This page contains tutorials and/or educational/awareness materials related to Cybersecurity and Cyberinfrastructure. These include presentations/tutorials from the SAC-PA workshop series that was established through a NSF-CICI grant, content extracted/modified from various cybersecurity courses offered at the School of Computing and Information. These may also include research presentations, with emphasis on applied research.
Contributions are welcome: We highly welcome everyone to contribute to this repository. Contributions can include:
You are also welcome to suggest topics on which tutorials/educational materials may be added in the repository. Also, please send suggested links to resources that you think would also be nice to have included in this webpage. If you are interested in contributing, please send email to Dr. James Joshi ( jjoshi@pitt.edu)
This tutorial covers topics related to security and privacy concepts.
1. Overview of Information Security - what is information security? 2. Secure-By-Design / Assurance - Principles 3. Access Control - Overview of Unix and Windows Security 4. Public Keys, Digital Certificates, Security Protocols 5. Public Key Infrastructure 6. Overview of Information Privacy 7. Ethical and Legal Issues in Cybersecurity - A Quick Overview 8. Overview of Intrusion Detection, Auditing System, Firewalls and VPN 9. Malicious Code 10. Vulnerability Analysis 11. Overview of Digital Threats 12. Confronting the Cyber Threat (From SAC-PA1 Workshop) 13. The Cyber Threat: Securing Cyber Infrastructure (From SAC-PA1 Workshop)This tutorial covers topics related to authentication and access control.
1. Identity and Authentication - An Introduction 2. Identification / Biometrics 3. Federated Identity, SSO and Multifactor Authentication (From SAC-PA1 Workshop) 4. Globus Authentication in Practice (From SAC-PA2 Workshop) 5. Access Control - Overview of Unix and Windows Security 6. Access Control Matrix Model - Some Foundational Results 7. Security Policies: Bell LaPadula's Confidentiality Model and Biba's Integrity Models 8. Hybrid Security Models - Clark Wilson, Chinese Wall, RBAC 9. Role-based Access Control Standard - ANSI INCITS 359-2004 10. Attribute Based Access Control - An Overview 11. Attribute-based Access Control in Health Informatics Domain 12. Insider Threat Mitigation: Access Control Approach (From SAC-PA1 Workshop)This tutorial covers topics related to cybersecure engineering and secure SDLC.
1. Secure Software/System Development - Why do we need it? 2. Secure Software Development Models/Methods - Process models, SDLC 3. Secure Software Development Models/Methods - Secure SDLC, MS SDLC, Building Security In 4. Formal Verification/Methods - An Overview 5. Assurance Evaluation - TCSEC, ITSEC and Common CriteriaThis tutorial covers the topics of secure programing/coding issues.
1. String Vulnerabilities in C Programs 2. Pointer Subterfuge in C Programs 3. Dynamic Memory Management in C Programs 4. Race Conditions in C Programs 5. Integer Security in C Programs 6. Secure Programming With Static Analysis 7. Java Language Security - An Overview 8. Java and Web Services Security - An Overview 9. Java and Mobile Code Security 10. Programming Related SecurityThis tutorial covers topics realted to cybersecurity management/compliance & cyber forensics/operations.
1. Security Management- Quick Introduction 2. Security Planning - An Overview 3. Information Security Policy 4. Developing a Secure Program - For An Organization 5. Security Management Models/Practices and Certification/Accreditation 6. Contingency Planning: Incidence Response, Business Continuity Plans, Disaster Recovery 7. SETA: Security Awareness and Training Program - For An Organization 8. Security Frameworks -FISMA and NIST 800-171 (From SAC-PA1 Workshop) 9. Digital Forensics - A Quick Overview 10. Cybersecurity Operation Center (CSoC) 11. Protection Mechanisms - Access, IDS, Firewalls, Auditing 12. Information Security Project Management 13. Legal and Ethical Issues for Organizational Security 14. Regulations and compliance for researchers (From SAC-PA2 Workshop)This tutorial covers topics realted to cybersecurity risk management in ICT and critical infrastructure.
1. Information Security Risk Management 2. NIST Risk Management Framework 3. Overview of Critical Infrastructure Protection and Risk Management 4. Critical Resilient Interdependent Infrastructure Systems and Processes (From SAC-PA1 Workshop) 5. US Government Approach to Critical Infrastructure/Key Resources Protection 6. Risk Management Framework and Standards I 7. Risk Management Framework and Standards II 8. Risk Analysis Using Fault/Attack Trees 9. Critical Infrastructure Protection - Cases Studies 10. NIST Cybersecurity Framework - for Improving Critical Infrastructure Cybersecurity 11. Third Party Risk Review Process (From SAC-PA2 Workshop) 12. Supply Chain Security - Risk ManagementThis tutorial covers topics of security and privacy in mobile healthcare.
1. Overview of HIPPA and HITECH 2. HIPPA: Health Insureance Portability and Accountability 3. mHealth: Security and Privacy Issues 4. Cybersecurity in Healthcare - Overview of Healthcare Sector, HIPPA and HITECH 5. Paradigm Shift in Healthcare - Anywhere, Anytime, Personalized Health 6. Mobile Platform Security 7. Healthcare and Cloud - Security and Privacy 8. Attribute-based Access Control in Health Informatics Domain 9. Privacy, Cybersecurity and the Use of Digital Health Information in Healthcare (From SAC-PA1 Workshop) 2. Biomedical data sharing to enable Learning Health Systems (From SAC-PA2 Workshop)This tutorial covers topics of blockchain, IoT and Cloud.
1. Blockchain 2. Distributed Ledgers Blockchain Technology 3. Privacy in Internet of Things: from Principles to Technologies 4. Security and the Internet of Things (SAC-PA1 Workshop) 5. Permissioned/Private Blockchains and Databases (from Mohan C Mohan, IBM Fellow) 6. Cloud Computing: Security and Privacy Issues 7. Cloud Security (From SAC-PA1 Workshop) 8. Privacy in the Age of the Internet of Things (From SAC-PA2 Workshop)This tutorial covers topics of Web and Application Security.
1. Security on the Web 2. OWASP Top 10 Web Security Vulnerabilities 3. SSL and TLS 4. Privacy in the Web 5. Cookies in Web Applications 6. Backups for Secure Application 7. Securing a Web Server/Applications 8. Browser Security Features 9. Server Lockdown - IIS and Apache 10. IIS Security 11. Walk Through of Appache Configuration 12. Web Server Security - NIST 13. Digital Payments - An Overview 14. Overview of Digital Threats 15. SQL Injection and Cross-site Scripting - Attacks and Defenses
Training materials from TRUSTED CI
A list of training materials presented by Trusted CI staff or hosted at Trusted
CI events..
LERSAIS has developed a number of online laboratories that can help you better understand security issues. By clicking any of the labs below, that specific lab will be exposed and access to all the other labs will be provided by a left side menu. To browse through a single lab use the menu at the top of each page which allows navigation to all other pages of the lab.
1.
Access Control
This lab will help you to understand how Windows and Unix implement access
controls and what the similarities and differences are.
2.
Forensics
This lab will introduce you to some of the tools and techniques used for
forensic analysis.
3. Apache
SSL
This lab will guide you through the steps required to configure Apache with
SSL.
4. IIS and Server 2003
This lab will guide you through the steps required to setup and secure both
Microsoft Server 2003 R2 and IIS 6.0.
5. Authenticode
This lab will guide you through the steps required to sign a file using
Microsoft's Authenticode.
6. IPSec and VPN Tunnel
This lab is an introduction to IPSec and VPN Tunnels, where you will create a
VPN and use IPSec to configure the permissions of the tunnel.
7. Common Criteria Methodology
This lab will introduce you to The Common Criteria (CC).
8. Java Code Signing
This lab will guide you through the steps required to sign a JAR using
Java.
9. Cryptography with C#
In this lab you will lean how to implement some basic cryptographic algorithms
provided by the .NET class using C# programming.
10. Network Protocol Analyzers
In this lab you will first learn how to use tcpdump and ethereal to analyze
network traffic.
11. Cryptographic Libraries
In this lab you will learn how to protect your data using encryption.
12. PKI For Secure E-mail
This lab will guide you through the steps required to setup secure email using
Public Key Infrastructure.
13. Firewall Access Control Lists
This introduces you to a hardware firewall and the basic commands that are
required to establish access control lists.
14. Secure Cookies
This lab will guide you through the steps required to set up secure
cookies.
15. Firewall Configurations and Attacks
This lab will allow you to exploit an active attack on the network and
implement a simple firewall rule set that will prevent this kind of attack.
© 2016-2019. Powered and Developed by SAC-PA.