• No results found

CYBERBOK Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CYBERBOK Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

Body of Knowledge:

A Competency and Functional Framework for

Cyber Crime Management

Security Workforce Development aligned with ISO 31000*

risk management principles and guidelines.

*Note : ISO 31000 is the internationally-adopted risk management standard recognized by over 60

countries. More information : http://www.iso.org/iso/home/standards/iso31000.htm

(2)

 Improve cyber crime awareness and management education for cyber professionals in both law enforcement and corporate domain  Increase efficiency of existing cyber security training programs to comply with ISO 31000

 Promote vendor-neutral cyber security certifications and compliance standards

Training & Education:

(3)

CYBERBOK Definition

Cyber Crime

= unlawful act using any active or non active electronic device affecting the objectives of any type of

(4)

CYBERBOK 11 Cyber Risks Domains

 Cyber management practices

 Cyber Security management practices  Cyber systems and methodology

 Cyber Telecommunications and networking security  Cyber Cryptography

 Cyber Security architecture and models  Cyber Operations security

 Cyber Application and systems development and security  Cyber Security

 Business continuity and disaster recovery planning  Laws, investigation, and ethics

(5)

CYBERBOK Cyber Crime Management

CYBERBOK Cyber crime management focuses on cyber crime information management and containment.

CYBERBOK cyber crime management objectives are:  Manage and containment of cyber threats

 Awareness of cyber crime in the IT workforce arena  Protecting cyber assist against cyber crime

(6)

CYBERBOK Cyber Risks Cyber risk

management and ISO 31000

 Nature and impact of Cyber Risk / Cyber Crime  Principles of Cyber risk management

 Alignment with ISO 31000

(7)

CYBERBOK Practices

 Need to know what to do /act in time

-Subjects should know objects that enables them to perform basic risk assessment and management during cyber online functions.  Secure IT environment

-Subjects should know how to work on a secure environment online what to do and what not to do

 IT administrative controls

-Subjects should know Policies, Standards, Processes, Procedures, & Guidelines in their IT work environment

 Risk awareness

-Subjects should know cyber risk awareness, good practices, Procedures, & Guidelines in their IT work environment when online

(8)

Categories of Cyber Risk Controls

 Cyber crime risk assessment online

-Online Policies, standards procedures and processes together with guideline of online access during work and out of work.  Cyber access control online

-Service providers, firewalls, Infosec controls and identification control online in workforce or offline

 Cyber crime preventive controls online

-Prevention policies, guidelines, ID visibility and program security online

 Cyber threat assessment online

- Knowledge awareness of hacking, privacy, types of threats, trends of threats and impact,

(9)

CYBERBOK Security: Objectives

 Ensure that all government officials and corporate staff who have access to the online web has a good knowledge of cyber crime

management when on the world wide web.

 Establish a international baseline representing the essential

knowledge and cyber skills when confronted with Cyber crime online in alignment with ISO 31000 risk management tools.

 Advance the cyber security landscape by promoting cyber crime risk management competency guideline aligned with ISO 31000

(10)
(11)

CYBERBOK Security: Methodology

 Develop notional cyber crime management competencies using ISO 31000 Standard

 Identify functions from resources and critical infrastructure work functions (CIWFs) and map to crime management competencies  Identify key terms and concepts for each cyber crime risk management competency area

 Identify theoretical cyber security roles

 Categorize functions as: evaluate – risk – type - manage  Map roles to “Key” competencies to functional perspectives

(12)

CYBERBOK Security: Functional Perspectives

E

valuate

R

isk

T

ype

M

anage

“Key”

Competencies

(13)

CYBERBOK Security: Functional Perspectives

Evaluate -

Assessing the potential risks, threats and the policy or processes to effective achieve objectives

Risk -

Scope of cyber threat risks and developing procedure guidelines to effectively asses the cyber risk.

Type -

Putting policies, programs in action to determine the type of Cyber risk at hand to categorize it within the guidance of the work framework

Manage -

Overseeing and managing technical aspects of the cyber security risk at low, medium or high level to change the risk and threat levels providing maximum cover in incident management possible.

(14)

CYBERBOK Security: The Framework

 “Key” Competency Areas (11)

 Regulatory and Standards such as ISO 31000 Guidelines

 17 Function-Based Cyber Security Roles

(15)

CYBERBOK Security: “Key” Competency Areas

 IT systems and operations

 Network systems and operations  Cyber incident management

 Critical infrastructures point of access  Enterprise permanence

 Digital management  Data Management

 System and application management  IT access and management

 Information management  Information access

(16)

CYBERBOK Security: Regulatory and Standards

Refers to the application of the ISO 31000 risk management principles,

framework and process that enable an enterprise to meet applicable

information security CRM, regulations, standards, and policies to

satisfy statutory requirements, perform industry-wide best practices, and achieve its information security program goals.

(17)

CYBERBOK Security: 17 Function-Based Cyber

Security Roles

IT access and control Chief Information Officer Digital Forensics Professional Information Security

Officer/Chief Security Officer

IT Security Compliance Professional IT Security Engineer

IT Systems Operations and Maintenance Professional IT Security Professional

Physical Security Professional Privacy Professional

Procurement Professional Law Enforcement officials Intelligence officers

(18)

CYBERBOK Security: Cyber Security

Compliance Professional Role Description:

The Cyber Crime Risk Management Security Compliance Professional is responsible for overseeing, evaluating, and supporting cyber risk compliance issues pertinent to the organization or government. Individuals in this role perform a variety of activities, encompassing cyber crime risk management compliance from an internal and external perspective. Such activities include leading and conducting internal investigations, assisting employees comply with internal cyber threat policies and procedures, and serving as a resource to external compliance officers during independent assessments. The Cyber Crime Risk Management Security Compliance Professional provides guidance and autonomous evaluation of the organization risk to Cyber crime and its management.

(19)

CYBERBOK Security: Support the Cyber

Workforce

CYBERBOK

TRAINING EXPERIENCE

(20)

Contact Information:

CYBERPOL Program Director

Training and Education

CYBERPOL -National Cyber Security Division

(21)
(22)

CYBERBOK Security: Testimonials & Feedback

Aligned with our mandate to promote the internationally-recognized ISO 31000 risk management standard, we are strongly supporting the initiative of CYBERPOL to provide a structured and robust foundation for Cyber Crime Management. The CYBERBOK - Cyber Crime Security Essential Body of Knowledge should become an extremely valuable source of knowledge for anyone involved or confronted to Cyber Crime, especially since the publication will be aligned with the ISO 31000 risk management standard.

Alex Dali, MBA, ARM, CT31000

References

Download now ( PDF - 22 Page - 761.77 KB )

Related documents

Maximising the power of your Supply Chain

Asset utilisation Shareholder Value Shareholder Value Profit Profit Invested Capital Invested Capital Sales Sales Costs Costs Fixed Capital Fixed Capital Working Capital Working

The Real (Sentencing) World: State Sentencing in the Post-Blakely Era

But the Supreme Court’s coming work in Cunningham, like Blakely before it, should motivate state legislatures, courts, and sentencing commissions to re- examine and improve

Correlation between BRAF mutation, histological grade and microsatellite instability with progression of papillary thyroid microcarcinoma

Histološki gradus tumora i broj slučajeva u kojih se ustanovilo postojanje mutacije proteina BRAF kod bolesnika s papilarnim mikrokarcinomom štitnjače.. 4.5

JAES_V61_1_2_ALL

Besides signal analysis, complex-smoothed transfer functions have been successfully applied for loudspeaker- room response equalization, where the complex-smoothed impulse response

Book Review 'Symbol, Pattern and Symmetry: The Cultural Significance of Structure, Michael Hann (2013)'

This book makes accessible visual arts analysis of geometric and symmetry characteristics identified by the author as traditionally the subject of study for

Other-regarding behaviour: Testing guilt- and reciprocity-based models

Hypothesis 4 (Game 2) The

Gaseous emissions during concurrent combustion of biomass and non-recyclable municipal solid waste

A pilot-scale fluidised bed combustor was used to burn biomass and MRFR in mixtures of various propor- tions. The effect of the MRFR waste fraction of the fuel mixture upon

EX3600-6

Alternator Engine stop Coolant overheat Hydraulic oil level Auto lubrication Fast-filling Tension Electric lever Emergency engine stop Top valve.. Engine over run Coolant level