• No results found

CYBER SECURITY FOUNDATION - OUTLINE

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CYBER SECURITY FOUNDATION - OUTLINE"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

CYBER SECURITY

(2)

Document Administration

Copyright: © QT&C Group Ltd, 2014 Document version: 0.2

Author: N R Landman (MD and Principal Consultant) Changes:

Date Ref Change

Summary

This outline describes the content of a 2 day foundation course on cyber security.

Aims

The aims of the course will be to introduce delegates to:

1. The evolution of the term cyber security and the role played by the ever changing IT and information infrastructures in which modern business is conducted;

2. The interaction between traditional information security and cyber security; 3. The language and concepts of cyber security, including;

a. Cybercrime, b. Cyber warfare, c. Cyber terrorism.

4. Examples of various frameworks including legal frameworks, that have and are evolving a. NIST Cyber security framework (V1.0, 2014) – US Centric,

b. BSC PAS 555:2013 – Global,

c. CREST and Cyber Security Essentials scheme – UK Centric,

d. Special Action Plan on Countermeasures to Cyber-terrorism for Critical Infrastructures – Japan,

e. ENISA and the National/European Cyber security strategies - Europe f. General Data Protection Regulation – Europe,

g. eSignature Directive and eIdentification – Europe h. PCI-DSS (V3)

i. Governance within a cyber-security centric world

5. The threat centric nature of cyber security and the relationship with information security risk management,

a. Attack scenarios – threat actors exploiting the exploitable (vulnerabilities), 6. The importance of incident response and the road to recovery,

7. Providing assurance within a cyber-security environment. This is a soft skills course that can be delivered using:

 Contact training

 eLearning

(3)

Details

Ref: Module Activity (Aims and Objectives Time D1.1. Introduction  Health & Safety

 Trainer and delegates

 Course outline and timing

09:00 to 09:30

D1.2. Evolution of the term cyber security

Aim:

 The evolution of the term cyber security and the role played by the ever changing IT and information infrastructures in which modern business is conducted.

Objectives:

 Explain how the term cyber security has evolved;

 Identify the technology changes that now affect the way in which we conduct business;

 Describe, briefly, some of the serious breaches that have occurred.

09:30 to 10:30

D1.3. Break Tea/coffee 10:30 to 10:45

D1.4. Information security vs. Cyber security

Aim:

 The interaction between traditional information security and cyber security

Objectives:

 Define the term information security;

 Define the term cyber security;

 Describe the differences (if any) between the two and what assets are being protected

 Explain why there is now an emphasis upon cyber security.

10:45 to 11:30

D1.5. Language of Cyber security

Aim:

 The language and concepts of cyber security using authoritative references

Objectives:

 Define the terms used within information security

11:30 to 12:30

D1.6. Lunch 12:30 to 13:30

D1.7. Recap Aim:

 Recap/review of the morning session

Objective:

 Demonstrate using the language and knowledge gained to describe a cyber-security breach

13:30 to 14:00

D1.8. Frameworks Aim:

 Frameworks including legal frameworks

(4)

Objectives:

 Identify the various frameworks that have and are evolving around cyber security;

 Compare these frameworks with those associated with information security (ISMS family of standards and others);

 Describe changes to legal and industry regulations that have and must be made within a cyber-security centric business world;

 Explain changes to governance structures that may be required.

D1.9. Break Tea/coffee 15:00 to 15:15

D1.10. Framework continue 15:15 to 16:00

D1.11. Discussion Aim:

 Review of the day’s activity.

Objectives:

 Restate, through discussion and using the language of information and cyber security, the serious challenges faced by modern business.

16:00 to 16:30

D2.1. Risk Aim:

 The threat centric nature of cyber security and the relationship with information security risk management;

o Attack scenarios – threat actors exploiting the exploitable (vulnerabilities).

Objectives:

 Define the terms used within the world of risk (ISO Guide 73);

 Identify the standards used within risk;

 Explain the relationship between enterprise risk management and information security risk management;

 Expand the reasons why cyber security is threat centric.

09:00 to 10:30

D2.2. Break Tea/coffee 10:30 to 10:45

D2.3. Risk continued Objectives (continued):

 Describe the “kill chain”

 Identify the process of a risk assessment and treatment and compare with the threat centric nature of cyber-security;

 Illustrate with a given set of scenarios a activities required to treat the described risks to reduce the level and exposure of risk.

10:45 to 12:30

(5)

D2.6. Incident response Aim:

 The importance of incident response and the road to recovery.

Objectives:

 Outline the lessons learned from recent high profile breaches;

 Describe the importance of incident response;

 Demonstrate through scenario based exercise incident response actions.

14:00 to 15:00

D2.7. Break Tea/coffee 15:00 to 15:15

D2.8. Assurance Aim:

 Providing assurance within a cyber-security environment.

Objectives:

 Explain the term information assurance (IA);

 Identify the information systems that IA must include;

 Describe the difference between IA and cyber security;

 Illustrate the relationship between IA, risk, and cyber security.

15:15 to 16:00

D2.9. Wrap-up Discussion and feedback on the course activities;

Discussion on next steps Close

16:00 to 16:30

References

Download now ( PDF - 5 Page - 380.26 KB )

Related documents

Characterization and genetic manipulation of ergot pathway inefficiency in fungi

Although this variation in alkaloid accumulation indicated a difference in distribution or activity of ergot pathway enzymes, fluorescence associated with the expression of five

Investigation of the effect of hot water and water vapour treatments on the strength of thermally conditioned E-glass fibres

It was shown that the strength of single E-glass fibres, previously thermally conditioned at 500 °C for 1 hour, could be recovered by application of a liquid water, or

Abridgment of traditional procurement and e-procurement: definitions, tools and benefits / Noraizah Abu Bakar ...[at al]

Drawing on the various concepts used to explain e-procurement from different perspectives, e- procurement can be defined as the use of electronic tools and technologies,

Chapter 1. 5) Transformation outputs can always be seen. A) True B) False. 6) Transformation outputs can always be conveniently stored.

4) Operations can be classified according to the degree of variation in demand and visibility of the operation as well as their volume and variety of production.. 7)

Pirelli & C. S.p.A. Shareholders' Meeting 14 May 2015

He is member of the board of statutory auditors, auditor, director, liquidator and member of the supervisory body established under Legislative Decree 231/2001

White paper. Eight Steps to Going Mobile

In addition, when you are building your business based on automated field workers, the downtime from damaged devices or loss of data can quickly have a bigger impact than the cost

Supply Chain Digest Thought Leadership Series A 360-Degree View of Voice Technology in Logistics 2014

• There are a broad and growing number of Voice software solutions that provide basic Voice recognition capabilities, Voice application development, WMS or other host connectivity,

MAC 2233 (3) Calculus for Business & Non Physical Sciences STA 2023 (3) Business Statistics

191 SCIENCE EDUCATION  MIDDLE SCHOOL SCIENCE  College:    Education  Degree:    B. S.  Limited Access:   YES  Contact:    Dr. Sherry Southerland