MIS 3580 Defending Against Cyber Crime Professor Thu Nguyen thungu@outlook.com Let’s get to know each other • Get to know your neighbor – – – – – – Name Major Animal & Why? Why is he/she choose this class? What experiences has he/she has with IT Security? What does he/she want out of this class besides an “A”? Key Learning Objectives • Understand the RISKS associated in Info Sec • Understand basic Information technology risk concepts • Understand components of an IT risk scenarios • Understand Critical Security Controls • Understand common threat vectors • Field research/simulation and executive presentation Review Syllabus • Texts – Information Security Contemporary Cases by Marie Wright & John Kakalik – The Executive Guide to Information Security Threats, Challenges and Solutions by Kark Egan w/ Tim Mather • Read the assigned chapters before the class • Pick your partners & date to present study case & questions • Same partner to perform Lab work • Adhere to the syllabus rules, however assignments may be subject to change. • Mutual & Interactive Learning environment Discussion Topics • Why do Business need Information Security? – To provide consumer confidence to do business electronically – To satisfy regulations / laws – To protect company assets • What skills will you need to navigate the business word as an Information Technology Professional? Demands in Information Security Professionals • “The 5 (6) skills security pros need to be honing today in order to thrive in the years ahead” – www.csoonline.com 1. Big risk manage 2. Data Analytics 3. Be a business partner-collaborator 4. Technical and business savviness 5. Versatile – Can ware multiple hats (IT pros, Ops. manager, investigator/auditor, compliance, HR, etc.) 6. Stay connected, current & relevant INFO SEC Jobs • • • • • • • • Information Security Analysis-Director Information Technology Consultants Information Technology Auditors/Director Information Security Chief Information Security Officers- CISOs Cyber Security Professionals IT Risk Manager/Director Compliance Manager/Director 20 Cool InfoSec & Cybersecurity Jobs from SANS #1 Information Security Crime Investigator/Forensics Expert #2 System, Network, and/or Web Penetration Tester #3 Forensic Analyst #4 Incident Responder #5 Security Architect #6 Malware Analyst #7 Network Security Engineer #8 Security Analyst #9 Computer Crime Investigator #10 CISO/ISO or Director of Security #11 Application Penetration Tester #12 Security Operations Center Analyst #13 Prosecutor Specializing in Information Security Crime #14 Technical Director and Deputy CISO #15 Intrusion Analyst #16 Vulnerability Researcher/ Exploit Developer #17 Security Auditor #18 Security-savvy Software Developer #19 Security Maven in an Application Developer Organization #20 Disaster Recovery/Business Continuity Analyst/Manager Skill Requirements • BA/BS/MS/MBA degree in technology and financial related field • Certifications ( CISA, CISM, CISSP, ISC, etc. ) • Knowledge of Network, IT Operations, IT security, DBM, SQL, data analytics, etc. • Knowledge of GLB (privacy), HIPPA, COSO, COBIT, CMMI • Project management skills • Knowledge of information security, law & regulations • Knowledge of business operations & risk management • Experience in IT security xx years. • DO YOUR OWN RESEARCH ON THE JOB YOU WANT! • Pursuit the studies & experiences need to full fill the post. Certifications Recent Headline Security News • 8/14/14 “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.” • 8/15/2014 “The U.S.-based Supervalu supermarket chain is investigating a network intrusion that may have resulted in criminals compromising customer data from point-of-sale systems at 180 stores in 25 states” • 8/18/14 “Community Health Systems, which owns 206 hospitals, says a network breach exposed 4.5 million patients' personal information. Forensics experts believe the attacker was an "advanced persistent threat group originating from China." Challenges & Opportunities in Info Sec • Info Sec Pros are in demand for the immediate decade & beyond. • ISACA “Cybersecurity attracts spur demand for CISO talents” August 14, 2014 article. • Rapid changes. Consistently stay in-tune & updated. Get informed – Cnet.com, SAN.org, Infragard.net, ISACA.org, etc. • Stay ahead of the “bad guys”- Cyber War is real & here! Info Sec Challenges when you are the CEO • Info security is a significant boardroom issue that executives need to understand to conduct business in modern time • Security incidents have grown to a multi billion dollar industry globally in increasing speed, complexity and business impact. • Information security market today is immature and opportunities for better solution. • More regulations and governance will continue in a effort to protect consumers and enterprise that engages in ecommerce. Next Week’s Assignments • • • • Review Appendix D of the Executive Guide manual. Research your 1st job requirements Review Chapter 2 of the Executive Guide manual Team 1 – Read & present the SRA International Inc. case study from the Information Security Contemporary Cases manual • Power Point Presentation must include: – Executive Summary of the case – Answer Questions: 2, 3, 6, 8, 9, & 10 Questions?