You are on page 1of 33

CYBER

SECURITY: ESSENTIALS
Daniel Medina medina@nyu.edu

ADMINISTRATION
h?p://nyu.medina.io
Daniel Medina medina@nyu.edu
Get an NYU Account: h?p://start.nyu.edu

ABOUT THE CLASS


Cyber Security: EssenIals
This lab-based course introduces the core concepts of cyber security: risk, governance, access control,
incident response, audi:ng and monitoring, and recovery. Learn how policies, standards, procedures,
and guidelines are established to ensure conden:ality, integrity, and availability. Gain an
understanding of countermeasures and preven:on techniques for managing malicious threats. Also,
discover in depth how security is implemented within mul:ple technology environments, such as
client/server, network devices, virtualiza:on, and the Internet. Typical lab topics include the OSI
model and TCP/IP suite; mobile and cloud security; malware analysis; basics of the Internet,
protocols, rou:ng, and applica:ons; basic packet analysis; and vulnerabili:es, threats, and risk
concepts.
hKps://www.scps.nyu.edu/content/scps/academics/course_detail.html?id=INFO1-CE9985

ABOUT THE CLASS


No required textbook
Many online readings
This one not bad for
CISSP preparaIon >>>

ABOUT THE CLASS


3 hours per class
2 Imes a week
4 weeks
September 14, 2015 - October 7, 2015

ABOUT THE CLASS


Rough weekly topics:

Today
Cryptography
Access Controls
Networks &
Perimeters

ApplicaIon Security
Audit & Incidents
Laws & RegulaIons
TBD

ABOUT THE CLASS


Grading:
There are grades
Please dont worry about grades;
Par<cipate: share links, discuss in class
CommunicaIons:
Announcements in class and via email
content posted at: h?p://nyu.medina.io

ABOUT THE CLASS

[IntenIonally Le_ Blank to Philosophize]

ABOUT ME

Daniel Medina
medina@nyu.edu

ABOUT ME
Background

Previously:
Systems Administrator, Network Developer,
Security Architect, Academia & Wall Street
Now:
Director TechOps (Security, Infra)@ tech startup,
Adjunct at NYU since 2007

ABOUT ME
Why am I here?
Years at Columbia University
Never go into teaching
Got real job at a bank
Missed university / academia
Adjunct at NYU since 2007
First class: Perl Programming

ABOUT YOU
Hi!
Name
Background
Why are you here?

INTERMISSION

[IntenIonally Le_ Blank]

hWps://twiWer.com/briankrebs/status/431247496388812800
hWps://twiWer.com/briankrebs/status/431277998374137856

SIDEBAR:
WHATS IN A SECURITY ROLE?
Word cloud of an
informaIon security
professionals
skills & experIse (via LinkedIn)

SO WHAT IS SECURITY?

I AM TRULY SORRY

WE HAVE HIRED
SECURITY EXPERTS
Target CIO resigned March 2014

WAPO: TARGETS CEO DIDNT LEAVE BECAUSE OF BREACH


hWp://www.washingtonpost.com/news/wonkblog/wp/2014/05/08/targets-ceo-didnt-leave-because-of-a-cybersecurity-breach/

hWp://bits.blogs.ny<mes.com/2014/07/31/brad-maiorino-targets-new-cybersecurity-boss-discusses-being-a-gluWon-for-punishment/

INTERMISSION

[IntenIonally Le_ Blank]

SOME CONCEPTS

(Stu that might be on the CISSP exam)

C I A
CondenIality
Integrity
Availablility

RISK ASSESSMENT
What are we protecIng?
What are the threats?
What costs would we bear?

ADVERSARY MODEL
careless user
bored hacker
criminal gang
hack<vist collec<ve
disgruntled employee
industrial compe<tor
government agency

I+AAA
Iden<ca<on
Authen<ca<on
Authoriza<on
Accoun<ng

SOME REAL EXAMPLES

SOME REAL EXAMPLES

SOME REAL EXAMPLES

SOME REAL EXAMPLES