AN
INTRODUCTION TO CYBER SECURITY
AGENDA
1) What is Cyber Security?
2) Why is it relevant in today’s world.
3) Course outline & scope.
4) Relevant Certifications.
5) A Career In Cyber Security
(Nigeria/Europe/Asia/USA/Canada).
6) Earning Potentials.
7) Training Duration/ Module Content/Cost of
Training.
8) Q & A
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
1
Cyber security in simple
words is the practice of
securing information and
technology assets and
resources from malicious
attacks that can affect
the normal functionalities
and purposes of these
assets and resources.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
2
WHY IS CYBER SECURITY
RELEVANT IN TODAY’S WORLD
Ever since the advent of the new millennium the dotcom era ushered in a new digital
world. A world were almost every facet of our lives is being driven by TECHNOLOGY. For
Example:

Government Operations

Financial Services

Healthcare

Insurance

Agriculture

Transportation

Education
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
 Retail
 Technology
 Entertainment
 Media (Electronic & Social)
 Communication
3
 Therefore you will discover that those
businesses that have failed to embrace
technology found their way to extinction.
 The problem is that the more there is an
advancement in the world of technology, the
more technological crime increases.
 For instance, cyber-attacks is a major
reasons why many companies have
experienced a lot of loses in the process of
running their businesses. As a result, many
job opportunities have been created in this
profession, because businesses need to
protect their assets.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
4
 Protect networks and data from
unauthorized access
 Improved information security and business
continuity management
BENEFITS
OF CYBER
SECURITY
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
 Improved stakeholder confidence in your
information security arrangements
 Improved company credentials with the
correct security controls in place
 Faster recovery times in the event of a
breach
 Business Cost Savings
5
CYBER SECURITY
OBJECTIVES
***Otherwise known as the
CYBERSECURITY TRIAD
1. Confidentiality
2. Integrity
3. Availability
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
6
WHAT IS
CONFIDENTIALITY?
This is the practice of ensuring that information or data is delivered to the
intended recipient without getting to the wrong hands. In other words,
information should be accessed by only those that are authorised to have
them and this is usually done by classifying the information in accordance
with their level of sensitivity. A typical classification is:
1.
Confidential (Top Confidential level)
2.
Restricted (Medium Confidential Level)
3.
Internal Use ((Lowest level of Confidentiality)
4.
Public (Everyone can see the Information)
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
7
WHAT IS INTEGRITY?
This is ensuring that information
and data whether at rest, in process
or in transit is not
modified/changed or destroyed by
an unauthorised person.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
8
WHAT IS AVAILABILITY?
This is to always ensure that
information and data is available and
accessible to persons who are
authorised and authenticated to have
them.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
9
POLICY,
PROCEDURE,
COMPLIANCE
AND
GOVERNANCE
IN CYBER
SECURITY
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
1. Policy – These are sets of rules and
regulations for handling and protection of
information assets and resources in an
organisation. Any organisation that wants
to implement information and cyber
security must first draft a policy that will
govern the program. It is a high level
document (not granular) that defines how
an organisation will approach and
implement information and cyber security,
and relate with the organisations overall
goals and objectives policy.
10
POLICY,
PROCEDURE,
COMPLIANCE
AND
GOVERNANCE
IN CYBER
SECURITY
CONT’D
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
2. Procedure – This is a Standard
Operating Procedure (SOP) and it is a
formal and written guidelines and
instructions on how to handle an
incident in Cyber Security. It is a stepby-step process of what one should do
in any cyber security event. This is
more detailed than a policy. It is
sometimes referred to as
Departmental Operating Instruction
(DOI) in some organisation.
11
POLICY, PROCEDURE, COMPLIANCE AND
GOVERNANCE IN CYBER SECURITY CONT’D
Governance and Compliance - This provides oversight and
assurance that the policies, procedures, standards and frameworks
an organisation has agreed upon are maintained. This also includes
regulation from external sources like government agencies.
Governance and Compliance is most times referred to as
Governance, Risk and Compliance (GRC) and they are charged with
establishing an Enterprise Risk Management Framework for
managing all risks including cyber security risks and compliance
with regulation.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
12
Standards and Frameworks are in
between policies and procedures. By
this, we mean they provide guidance on
how a cybersecurity program can be
implemented but they do not contain the
step-by-step processes a procedure will
have. They are also more detailed than a
Policy.
STANDARDS
AND
FRAMEWORKS
There are Internationally
recognised standards and
frameworks in Cyber Security
and a few of them are:
1. ISO 27001 - This is the
International Organization for
Standards guidance and
requirements for Information
Security Management System
(ISMS). It is used by organisations in
the overall management of
information assets and resources
including that of third parties that
are contracted to them.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
13
STANDARDS AND FRAMEWORKS CONT’D
2. NIST – This is a framework that was designed by the US government
and it is an acronym for National Institute of Standards and Technology.
The NIST Cybersecurity Framework helps businesses of all sizes
better understand, manage, and reduce their cybersecurity risk and
protect their networks and data.
Notice how this is similar to ISO 27001, but US being US will want to
have their own thing. Thus, organizations can choose between NIST
Cyber Security Framework and ISO 27001 (ISMS) as the standard and
framework they want to implement for their Cyber Security Program.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
14
STANDARDS
AND
FRAMEWORKS
CONT’D
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
3. PCI DSS – This means Payment
Card Industry Data Security
Standard. The Payment Card
Industry Data Security Standard
(PCI DSS) is a set of requirements
intended to ensure that all
companies that process, store, or
transmit credit/debit card
information maintain a secure
environment.
For example, any entity that
processes credit and debit
cards(VISA, Mastercard, Verve
e.t.c) transactions are mandated
by their government in some
jurisdictions (Nigeria inclusive) to
implement this standard.
15
STANDARDS AND FRAMEWORKS CONT’D
4. HIPAA-This is an acronym for Health Insurance Portability and
Accountability Act of 1996. It originated from the US and it is a federal law
that ensures the protections of sensitive patient health information from being
disclosed without the patient’s consent or knowledge.
5. GRAMM-LEACH-BLILEY ACT-The Gramm Leach Bliley Act (GLB Act or GLBA)
is also known as the Financial Modernization Act of 1999. It is a United States
federal law that requires financial institutions to explain how they share and
protect their customers’ private information. To be GLBA compliant, financial
institutions must communicate to their customers how they share the
customers’ sensitive data, inform customers of their right to opt-out if they
prefer that their personal data not be shared with third parties, and apply
specific protections to customers’ private data in accordance with a written
information security plan created by the institution.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
16
STANDARDS
AND
FRAMEWORKS
CONT’D
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
ISO 22301 – This is a framework that speaks
to Business Continuity Management
System. Recall the Cyber Security triad of
CIA (Confidentiality, Integrity and
Availability). This framework build in
resilience into the processes and
infrastructure of business (Technology and
non-Technology) to protect, reduce the
likelihood of occurrence, prepare for, respond
to, and recover from disruptive incidents
when they arise. With a Business Continuity
Management System, your organization is
prepared to detect and prevent threats. Thus,
this always ensures availability of information
assets and resources.
17
There are three (3) types of Cyber Security controls
1.
Management Control - Management
security is the overall design of your controls.
Sometimes referred to as administrative
controls, these provide the guidance, rules,
and procedures for implementing a security
environment. E.g. Policies, Standards and
Frameworks, SOP, Separation of Duties,
clearly defined roles and responsibilities.
2.
Operations Control - Operational
Security is the effectiveness of your controls.
Sometimes referred to as technical controls,
these include access controls, authentication,
antivirus, firewalls, IDS, Encryption, and
security topologies applied to networks,
systems, and applications.
3.
Physical Control - Physical security is the
protection of personnel, data, hardware, etc.,
from physical threats that could harm,
damage, or disrupt business operations or
impact the confidentiality, integrity, or
availability of systems and/or data. Examples
of physical controls are CCTV, Fence, Key
locks, Mantrap, Thermal Alarm, water sprinkler
etc.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
SECURITY
CONTROLS
18
NETWORKING
Computer Networking is the interconnection of two or more
computers with the purpose of communicating data electronically.
Computer Network is a lovely concept as the Internet is based on
this initiative. Unfortunately, Cyber attacks is also based on this
concept and an understanding of networking will bode well for a
cyber security practitioner.
However, we won’t delve much into networking in this session but
that will be dealt with in the main Cyber security training.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
19
Just a Secondary School education will
do
TRAINING
REQUIREMENTS
FOR CYBER
SECURITY
Basic Computer knowledge
Basic knowledge of security concept and
how to protect yourselves against any
form of attack.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
20
CERTIFICATION BODIES
Certifications are administered by Certain recognized global bodies such as
ISC2 - International Information System Security Certification Consortium, or (ISC)², is a non-profit
organization which specializes in training and certifications for cybersecurity professionals. It has
been described as the "world's largest IT security organization“. The organization is located in
Clearwater, Florida, USA.
ISACA - The Information Systems Control Association (ISACA) is a global association that supports the
adoption of industry-tested and globally accepted guidance for Information Systems (IS). Earning an
ISACA certification validates your credentials as an IS expert in your field. It is located Rolling
Meadows, Illinois USA.
CompTIA - The Computing Technology Industry Association is a non-profit trade association, issuing
professional certifications for the information technology industry. It is considered one of the IT
industry's top trade associations. It is located in Downers Grove, Illinois USA.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
21
TYPES OF CERTIFICATIONS
1. CISM – Certified Information Security Manager. This is is “an advanced certification which
indicates that an individual possesses the knowledge and experience required to develop
and manage an enterprise information security program.” This certification is offered by
ISACA, a nonprofit, independent association
2. CCISO - Certified Chief Information Security Officer is an EC-Council certification program
that recognizes real-world experience necessary to succeed at the highest executive levels
of information security. Intending Chief Information Security officers are attracted to this
certification as it provides them with executive knowledge of how to manage information
and cyber security
3. CISSP - Certified Information Systems Security Professional. This is a globally recognized
certification offered by the ISC2 (International Information Systems Security Certification
Consortium). The certification validates a candidate’s ability and expertise in all fields of
information security. CISSP certified professionals are called upon to define the design,
architecture, controls and management of highly secure business environments.
4. CAP - The Certified Authorization Professional (CAP) certification path builds your expertise
around the NIST Risk Management Framework (RMF). You'll learn best practices, policies
and procedures used to authorize and maintain information systems.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
22
TYPES OF CYBER SECURITY CERTIFICATIONS
CONT’D
CISA - Certified Information Systems Auditor. This is a globally
recognized certification for Information Systems Auditing and
Security professionals. As the requirements for certification
include at least five years’ work in the field, CISA is a proof of
both knowledge and experience in IS/IT auditing. The
certification issues by ISACA.
CEH - Certified Ethical Hacker. This is qualification obtained by
demonstrating knowledge of assessing the security of computer
systems by looking for weaknesses and vulnerabilities in target
systems, using the same knowledge and tools as a malicious
hacker, but in a lawful and legitimate manner to assess the
security posture of a target system. This knowledge is assessed
by answering multiple choice questions regarding various
ethical hacking techniques and tools. The certification is issues
by EC-Council
There are other Cyber security certifications, and they are too
numerous to mention.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
23
The CISM certification covers four domains
that focus on governance and management:
CISM
(ISACA)
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020

Domain 1. Information Security
Governance (24%)

Domain 2. Information Risk Management
and Compliance (33%)

Domain 3. Information Security Program
Development and Management (25%)

Domain 4. Information Security Incident
Management (18%)
24
The EC-Council CCISO Body of Knowledge covers all five the CCISO
Information Security Management Domains in depth and was written
by seasoned CISOs for current and aspiring CISOs.
 Domain 1 covers the Policy, Legal, and Compliance aspects of
Governance.
CCISO
(EC-COUNCIL)
 Domain 2 delves into the all-important topic of audit
management from the CISO’s perspective and also covers IS
controls.
 Domain 3 covers the Role of the CISO from a Project and
Operations Management perspective.
 Domain 4 summarizes the technical aspects that CISOs manage
in their day-to-day jobs, but from an executive standpoint.
 Domain 5 is all about Strategic Planning and Finance – crucial
areas for C-Level executives to understand in order to succeed
and drive information security throughout their organizations.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
25
CISSP (ISC2)
CISSP Common Body of Knowledge (CBK) is a collection of 8
domains that covers all the comprehensive aspects of information
security and CISSP domains explained. An applicant needs to
show their expertise in each of the domains to gain the
certification.
Here is a list of eight CISSP domains and chapters studied under
this certification
1.Security and Risk Management
2.Asset Security
3.Security Architecture and Engineering
4.Communications and Network Security
5.Identity and Access Management
6.Security Assessment and Testing
7.Security Operations
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
8.Software Development Security
26
CAP CERTIFICATION (ISC2)
The broad spectrum of topics included in
the CAP Common Body of Knowledge (CBK)
ensure its relevancy across all disciplines
in the field of information security.
Successful candidates are competent in
the following 7 domains:

Information Security Risk Management
Program

Categorization of Information Systems
(IS)

Selection of Security Controls

Implementation of Security Controls

Assessment of Security Controls

Authorization of Information Systems
(IS)

Continuous Monitoring
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
27
ISACA defines five CISA domains on
which you will be examined:
Domain 1 - Information System
Auditing Process (21% of exam)
CISA (ISACA)
Domain 2 - Governance and
Management of IT (17% of exam)
Domain 3 - Information Systems
Acquisition, Development and
Imp. (12% of exam)
Domain 4 - Information Systems
Operations and Business
Resilience (23% of exam)
Domain 5 - Protection of Information
Assets (27% of exam)
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
28
CEH (EC-COUNCIL)
The CEH exam can be attempted after completion
of the training course or verification of
experience by a manager or supervisor. The exam
consists of 125 questions broken into seven
different domains:
•Domain 1: Background (21.79%)
•Domain 2: Analysis/Assessment (12.73%)
•Domain 3: Security (23.73%)
•Domain 4: Tools/Systems/Programs (28.91%)
•Domain 5: Procedures/Methodology (8.77%)
•Domain 6: Regulation/Policy (1.90%)
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
•Domain 7: Ethics (2.17%)
29
EARNING POTENTIAL OF A CYBER SECURITY
OFFICER, ANALYST OR EXPERT
1. In US the earning ranges from $70,000 to $250,000 per annum.
2. In Canada the earning ranges from C$60,000 to C$150,000 per
annum.
3. In the UK it ranges from £25,000 to £80,000 per annum.
4. In Nigeria it ranges from NGN 1,000,000 to N30,000,000 per
annum.
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
30
DURATION/MODULE CONTENT/COST OF TRAINING
Course Duration: 8weekends (Saturday & Sunday Online zoom Classes)
A Certificate of Completion from Quarantyne Technologies, Reston Virginia will be issued after the end of the course. Plus
each student after class will be given free certification exam preparation modules (worth $1000)
The Course Modules shall cover areas for CISM, CAP, Security +, CCISO, CISSP ( After attending Course, you can write any
of these certifications and we would be on hand to guide you and provide mentorship at no cost - $5000)
Cost of Training in the US/Canada is $5000
Massively discounted Cost of training in Nigeria for a limited time is now N100,000
However, as a mark of our desire to promote an encourage young Nigerians we have decided to make it N50,000 for the
first 100 people!
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
31
Q&A
There are NO STUPID QUESTIONS!
Just GO AHEAD & ASK!!!
WhatsApp Contact details:
Ekwochi: +2348033861455
Enechi: +15715100996
QUARANTYNE TECHNOLOGIES ® COPYRIGHT © 2020
32