Spring 2021
CS 6393: Cyber Security Foundations and Practice (Cross-Listed)
CS 4483: Cyber Security Foundations and Practice (Cross-Listed)
Return to class home page
Complete List of Frequently Asked Questions in Reverse Chronological Order
- 2/15/21 What is the significance of semester weeks associated with each lecture unit?
A:
The weeks nominally associated with each unit indicate the schedule
that would have been followed if the class was meeting for in-person
lectures by me. This can be used as guidance for purpose of viewing
the lectures and providing the virtual attendance responses.
- 2/10/21 Q on Module 1.4 Cyber Security Terminology:
In regard to Privacy vs. Security you subscribed to
(e) Security is a superset of Privacy aka "Enforcement View". Are
there individuals/organizations that subscribe to Security =
Privacy (b), or the other options? Could these views be viable
depending on the mission of the individual/organization?
A:
It is a fact that many practitioners do equate privacy to
confidentiality. For example, in the 1990s there was an initiative
to develop so-called Privacy Enhanced Mail which was really about
providing confidential email with integrity, authentication and
non-repudiation. There are several such examples. As a matter of
practice many organizations have a Chief Information Security
Officer and a separate Chief Privacy Officer. Distinct roles with
distinct resonsibilities. This would indicate that organizations
treat security and privacy as separate. I believe this is due to the
role of top management regarding policies for collection and usage of private
data, i.e., following the collection view (d).
- 2/10/21 Q on Module 1.4 Cyber Security Terminology:
Would you have taken the UTSA job if you didn't get to choose the
Institute's name?
A: This question did not occur to me since the option to change
the name from the orginal Information Assurance Institute was offered
to me at the start of the interview process. In retrospect, I have had
a very productive time at UTSA since June 2007 and the Information
Assurance Institute would have been a workable name. All the same, I
am glad we went with the name Institute for Cyber Security.
- 2/10/21 Q on Module 1.2 Cyber Security Objectives:
You state that you have argued the
importance of "Usage" as an addition to the traditional CIA to make
it CIAU. What have your colleagues' responses been?
A: The term "usage control" or UCON has received and continues to
receive attention in the academic literature, as shown by Google
Scholar searches. In the "practice" literature it has had little
traction. Also it has not appeared widely in introductory
cyber security textbooks or articles. I continue to believe "usage
control" will become increasingly important as we see the spread of
Internet of Things (IoT) and Cyber-Physical Systems (CPS).
- 2/10/21 Q on Module 1.2 Cyber Security Objectives:
Do you have any other material
or publications regarding the U (Usage) concept you introduced?
A: We will have a module on Usage Control in Unit 3 along with
related readings.
- 1/22/21 Q: Where is the class web-site?
A: www.profsandhu.com/cs6393_s21