About

This page contains tutorials and/or educational/awareness materials related to Cybersecurity and Cyberinfrastructure. These include presentations/tutorials from the SAC-PA workshop series that was established through a NSF-CICI grant, content extracted/modified from various cybersecurity courses offered at the School of Computing and Information. These may also include research presentations, with emphasis on applied research.

Contributions are welcome: We highly welcome everyone to contribute to this repository. Contributions can include:

  • Education, training and awareness materials related to Cybersecurity & Cyberinfrastructure, especially with regards to scientific research and education.
  • Case studies, and experience specific to how you manage/operate your Cybersecurity issues, or institutional Cybersecrutiy program and the Cyberinfrastructures.
  • Notes/presentations on challenges you face with regards to constraints on resources that you face to support education and research at your institutions. The goal will be to increase understanding of resources needed by different institutions so that appropriate collaborations with those who can assist can be formed.

You are also welcome to suggest topics on which tutorials/educational materials may be added in the repository. Also, please send suggested links to resources that you think would also be nice to have included in this webpage. If you are interested in contributing, please send email to Dr. James Joshi ( jjoshi@pitt.edu)

Group by Topics



List of All Tutorials/Presentations

Module Name
Pittsburgh Supercomputing Center Overview
REN-ISAC
OSG and the Campus
XSEDE Cybersecurity Program & Information Sharing Overview
Science vs Enterprise - Approaches to Research Computing
High Performance Computing Security and Operations at PITT
Confronting the Cyber Threat
Insider Threat Mitigation: Access Control Approach
Security and the Internet of Things
Privacy, Cybersecurity and the Use of Digital Health Information in Healthcare
Security Frameworks -FISMA and NIST 800-171
The Cyber Threat: Securing Cyber Infrastructure
Federated Identity, SSO and Multifactor Authentication
Cloud Security
Critical Resilient Interdependent Infrastructure Systems and Processes
Distributed Ledgers Blockchain Technology
Realizing a Cyberinfrastructure Ecosystem that Transforms Science
Biomedical data sharing to enable Learning Health Systems
Privacy in the Age of the Internet of Things
Regulations and compliance for researchers
C-CUE Information Security Collaboration
Cybersecurity Intelligence Gathering, Sharing, and Reacting
Data Loss Prevention with Spirion
The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response
Next Generation Firewall Feature Sets and ScienceDMZ Applications
Globus Authentication in Practice
KINBER Update
Information, Quantum Mechanics, and the Universe
Mini Science DMZ (aka Mini-DMZ)
Third Party Risk Review Process
Human Subject Research Data Security Review Process
Overview of Information Security - what is information security?
Secure-By-Design / Assurance - Principles
Access Control - Overview of Unix and Windows Security
Public Keys, Digital Certificates, Security Protocols
Public Key Infrastructure
Overview of Information Privacy
Ethical and Legal Issues in Cybersecurity - A Quick Overview
Overview of Intrusion Detection, Auditing System, Firewalls and VPN
Malicious Code
Vulnerability Analysis
Overview of Digital Threats
Identity and Authentication - An Introduction
Identification / Biometrics
Access Control Matrix Model - Some Foundational Results
Security Policies: Bell LaPadula's Confidentiality Model and Biba's Integrity Models
Hybrid Security Models - Clark Wilson, Chinese Wall, RBAC
Role-based Access Control Standard - ANSI INCITS 359-2004
Attribute Based Access Control - An Overview
Attribute-based Access Control in Health Informatics Domain
Secure Software/System Development - Why do we need it?
Secure Software Development Models/Methods - Process models, SDLC
Secure Software Development Models/Methods - Secure SDLC, MS SDLC, Building Security In
Formal Verification/Methods - An Overview
Assurance Evaluation - TCSEC, ITSEC and Common Criteria
String Vulnerabilities in C Programs
Pointer Subterfuge in C Programs
Dynamic Memory Management in C Programs
Race Conditions in C Programs
Integer Security in C Programs
Secure Programming With Static Analysis
Java Language Security - An Overview
Java and Web Services Security - An Overview
Java and Mobile Code Security
Programming Related Security
Security Management- Quick Introduction
Security Planning - An Overview
Information Security Policy
Developing a Secure Program - For An Organization
Security Management Models/Practices and Certification/Accreditation
Contingency Planning: Incidence Response, Business Continuity Plans, Disaster Recovery
SETA: Security Awareness and Training Program - For An Organization
Digital Forensics - A Quick Overview
Cybersecurity Operation Center (CSoC)
Protection Mechanisms - Access, IDS, Firewalls, Auditing
Information Security Project Management
Legal and Ethical Issues for Organizational Security
Information Security Risk Management
NIST Risk Management Framework
Overview of Critical Infrastructure Protection and Risk Management
US Government Approach to Critical Infrastructure/Key Resources Protection
Risk Management Framework and Standards I
Risk Management Framework and Standards II
Risk Analysis Using Fault/Attack Trees
Critical Infrastructure Protection - Cases Studies
NIST Cybersecurity Framework - for Improving Critical Infrastructure Cybersecurity
Supply Chain Security - Risk Management
Overview of HIPPA and HITECH
HIPPA: Health Insureance Portability and Accountability
mHealth: Security and Privacy Issues
Cybersecurity in Healthcare - Overview of Healthcare Sector, HIPPA and HITECH
Paradigm Shift in Healthcare - Anywhere, Anytime, Personalized Health
Mobile Platform Security
Healthcare and Cloud - Security and Privacy
Blockchain
Privacy in Internet of Things: from Principles to Technologies
Cloud Computing: Security and Privacy Issues
Security on the Web
OWASP Top 10 Web Security Vulnerabilities
SSL and TLS
Privacy in the Web
Cookies in Web Applications
Backups for Secure Application
Securing a Web Server/Applications
Browser Security Features
Server Lockdown - IIS and Apache
IIS Security
Walk Through of Appache Configuration
Web Server Security - NIST
Digital Payments - An Overview
SQL Injection and Cross-site Scripting - Attacks and Defenses



Tutorials and Presentations in SAC-PA Workshops

SAC-PA1 Workshop
1. Pittsburgh Supercomputing Center Overview - James Marsteller, Chief Information Security Officer at PSC
2. REN-ISAC - Scott Finlon, Principal Security Engineer at REN-ISAC
3. OSG and the Campus - Robert Gardner, Professor of Physics at the University of Chicago and Senior Fellow in the Computation Institute
4. XSEDE Cybersecurity Program & Information Sharing Overview - James Marsteller, Chief Information Security Officer at PSC
5. Science vs Enterprise - Approaches to Research Computing - Brian Pasquini, Assistant Director of Information Security at Pitt
6. High Performance Computing Security and Operations at PITT - Kim Wong, Associate Professor at Pitt and HPC Consultant at Center for Research Computing
7. Confronting the Cyber Threat - David Hickton, Director of Pitt Cyber
8. Insider Threat Mitigation: Access Control Approach - James Joshi, PI
9. Security and the Internet of Things - Prashant Krishnamurthy Co-PI & Professor at Pitt SCI
10. Privacy, Cybersecurity and the Use of Digital Health Information in Healthcare - John Houston, Vice President at UPMC, Privacy and Information Security & Associate Counse
11. Security Frameworks -FISMA and NIST 800-171 - Chris Seiders (security analyst) & Scott Weinman (Senior IT Security Analyst) at Pitt (CSSD)
12. The Cyber Threat: Securing Cyber Infrastructure - Abigail Smith (Special Agent), Andrew Czyzewski (Intelligence Analyst) (Federal Bureau of Investigation - Pittsburgh)
13. Federated Identity, SSO and Multifactor Authentication - Tony Carra, Service Owner, Pitt (CSSD)
14. Cloud Security - Balaji Palanisamy, Co-PI
15. Critical Resilient Interdependent Infrastructure Systems and Processes - David Tipper, Project member, Professor at Pitt SCI
16. Distributed Ledgers Blockchain Technology - Michael Spring, Co-PI, Associate Professor at Pitt SCI
SAC-PA2 Workshop
1. Realizing a Cyberinfrastructure Ecosystem that Transforms Science - Manish Parashar, Director at Office of Cyberinfrastructure, NSF and Professor at Rutgers, State University of New Jersey
2. Biomedical data sharing to enable Learning Health Systems - Jonathan C. Silverstein, MD, MS, FACS, FACMI, Chief Research Informatics Officer at Pitt
3. Privacy in the Age of the Internet of Things - Norman Sadeh, Professor at CMU, Director of Mobile Commerce Lab and e-Supply Chain Management Lab
4. Regulations and compliance for researchers - Joel Garmon, Chief Information Security Officer at Pitt
5. Collaborative C-CUE Information Security Collaboration - Tom Dugas, Director, Information Security/New Initiatives, Duquesne University
6. Cybersecurity Intelligence Gathering, Sharing, and Reacting - Shane Filus, Information Security Engineer at PSC
7. Data Loss Prevention with Spirion - Brad Maloney & Michael Muto, Duquesne University
8. The New Security Frontier: Threat Hunting, Augmented Intelligence, and Automated Response - Michael Melore, Cybersecurity Advisor at IBM Security
9. Next Generation Firewall Feature Sets and ScienceDMZ Applications - Brian DeNoble, Govt and Education Account Manager, PaloAlto Networks; Brian Pasquini, Assistant Director of Information Security at Pitt; Kenny Holmes, CISSP, Director of Public Sector for the State, Local, and Education practice at Palo Alto Networks
10. Globus Authentication in Practice - Derek Simmel, Grid Computing Specialist, PSC
11. KINBER Update - Wendy Huntoon, President and CEO, KINBER
12. Information, Quantum Mechanics, and the Universe - Jeremy Levy, Distinguished Professor, Department of Physics and Astronomy at Pitt; Founding Director, the Pittsburgh Quantum Institute
13. Mini Science DMZ (aka Mini-DMZ) - Steven Wallace, Enterprise Network Architect and Technical Adviser Networks, Indiana University; Christopher Keslar, Senior Analyst, CSSD of Pitt
14. Third Party Risk Review Process - Chris Seiders, Security Analyst, CSSD, University of Pittsburgh
15. Human Subject Research Data Security Review Process - Scott Weinman, Senior IT Security Analyst, CSSD, University of Pittsburgh

Tutorials

Basic Concepts in Cybersecurity and Privacy

This tutorial covers topics related to security and privacy concepts.

1. Overview of Information Security - what is information security? 2. Secure-By-Design / Assurance - Principles 3. Access Control - Overview of Unix and Windows Security 4. Public Keys, Digital Certificates, Security Protocols 5. Public Key Infrastructure 6. Overview of Information Privacy 7. Ethical and Legal Issues in Cybersecurity - A Quick Overview 8. Overview of Intrusion Detection, Auditing System, Firewalls and VPN 9. Malicious Code 10. Vulnerability Analysis 11. Overview of Digital Threats 12. Confronting the Cyber Threat (From SAC-PA1 Workshop) 13. The Cyber Threat: Securing Cyber Infrastructure (From SAC-PA1 Workshop)
Topics in Authentication and Access Control

This tutorial covers topics related to authentication and access control.

1. Identity and Authentication - An Introduction 2. Identification / Biometrics 3. Federated Identity, SSO and Multifactor Authentication (From SAC-PA1 Workshop) 4. Globus Authentication in Practice (From SAC-PA2 Workshop) 5. Access Control - Overview of Unix and Windows Security 6. Access Control Matrix Model - Some Foundational Results 7. Security Policies: Bell LaPadula's Confidentiality Model and Biba's Integrity Models 8. Hybrid Security Models - Clark Wilson, Chinese Wall, RBAC 9. Role-based Access Control Standard - ANSI INCITS 359-2004 10. Attribute Based Access Control - An Overview 11. Attribute-based Access Control in Health Informatics Domain 12. Insider Threat Mitigation: Access Control Approach (From SAC-PA1 Workshop)
Topics in Cybersecurity Engineering/Secure SDLC

This tutorial covers topics related to cybersecure engineering and secure SDLC.

1. Secure Software/System Development - Why do we need it? 2. Secure Software Development Models/Methods - Process models, SDLC 3. Secure Software Development Models/Methods - Secure SDLC, MS SDLC, Building Security In 4. Formal Verification/Methods - An Overview 5. Assurance Evaluation - TCSEC, ITSEC and Common Criteria
Topics in Secure Programming/Coding Issues

This tutorial covers the topics of secure programing/coding issues.

1. String Vulnerabilities in C Programs 2. Pointer Subterfuge in C Programs 3. Dynamic Memory Management in C Programs 4. Race Conditions in C Programs 5. Integer Security in C Programs 6. Secure Programming With Static Analysis 7. Java Language Security - An Overview 8. Java and Web Services Security - An Overview 9. Java and Mobile Code Security 10. Programming Related Security
Topics in Cybersecurity Management/Compliance & Cyber Forensics/Operations

This tutorial covers topics realted to cybersecurity management/compliance & cyber forensics/operations.

1. Security Management- Quick Introduction 2. Security Planning - An Overview 3. Information Security Policy 4. Developing a Secure Program - For An Organization 5. Security Management Models/Practices and Certification/Accreditation 6. Contingency Planning: Incidence Response, Business Continuity Plans, Disaster Recovery 7. SETA: Security Awareness and Training Program - For An Organization 8. Security Frameworks -FISMA and NIST 800-171 (From SAC-PA1 Workshop) 9. Digital Forensics - A Quick Overview 10. Cybersecurity Operation Center (CSoC) 11. Protection Mechanisms - Access, IDS, Firewalls, Auditing 12. Information Security Project Management 13. Legal and Ethical Issues for Organizational Security 14. Regulations and compliance for researchers (From SAC-PA2 Workshop)
Topics in Cybersecurity Risk Management (in ICT / Critical Infrastructure)

This tutorial covers topics realted to cybersecurity risk management in ICT and critical infrastructure.

1. Information Security Risk Management 2. NIST Risk Management Framework 3. Overview of Critical Infrastructure Protection and Risk Management 4. Critical Resilient Interdependent Infrastructure Systems and Processes (From SAC-PA1 Workshop) 5. US Government Approach to Critical Infrastructure/Key Resources Protection 6. Risk Management Framework and Standards I 7. Risk Management Framework and Standards II 8. Risk Analysis Using Fault/Attack Trees 9. Critical Infrastructure Protection - Cases Studies 10. NIST Cybersecurity Framework - for Improving Critical Infrastructure Cybersecurity 11. Third Party Risk Review Process (From SAC-PA2 Workshop) 12. Supply Chain Security - Risk Management
Topics in Healthcare Security and Privacy

This tutorial covers topics of security and privacy in mobile healthcare.

1. Overview of HIPPA and HITECH 2. HIPPA: Health Insureance Portability and Accountability 3. mHealth: Security and Privacy Issues 4. Cybersecurity in Healthcare - Overview of Healthcare Sector, HIPPA and HITECH 5. Paradigm Shift in Healthcare - Anywhere, Anytime, Personalized Health 6. Mobile Platform Security 7. Healthcare and Cloud - Security and Privacy 8. Attribute-based Access Control in Health Informatics Domain 9. Privacy, Cybersecurity and the Use of Digital Health Information in Healthcare (From SAC-PA1 Workshop) 2. Biomedical data sharing to enable Learning Health Systems (From SAC-PA2 Workshop)
Topics in Blockchain/IoT/Cloud Security and Privacy

This tutorial covers topics of blockchain, IoT and Cloud.

1. Blockchain 2. Distributed Ledgers Blockchain Technology 3. Privacy in Internet of Things: from Principles to Technologies 4. Security and the Internet of Things (SAC-PA1 Workshop) 5. Permissioned/Private Blockchains and Databases (from Mohan C Mohan, IBM Fellow) 6. Cloud Computing: Security and Privacy Issues 7. Cloud Security (From SAC-PA1 Workshop) 8. Privacy in the Age of the Internet of Things (From SAC-PA2 Workshop)
Topics in Web and Application Security

This tutorial covers topics of Web and Application Security.

1. Security on the Web 2. OWASP Top 10 Web Security Vulnerabilities 3. SSL and TLS 4. Privacy in the Web 5. Cookies in Web Applications 6. Backups for Secure Application 7. Securing a Web Server/Applications 8. Browser Security Features 9. Server Lockdown - IIS and Apache 10. IIS Security 11. Walk Through of Appache Configuration 12. Web Server Security - NIST 13. Digital Payments - An Overview 14. Overview of Digital Threats 15. SQL Injection and Cross-site Scripting - Attacks and Defenses

Useful External Tutorials

External Materials

Training materials from TRUSTED CI
A list of training materials presented by Trusted CI staff or hosted at Trusted CI events..

Several Online Labs from LERSAIS

Online Labs

LERSAIS has developed a number of online laboratories that can help you better understand security issues. By clicking any of the labs below, that specific lab will be exposed and access to all the other labs will be provided by a left side menu. To browse through a single lab use the menu at the top of each page which allows navigation to all other pages of the lab.

1. Access Control
This lab will help you to understand how Windows and Unix implement access controls and what the similarities and differences are.

2. Forensics
This lab will introduce you to some of the tools and techniques used for forensic analysis.

3. Apache SSL
This lab will guide you through the steps required to configure Apache with SSL.

4. IIS and Server 2003
This lab will guide you through the steps required to setup and secure both Microsoft Server 2003 R2 and IIS 6.0.

5. Authenticode
This lab will guide you through the steps required to sign a file using Microsoft's Authenticode.

6. IPSec and VPN Tunnel
This lab is an introduction to IPSec and VPN Tunnels, where you will create a VPN and use IPSec to configure the permissions of the tunnel.

7. Common Criteria Methodology
This lab will introduce you to The Common Criteria (CC).

8. Java Code Signing
This lab will guide you through the steps required to sign a JAR using Java.

9. Cryptography with C#
In this lab you will lean how to implement some basic cryptographic algorithms provided by the .NET class using C# programming.

10. Network Protocol Analyzers
In this lab you will first learn how to use tcpdump and ethereal to analyze network traffic.

11. Cryptographic Libraries
In this lab you will learn how to protect your data using encryption.

12. PKI For Secure E-mail
This lab will guide you through the steps required to setup secure email using Public Key Infrastructure.

13. Firewall Access Control Lists
This introduces you to a hardware firewall and the basic commands that are required to establish access control lists.

14. Secure Cookies
This lab will guide you through the steps required to set up secure cookies.

15. Firewall Configurations and Attacks
This lab will allow you to exploit an active attack on the network and implement a simple firewall rule set that will prevent this kind of attack.