Partnerships

FACETS Partnerships

 

EY Trajectory Program

We have established a strong collaboration with Ernst & Young with a trajectory program that provides students with a semester-length internship program. Students work jointly with EY professionals and UAlbany faculty to analyze information security risk analysis at a firm.

 

Project Description

The project is in three phases:

  • Phase 1: Learning the case and planning the project
  • Phase 2: Core risk analysis for the case
  • Phase 3: Interpreting the results, and developing a presentation to the clients

At the end of the project, student teams make presentations to EY partners, which are rated by EY partners and UAlbany faculty. The program expects students to self-learn and discover knowledge as they progress, meet weekly deliverables, make video presentations for each of the three phases, and analyze articles through the length of the program. We are now expanding our partnership to work on grants and publications; adding to our collaborative endeavors in training and internship.

 

Information Security and Education Collaborative (INSuRE)

FACETS has joined a network of about 20 Universities under the Information Security and Education Collaborative (INSuRE): National Cyber Security Challenge Problems program, which facilitates experiential learning. The National Labs and Federal Agencies participating in INSURE are listed below:

  • Argonne National Laboratory
  • Idaho National Laboratory
  • Indiana Office of Technology
  • Johns Hopkins University Applied Physics Laboratory
  • MITRE
  • National Institute of Standards and Technology
  • National Security Agency
  • Naval Surface Warfare Center Crane Division
  • New Jersey Office of Homeland Security and Preparedness
  • Oak Ridge National Laboratory
  • Pacific Northwest National Laboratory
  • Sandia National Laboratories

The course exposes students to national cybersecurity challenge problems that our National Labs are currently dealing with, and is suitable for seniors who are majors in Digital Forensics, Computer Science, Mathematics, and Cybersecurity. It is an experiential learning course where student teams work closely with the faculty instructor and scientists in a National Lab or a Government Agency dealing with cybersecurity or intelligence problems. The role of the scientists and directors at the national lab is to define the challenge problem, along with a recorded overview of each problem.

In addition, they will provide another 15-18 hours of their time over the course of the semester supporting and interacting with the teams. Students will work in teams on the project and will have weekly sessions with the faculty instructor who will review their work. The project for our team of six students is presented below.

 

Project Description

The MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations (MITRE). This framework organizes adversary techniques under 12 different tactics, such as Initial Access, Execution, Persistence, etc. Each of these techniques are also linked to adversaries. By utilizing threat intelligence and the MITRE ATT&CK Matrix, organizations can understand which adversaries target their industry, and which attack techniques those adversaries use under the 12 tactic categories.

More recently, MITRE released Shield, which is an active defense knowledge base MITRE is developing to capture and organize what we are learning about active defense and adversary engagement (MITRE). This helps organizations utilize active defense or limited offensive action to take back a contested part of the network. Although both of these frameworks have greatly enabled organizations to both understand their enemies and defend themselves against them, they are missing a layer of organizational implementation.

Organizations typically use standards such as NIST for a security backbone and tools like MITRE Shield to enhance a higher level of security where such security is warranted (e.g. in DOD operations). Already stressed by having to implement controls based on NIST standards are not in a position to understand the differences between two standards and select the vendor tools they require that can comprehensively cover the recommendations of both these tools. The goal of the project is to group the MITRE Shield Framework controls into groups and map them to vendor tools to make tool selection easier for organizations.

Students networking at cyber job fair