Friday, 26 June 2015

Applied Cyber Security at MIT

MIT (Massachusetts Institute of Technology) created a short but intense Applied Cyber Security course. In order for someone to attend the course he/she had to apply and go through an approval process which determined if they were accepted to attend the course or not. In this course, experts from academia, the military and industry shared their knowledge and gave participants the principles, the state-of-the-practice, and strategies for the future in CyberSecurity. 
I was honoured and very excited to be accepted to participate in this course. In today’s world, organizations must be prepared to defend against threats in cyberspace. Decision makers must be familiar with the principles and best practices of cyber security to best protect their enterprises. 

I strongly believe that the best way to achieve this is to be educated, share knowledge and information among our peers. Our business strategies need to be reformed and adapt to the fast evolving threat landscape of cyber threats and be prepared to make the right decisions going forward.

The sessions during the course addressed information security, ethical and legal practices, and mitigating cyber vulnerabilities. Participants learned about the process of incident response and analysis. The content was targeted at ensuring the privacy, reliability, and integrity of information systems. The majority of the course (about 75%) was geared toward participants at the decision-making level. Of course, the course was equally valuable for those who are already deeply immersed in the technical aspects of cyber security (software development, digital forensics, etc.) who are regularly invited to participate at the decision-making level executives.

Cyber security is a very large subject, and therefore this course was intended to cover the basics of the current leading and pressing cyber security topics. 
More specifically the learning objectives of the course were:
  1. Secure both clean and corrupted systems, protecting personal data, securing simple computer networks, and safe Internet usage.
  2. Understand key terms and concepts in cyber law, intellectual property and cyber crimes, trademarks and domain theft.
  3. Determine computer technologies, digital evidence collection, and evidentiary reporting in forensic acquisition.
  4. Incorporate approaches to secure networks, firewalls, intrusion detection systems, and intrusion prevention systems.
  5. Examine secure software construction practices.
  6. Understand principles of web security.
  7. Incorporate approaches for incident analysis and response.
  8. Incorporate approaches for risk management and best practices.
Seventy-five percent of the course was geared toward providing a basic framework for professionals making cyber security decisions in the industry, government and individuals seeking to immerse themselves in the pressing issues of Cyber Security, giving them the information they need to make the best decisions for the CyberDefense of their organizations. 

About a quarter of the course covered more technical areas of interest to people with more engineering-focused backgrounds, such as software developers or those working in digital forensics. Briefly, the course had the following program outline:

Introduction to Information Security Fundamentals and Best Practices

  • Protecting Your Computer and its Contents
  • Securing Computer Networks - Basics of Networking
  • Compromised Computers
  • Secure Communications and Information Security Best Practices
  • Privacy Guidelines
  • Safe Internet Usage

Ethics in Cyber Security & Cyber Law

  • Privacy
  • Intellectual Property
  • Professional Ethics
  • Freedom of Speech
  • Fair User and Ethical Hacking
  • Trademarks
  • Internet Fraud
  • Electronic Evidence
  • Cybercrimes


  • Forensic Technologies
  • Digital Evidence Collection
  • Evidentiary Reporting

Network Assurance

  • Layered Defense
  • Surveillance and Reconnaissance
  • Outsider Thread Protection

Secure Software & Browser Security

  • Software Construction
  • Software Design and Architecture
  • Software Testing
  • Methodologies
  • The New Universal Client
  • The Web Model
  • Cookies and Browser Storage
  • HTML5 Security

Business Information Continuity

  • Managing a Business Information Continuity Plan
  • Vulnerabilities and Controls
  • The Law and Business Information Continuity Plan

Information Risk Management

  • Asset Evaluation and Business Impact Analysis
  • Risk Identification
  • Risk Quantification
  • Risk Response Development and Control
  • Security Policy, Compliance, and Business Continuity

Cyber Incident Analysis and Response

  • Incident Preparation
  • Incident Detection and Analysis
  • Containment, Eradication, and Recovery
  • Proactive and Post Incident Cyber Services
Continuing Education Units (CEUs): 1.3

No comments:

Post a Comment