professional master in information security
TRANSCRIPT
Professional Master in Information Security
Blekinge Tekniska Högskola
[protecting computer-based systems and digital information] [promisedu.se]
agenda- Security – industrial needs and competence development- Challenges – Areas – Courses- Consortium and Collboration/Co-production- PROMIS (project) Overview and Planning
- QnA/Discussion
TO KEEP INFORMED: SIGN UP: https://tinyurl.com/mpeenuww(do it now!)
… but first, “security”
ENGINEERING OPERATION TECHNOLOGY
How you “build” security into products / services
Operations and evolution of prod./services in use
Invention of new tech. used to support security
- secure architectures- security testing- ”agile” and security- secure engineering- compliance and regulation- security and emergent
properties…
feeds enables
- monitoring, detection- forensics - evolution n. maintenance- data analytics- tools/methodology- input to engineering of next
gen. prod./services…
- new protocols- new languages- new algorithms- new standards- new encryption
…
[protecting computer-based systems and digital information]
Security – industrial needs and competence developmentChallenges – Areas – Courses
Pillars for the digital society• Abundant computing power• Ubiquitous connectivity• Internet-of-Things (IoT)• Access to tremendous volumes of data• Digital rights and regulationsChallenges• Increasing attack surface• Increasingly complex systems• Increasingly skilled adversariesNeeds• Knowledge in how to improve security products• Knowledge in how to develop secure products• Knowledge in how to protect privacy and access to data• Knowledge in how to securely manage digital assets in an organization
Security in the digital society
Chal
leng
es a
nd C
ours
es
Consortium and Collboration/Co-production
Setup Co-production and LongevityPROMIS PROGRAM
Course 1Course 2
Course n
(how it works)
company partnercompany
partnercompany partnercompany
partnercompany partner
(needs/ideas/contribution)
(students)
(offer courses)
(learning)
BTH EDUCATION
programs
sync
NEED BASEDUP-TO-DATEREAL
- Each course is a mini-project driven by course team
- Industrial reps./experts are part of course team from start
- expert- needs- sanity check- co-production- ambassadors- student recruitement…
- Mix of experts and problem owners in each course
- Sync with BTH programs gives win-win-win… (critical!)
Co-p
rodu
ctio
n an
d qu
ality
ass
uran
ce
Consortium
PROMIS (project) Overview and Planning
Planning overview
- X3 cluster setup based on company and BTH priority- Each course is given (minimum) two times within project time- Tentative plan and titles
5min per courseAdvanced Digital Forensics – Anders Carlsson and Oleksii Baranovskyi
TO BE INFORMED and CONTRIBUTE: https://tinyurl.com/mpeenuwwCONTACT: [email protected]
Malware Analysis – Alexander Adamov Machine Learning Security – Volodymyr TkachData-Driven Security – Volodymyr Tkach
Quality Assurance of Security Aware Application – Davide Fucci & Emil Alégroth
Advanced Digital Forensic / syllabus
- Digital Forensic processes- OS Data Acquisition and Analysis- Network and Email Forensic- Malware Analysis- Mobile based Investigations- Special Aspects of Cloud Forensic- Reporting
Advanced Digital Forensic / course elements
- Initial Bootcamp (1.5 credits)- Practical lab sessions (4 credits)- Data analysis and report writing (2
credits)
With:- Real-world case analysis and
discussions- High professional lecturers and
assistants
The course provides students with the skills of real-world threats analysis including (spear-)phishing attacks, APTs, cyber weapon (destroyers), supply-chain attacks, and ransomware (cryptolockers).
The analysis of such threats requires a special type of education focused on tactics and techniques employed in modern cyber attacks.
The course gives knowledge and practical skills in malware analysisfor Windows and Android platforms (IA-32, Intel® 64, ARMarchitectures).
The students will obtain practical skills in reverse engineering as well as static and dynamic analysis of malware samples used in real cyber attacks.
This course can be useful for Cyber Security Analysts, Tier-3 SOC Analyst, Security (Penetration) Testers, Reverse Engineers, Digital Forensic Analysts, Threat Intelligence Analysts.
Malware Analysis (7.5 credits)
Course manager Dr. Alexander Adamov
15 years in antivirus industry
Malware Analysis (7.5 credits)Malware history
M4Malware analysis for mobile threats
Data mining in malware analysis
Fundamental malware analysis
This module provides an excursus to computer virusology and gives answers to the questions: Who and when coined the term 'computer virus'? When did the first computer viruses and antiviruses appear? What are the cornerstones in malware evolution?
M1
This module focuses on reverse engineering of Android applications. • Android malware overview • APK disassembling • Debugging native code
M5
M3This module introduces into data mining applications in malware analysis that can be used to extract attack indicators and describe tactics and techniques employed by attackers. • Data mining with Maltego CE and Virustotal • Malware Sandboxes • ML algorithmsThe module covers the general aspects of malware
analysis such as: • Static analysis • Dynamic analysis • x86 Disassembling • Unpacking • Deobfuscation • Malware debugging
Review of programming languagesM2
The module gives an overview of programming languages and its toolsets.
The course includes both theoretical introductions to the different attack types and security-enhancing methods and tools, as well as more practical hands-on assignments in Python.
After the course the student will have basic knowledge about security-enhancing approaches, and how to use them in order to protect against various risks in ML systems and how to use ML to detect cyber attacks.
The students will obtain practical skills in creating their own analytic tools for clustering and prediction poorly structured or unstructured data.
This course can be useful for Cyber Security Analysts, Tier-3 SOC Analyst, Security (Penetration) Testers, Reverse Engineers, Digital Forensic Analysts, Threat Intelligence Analysts.
Machine Learning Security (6.0 credits)
Course manager Dr. Volodymyr Tkach
Machine Learning Security (6.0 credits)
Machine Learning Basics
M4 Applied Machine Learning
Security in Machine LearningM1Within this module students will figure out the main terms and definitions in the world of Machine Learning. The history of the ML will be given along with the main areas of its implementation.
This module is a highly practical, gives a deep hands-on skills of using ML-tools and techniques. Includes few practical assignments with elements of programming (using Python, Octave).
Machine Learning in Security
M2
Threat modeling in ML (Data confidentiality, System manipulation, Adversarial examples, Transfer learning attack, Data poisoning)
M3This module is unlike the previous is mostly focused on the issue of the Machine Learning and its implementation for cybersecurity concerns.
This course covers issues of how to utilize the data that surround us for cybersecurity purposes. It covers topics such as how to acquire(e.g., through SIEM) and prepare security data, from collection and storage to management and analysis as well as visualization and presentation, predicting rouge behaviors, and correlate security events. How to use data science to understand and communicate security problems.
The course gives knowledge and hands-on experience in dataanalysis, based on the SIEM platforms (e.g. SPLUNK).
The students will obtain practical skills in utilizing the MachineLearning tools for the security events detection and prediction.
This course can be useful for Cyber Security Analysts, Tier-3 SOC Analyst, CSIRT specialist, Digital Forensic Analysts, Threat Intelligence Analysts.
Data -driven Security (3.0 credits)
Course manager Dr. Volodymyr Tkach
Data-driven Security (3.0 credits)Intro to the Data -Driven Security.
M4 Designing and VisualizingSecurity Data.
Machine Learning Tools:Information out of Data.
Data Aggregation Tools. IDS, IPS, SIEM.
This is the introductory module to explain how and why Security can become Data-driven. Gives the brief course overview.
M1
This module primarily focuses on the data representation. Visualizing the data and its outcomes requires an understanding of the data nature and principles of representation.
M5
M3 This module introduces into data mining applications in malware analysis that can be used to extract attack indicators and describe tactics and techniques employed by attackers. • Data mining with Maltego CE and Virustotal • Malware Sandboxes • ML algorithms
This module gives a practical skill to aggregate all existing data-flows into one system. We will study different IDS/IPS systems and Security Information and Event Management systems. Students will get a hands-o experience of Splunk™ SIEM setup and usage.
Network Data Sources.Behavioral Analysis.M2
The module discovers the main Data Sources and where the data comes from. Gives definition and explanation of behavior and behavioral analysis of the dataflow.
Quality Assurance of Security Aware Applications6 credits
Reality of Modern Software from a Security perspective
Applications are the main target of cyber attacks
Code changes fast need to test iteratively
Security requires integration in the SDLC
Software Security PracticesReactive: security testing integrated into the continuous integration pipeline
Proactive: security design placed upon applications development
Course Goals
• Understand the fundamentals continuous SSA• Design secure software • Perform risk-based software development
Course Modules
Software Security TheorySecurity fundamentals | Software vulnerabilities | Security attacks | Security testing
M1
M2Software Testing FundamentalsVerification&Validation | Exploratory and Regression testing | Unit, Integration, System, and Acceptance Testing | Quality testing | Testing Environments
Proactive ApproachesDesign and Development of Secure Software | Software Security Best Practices | Risk-based software development | Reverse Engineering | Secure Software Development Lifecycle
Reactive ApproachesContinuous Security Testing | Security Testbeds | Metasploit | SQLmap | Netsparker | Acunetix | Static code analysis
M3
M4
Thank you for your attention
TO BE INFORMED and CONTRIBUTE: https://tinyurl.com/mpeenuww
Xtra slides
W B S
