The hackers are ready. Are we?

Similar documents

KEY TRENDS AND DRIVERS OF SECURITY

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

InfoSec Academy Application & Secure Code Track

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Trends in Information Technology (IT) Auditing

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

Application Backdoor Assessment. Complete securing of your applications

Assessing the Effectiveness of a Cybersecurity Program

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Computer Security and Investigations

CFIR - Finance IT 2015 Cyber security September 2015

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Field of Study Area of Expertise Certification Vendor Course

Bellevue University Cybersecurity Programs & Courses

Certified Information Security Manager (CISM)

Big 4 Information Security Forum

capabilities statement

Learning Tree Training Pre-approved Training for Continuing Education Units (CEUs)

EC-Council. Certified Ethical Hacker. Program Brochure

Connecting PTE to Careers in Idaho

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

FINRA Publishes its 2015 Report on Cybersecurity Practices

Cisco Network Specialist CCNA

Course Content Summary ITN 267 Legal Topics in Network Security (3 Credits)

ISACA Tools Help Develop Cybersecurity Expertise

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Event Length. Register for Events Online minutes 1 Each Week 2 hrs 2 hrs 2 hrs 2 hrs 2 hrs.

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Cyber Education triangle clarifying the fog of cyber security through targeted training

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

CompTIA CASP Pre-approved Training for CompTIA CASP Continuing Education Units (CEUs)

Introduction to Cybersecurity Overview. October 2014

Boost elearning IT Training INSTRUCTIONAL DESIGN, LEARNING PATHS, AND COURSE CATALOGUE

Social Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Network Support. Technical Certificate. Program Outcomes: FOUNDATION COURSES. 1 of 7

ددم یلع اي PROFILE Name: Date of Birth: Marriage: Job experience: WORKING EXPERIENCE December 2014 Present MCI and April 2013 December 2014

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

UBS Training Course Catalog

Cyber Risks in the Boardroom

Cybersecurity Certificate Programs

Tom VAN DEN EYNDE CISSP, CISA, CISM

NICF Cyber Security Operations Specialist DigiSAFE Cyber Security Centre ST Electronics (Info-Security) Pte Ltd

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Defending Against Data Beaches: Internal Controls for Cybersecurity

CYBERBOK Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

How To Be A Successful Member Of The European Agency For Security And Safety

ISACA S CYBERSECURITY NEXUS (CSX) October 2015

Into the cybersecurity breach

E-LEARNING BUSINESS COURSES

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Integrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis

InfoSec Academy Pen Testing & Hacking Track

Florida Department of Management Services Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services RFI

InfoSec Academy Forensics Track

ACADEMIC YEAR SCHOOL OF INFORMATION TECHNOLOGY. AS in INFORMATION TECHNOLOGY. BS in INFORMATION TECHNOLOGY

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Personal Security Practices of the CAO

Information Security Management Systems

BUILD YOUR CYBERSECURITY SKILLS WITH NRB

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Cybersecurity Education Doesn t Always Take Place in the Classroom

Master of Science in Electrical Engineering

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Informatiebeveiliging volgens ISO/IEC 27001:2013

Governance and Management of Information Security

Global Knowledge Cybersecurity Training

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Penetration Testing in Romania

Wat is NMCT? Wat hebben de studenten gezien? NEW MEDIA AND COMMUNICATION TECHNOLOGY 1

Network Engineering Technology

Logging In: Auditing Cybersecurity in an Unsecure World

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright Security Compass. 1

SWASCAN ALL in ONE. SWASCAN Web Application SWASCAN Network SWASCAN Code Review

CompTIA Security+ Pre-approved Training for CompTIA Security+ Continuing Education Units (CEUs)

Chapter 1 The Principles of Auditing 1

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Access FedVTE online at: fedvte.usalearning.gov

ACADEMIC YEAR SCHOOL OF INFORMATION TECHNOLOGY. AS in INFORMATION TECHNOLOGY COMPUTER INFORMATION SYSTEMS. BS in INFORMATION TECHNOLOGY

Program Overview and 2015 Outlook

Penetration testing & Ethical Hacking. Security Week 2014

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

CESG Certification of Cyber Security Training Courses

Transcription:

The hackers are ready. Are we? Shopt IT 2015-30 april Kurt Callewaert HOWEST UNIVERSITY of APPLIED SCIENCES Lecturer Applied Computer Science- Computer & Cyber Crime Professional Research manager ISACA Academic Advocate for Howest University College Member of the Belgian Cyber Security Coalition 11/05/2015 SHOPT IT 2015 1

11/05/2015 SHOPT IT 2015 2

Number of infected computers in Belgium 751.000 Notifications of infected computers in Belgium (until June 2014) 3

Number of incidents and notifications at CERT.be 800 700 600 500 X 5,29 614 Notifications at CERT.be / month 400 300 200 Incidents at CERT.be / month 100 0 116 2010 2011 2012 2013 Q1-Q2 2014 4

Kurt Callewaert Kurt.Callewaert@howest.be Lecturer Applied Computer Science * Maths, Problem solving * Cryptography * Cybersecurity Management * IT Governance Cobit 5 * Risk management / assesment Research manager * Research projects * Internships / Bachelor Proofs * Challenges, studytours, IT fairs, Member of the Belgian Cyber Security Coalition https://be.linkedin.com/in/kurtcallewaert 11/05/2015 SHOPT IT 2015 5

11/05/2015 SHOPT IT 2015 6

Education Landscape for Cybersecurity Education in IT and Computer Sciences Check www.b-ccentre.be/education Specific courses within other education programs Check www.b-ccentre.be/education Education in Information Security and Cybersecurity related domains Following pages list inventoried options 11/05/2015 SHOPT IT 2015 7

Education in IT and Computer Sciences Specific courses within other education programs Check b-ccentre.be/education 11/05/2015 SHOPT IT 2015 8

Education in Information Security and Cybersecurity related domains Academic education in Information Security, Cybersecurity and related studies Inventoried education offering: Computer & Cyber Crime Professional (Bachelor),HOWEST University of Applied Sciences (Bruges) Executive Master of IT Governance And Assurance, Antwerp Management School Advanced Master of Intellectual Property Rights And ICT Law, Ku Leuven Executive Programme in Security Governance, Solvay Brussels School Of Economics And Management Executive Programme in Cybersecurity, Solvay Brussels School Of Economics And Management Executive Programme in Information Security, Solvay Brussels School Of Economics And Management Executive Master in Information Risk And Cybersecurity, Solvay Brussels School Of Economics And Management 11/05/2015 SHOPT IT 2015 9

11/05/2015 SHOPT IT 2015 10

COMPUTER & CYBER CRIME PROFESSIONAL HOWEST University of Applied Sciences in Bruges www.howest.be Unique training from the age of 17 / 18 years Level : Professional Bachelor Applied Computer Science 3 years Technical skills : Web pentesting, Network & system pentesting, Forensic analysis, Social engineering, Cryptography, Biometrics, Non technical skills : IT Governance, Information security management, Risk management, Risk assesment, Privacy rules, IT jurisdiction, Cyber crimes, Mobile security management, Cybersecurity, Frameworks : COBIT 5, ISO 27001/2, NIST CSF, PTES, ITIL v3, OWASP, SANS, Certificates : CEH, Cisco CCNA, VMware, CSX (Cyber Security nexus) Ready for CISSP and CISM Secure development : Python, C, C#, PHP, Java, JavaScript, ASP.NET 11/05/2015 SHOPT IT 2015 11

11/05/2015 SHOPT IT 2015 12

Traject Computer & Cyber Crime professional HOWEST - Toegepaste informatica Webbeveiliging I S2 Web pentesting Parcifal Aertssen NL 2 Data mining technieken S3 Wetgeving i.v.m. privacy en databanken en informaticarecht Marc Vael NL 3 Webbeveiliging II S3 Webbeveiligingen en Honeypot Parcifal Aertssen NL 3 Softwareontwikkeling en beveiliging S4 C en Python Jonas Maes NL 3 Computercriminaliteit S4 Computercriminaliteit Guy Verbeeren NL 3 Projecten III S4 Beveiligingsproject in samenwerking met bedrijf of organisatie S5 Kurt Callewaert NL 6 Beveiligingstechnologie II S5 VMware, Cloud computing en beveiliging Tijl Deneut ENG 3 Linux Server security Jonas Maes ENG 3 Forensische ICT en CCNA Security S5 Forensische ICT tools Tijl Deneut ENG 2 CCNA Security Christiaan Ledoux ENG 2 Beveiligingsalgoritmes en -software S5 Beveiligingsalgoritmes - cryptography Kurt Callewaert ENG 3 Netwerk en systeem pentesting Tijl Deneut ENG 3 Beveiligingsbeleid S5 IT Governance Kurt Callewaert ENG 2 Beveiligingsbeleid, threat en risk assessment Kurt Callewaert ENG 2 Webbeveiliging IV S5 Gastsprekers uit de security over onderwerpen die niet aan bod Tijl Deneut ENG 3 kwamen tijdens de lessen vb SCADA Challenges, seminaries en bedrijfsbezoeken S6 Kurt Callewaert ENG/NL Deelname Brucon, Infosecurity, Hacking challenges, Fosdem 3 Bezoek NATO en Europol Bachelorproef en stage S6 Kurt Callewaert ENG/NL Security stage in een bank, bedrijf of openbare instelling, 27 11/05/2015 SHOPT IT 2015 13 73

Technische en niet-technische certificaten 11/05/2015 SHOPT IT 2015 14

Secure development 11/05/2015 SHOPT IT 2015 15

Stages en beveiligingsprojecten 11/05/2015 SHOPT IT 2015 16

Roadmap security audit (beveiligingsproject) 1. Introductie 1.1. Duratie van de audit 1.2. Voorwaarden van de audit 1.3. Technisch/Organisatorisch 1.4. Non-Disclosure Agreement 1.5. Penetration Test 2. Process flow and phases 2.1. Reconnaissance fase 2.2. Information Gathering 2.3. Information Analysis 2.4. Penetration test 2.4.1. Network penetration fase 2.4.2. Application Penetration test 2.4.3. Social Engineering 2.4.4. Audits 2.5. Conclusie 3. Schema Roadmap 4. Rapportering 4.1 SANS Five Quick Wins 5. Bijlagen 11/05/2015 SHOPT IT 2015 17

11/05/2015 SHOPT IT 2015 18