CYBER SECURITY FOUNDATION - OUTLINE

Similar documents
Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Executive Cyber Security Training. One Day Training Course

Logging In: Auditing Cybersecurity in an Unsecure World

Defending Against Data Beaches: Internal Controls for Cybersecurity

Prof. Udo Helmbrecht

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

How To Write An Article On The European Cyberspace Policy And Security Strategy

Cyber Security Incident Response High-level Maturity Assessment Tool

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Certified Disaster Recovery Engineer

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cybersecurity Awareness for Executives

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

Cybersecurity Awareness. Part 1

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Certified Cyber Security Analyst VS-1160

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Program Overview and 2015 Outlook

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Introduction to Information Security Management

Department of Management Services. Request for Information

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

GEARS Cyber-Security Services

Ty Miller. Director, Threat Intelligence Pty Ltd

The Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Introduction to Cybersecurity Overview. October 2014

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Cybersecurity and the AICPA Cybersecurity Attestation Project

Rogers Insurance Client Presentation

CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM

MSc Cyber Security. identity. hacker. virus. network. information

A GOOD PRACTICE GUIDE FOR EMPLOYERS

Cybersecurity Framework: Current Status and Next Steps

Cyber Terrorism and Australia s Terrorism Insurance Scheme. Physically Destructive Cyber Terrorism as a Gap in Current Insurance Coverage

Security Analysis Part I: Basics

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CONSULTING IMAGE PLACEHOLDER

ITS415: Principles of Cybersecurity

InfoSec Academy Application & Secure Code Track

CERTIFIED DISASTER RECOVERY ENGINEER

A New Approach to Assessing Advanced Threat Solutions

Why you should adopt the NIST Cybersecurity Framework

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

EU policy on Network and Information Security and Critical Information Infrastructure Protection

Bellevue University Cybersecurity Programs & Courses

STREAM Cyber Security

Cyber Security Strategy of Georgia

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

National Cyber Security Strategies

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Who s next after TalkTalk?

Presented by Frederick J. Santarsiere

Panel Session: Lessons Learned in Smart Grid Cybersecurity

OECD PROJECT ON CYBER RISK INSURANCE

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

RSA CYBERSECURITY POVERTY INDEX 2015

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Collateral Effects of Cyberwar

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Cybersecurity in the Digital Economy Challenges and Threats to the Financial Services Sector

Leveraging Regulatory Compliance to Improve Cyber Security

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

OUTCOME OF PROCEEDINGS

A Guide to the Cyber Essentials Scheme

Cyber Risk Management

Cybersecurity in the maritime and offshore industry

Risk Management in Practice A Guide for the Electric Sector

Protecting against cyber threats and security breaches

Cybercrime in the Automotive Industry How to improve your business cyber security

Cybersecurity The role of Internal Audit

developing your potential Cyber Security Training

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE.

Defensible Strategy To. Cyber Incident Response

Combating Cyber Risk in the Supply Chain

Helmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU

Transcription:

CYBER SECURITY FOUNDATION - OUTLINE Cyber security - Foundation - Outline

Document Administration Copyright: QT&C Group Ltd, 2014 Document version: 0.2 Author: N R Landman (MD and Principal Consultant) Changes: Date Ref Change Summary This outline describes the content of a 2 day foundation course on cyber security. Aims The aims of the course will be to introduce delegates to: 1. The evolution of the term cyber security and the role played by the ever changing IT and information infrastructures in which modern business is conducted; 2. The interaction between traditional information security and cyber security; 3. The language and concepts of cyber security, including; a. Cybercrime, b. Cyber warfare, c. Cyber terrorism. 4. Examples of various frameworks including legal frameworks, that have and are evolving a. NIST Cyber security framework (V1.0, 2014) US Centric, b. BSC PAS 555:2013 Global, c. CREST and Cyber Security Essentials scheme UK Centric, d. Special Action Plan on Countermeasures to Cyber-terrorism for Critical Infrastructures Japan, e. ENISA and the National/European Cyber security strategies - Europe f. General Data Protection Regulation Europe, g. esignature Directive and eidentification Europe h. PCI-DSS (V3) i. Governance within a cyber-security centric world 5. The threat centric nature of cyber security and the relationship with information security risk management, a. Attack scenarios threat actors exploiting the exploitable (vulnerabilities), 6. The importance of incident response and the road to recovery, 7. Providing assurance within a cyber-security environment. This is a soft skills course that can be delivered using: Contact training elearning Blended learning Nigel Landman DRAFT 1

Details Ref: Module Activity (Aims and Objectives Time D1.1. Introduction Health & Safety 09:00 to 09:30 Trainer and delegates Course outline and timing D1.2. Evolution of the term Aim: 09:30 to 10:30 cyber security The evolution of the term cyber security and the role played by the ever changing IT and information infrastructures in which modern business is conducted. Explain how the term cyber security has evolved; Identify the technology changes that now affect the way in which we conduct business; Describe, briefly, some of the serious breaches that have occurred. D1.3. Break Tea/coffee 10:30 to 10:45 D1.4. Information security Aim: 10:45 to 11:30 vs. Cyber security The interaction between traditional information security and cyber security Define the term information security; Define the term cyber security; Describe the differences (if any) between the two and what assets are being protected Explain why there is now an emphasis upon cyber security. D1.5. Language of Cyber Aim: 11:30 to 12:30 security The language and concepts of cyber security using authoritative references Define the terms used within information security D1.6. Lunch 12:30 to 13:30 D1.7. Recap Aim: 13:30 to 14:00 Recap/review of the morning session Objective: Demonstrate using the language and knowledge gained to describe a cybersecurity breach D1.8. Frameworks Aim: 14:00 to 15:00 Frameworks including legal frameworks that have and are evolving. Nigel Landman DRAFT 2

Identify the various frameworks that have and are evolving around cyber security; Compare these frameworks with those associated with information security (ISMS family of standards and others); Describe changes to legal and industry regulations that have and must be made within a cyber-security centric business world; Explain changes to governance structures that may be required. D1.9. Break Tea/coffee 15:00 to 15:15 D1.10. Framework continue 15:15 to 16:00 D1.11. Discussion Aim: 16:00 to 16:30 Review of the day s activity. Restate, through discussion and using the language of information and cyber security, the serious challenges faced by modern business. D2.1. Risk Aim: 09:00 to 10:30 The threat centric nature of cyber security and the relationship with information security risk management; o Attack scenarios threat actors exploiting the exploitable (vulnerabilities). Define the terms used within the world of risk (ISO Guide 73); Identify the standards used within risk; Explain the relationship between enterprise risk management and information security risk management; Expand the reasons why cyber security is threat centric. D2.2. Break Tea/coffee 10:30 to 10:45 D2.3. Risk continued Objectives (continued): 10:45 to 12:30 Describe the kill chain Identify the process of a risk assessment and treatment and compare with the threat centric nature of cyber-security; Illustrate with a given set of scenarios a activities required to treat the described risks to reduce the level and exposure of risk. D2.4. Lunch 12:30 to 13:30 D2.5. Review Review of pre-lunch exercises 13:30 to 14:00 Nigel Landman DRAFT 3

D2.6. Incident response Aim: 14:00 to 15:00 The importance of incident response and the road to recovery. Outline the lessons learned from recent high profile breaches; Describe the importance of incident response; Demonstrate through scenario based exercise incident response actions. D2.7. Break Tea/coffee 15:00 to 15:15 D2.8. Assurance Aim: 15:15 to 16:00 Providing assurance within a cybersecurity environment. Explain the term information assurance (IA); Identify the information systems that IA must include; Describe the difference between IA and cyber security; Illustrate the relationship between IA, risk, and cyber security. D2.9. Wrap-up Discussion and feedback on the course activities; Discussion on next steps Close 16:00 to 16:30 End. Nigel Landman DRAFT 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information