measures - Know cyber information sources and frameworks Cyber Security Challenges - Increasing software complexity and vulnerabilities, the illusion of secure software - Full disclosure debate, economics of bug bounty programs - Internet of things, Industry control systems (SCADA/ICS) - Security and integrity of the supply chain (IoT, Smart-X) - Social media and mass protests - Erosion of privacy Legal Aspects - Legal aspects of cyber security, compliance, and policies - Know the fundamental national and international legal and regulatory requirements in connection with cyber security on a cross-sector and sector-specific level - Understanding of legal risks and measures for risk mitigation Guest Talks: - Pascal Gujer - Digital Forensics Expert Kapo Zurich (Cantonal Police Departement Zurich) - Maxim Salomon - Cyber Security Expert at Roche Diagnostics, "The safety vs. security of cyber physical systems" - Marc Ruef - Security Expert, "Navigating the Cyber Underground" - Roger Halbheer - Executive Security Advisor for Microsoft in EMEA |
Lecture notes | Lecture slides will be available on the site of the lecture: https://www.xyotta.com Collaboradom: Cyber Security Course 2018 To get access ask freist@ethz.ch for the registration code |
Literature | Paper reading provided during the lectures |
Prerequisites / Notice | none |
Performance assessment
Performance assessment information (valid until the course unit is held again) | |
Performance assessment as a semester course | |
ECTS credits | 3 credits |
Examiners | S. Frei |
Type | graded semester performance |
Language of examination | English |
Repetition | Repetition only possible after re-enrolling for the course unit. |
Learning materials
No public learning materials available. | |
Only public learning materials are listed. |
Groups
No information on groups available. |
Restrictions
There are no additional restrictions for the registration. |
Offered in
Programme | Section | Type | |
---|---|---|---|
MAS in Management, Technology, and Economics | Electives | W | |
Management, Technology and Economics Master | Additional Electives Courses | W | |
Public Policy Bachelor | Elective Courses | W |