MIS 3580 Defending Against Cyber Crime

advertisement
MIS 3580 Defending Against
Cyber Crime
Professor Thu Nguyen
thungu@outlook.com
Let’s get to know each other
• Get to know your neighbor
–
–
–
–
–
–
Name
Major
Animal & Why?
Why is he/she choose this class?
What experiences has he/she has with IT Security?
What does he/she want out of this class besides an “A”?
Key Learning Objectives
• Understand the RISKS associated in Info Sec
• Understand basic Information technology risk
concepts
• Understand components of an IT risk scenarios
• Understand Critical Security Controls
• Understand common threat vectors
• Field research/simulation and executive presentation
Review Syllabus
• Texts
– Information Security Contemporary Cases by Marie Wright
& John Kakalik
– The Executive Guide to Information Security Threats,
Challenges and Solutions by Kark Egan w/ Tim Mather
• Read the assigned chapters before the class
• Pick your partners & date to present study case &
questions
• Same partner to perform Lab work
• Adhere to the syllabus rules, however assignments
may be subject to change.
• Mutual & Interactive Learning environment
Discussion Topics
• Why do Business need Information Security?
– To provide consumer confidence to do business
electronically
– To satisfy regulations / laws
– To protect company assets
• What skills will you need to navigate the
business word as an Information Technology
Professional?
Demands in Information Security
Professionals
• “The 5 (6) skills security pros need to be honing
today in order to thrive in the years ahead”
– www.csoonline.com
1. Big risk manage
2. Data Analytics
3. Be a business partner-collaborator
4. Technical and business savviness
5. Versatile – Can ware multiple hats (IT pros, Ops.
manager, investigator/auditor, compliance, HR, etc.)
6. Stay connected, current & relevant
INFO SEC Jobs
•
•
•
•
•
•
•
•
Information Security Analysis-Director
Information Technology Consultants
Information Technology Auditors/Director
Information Security
Chief Information Security Officers- CISOs
Cyber Security Professionals
IT Risk Manager/Director
Compliance Manager/Director
20 Cool InfoSec & Cybersecurity Jobs from SANS
#1 Information Security Crime Investigator/Forensics Expert
#2 System, Network, and/or Web Penetration Tester
#3 Forensic Analyst
#4 Incident Responder
#5 Security Architect
#6 Malware Analyst
#7 Network Security Engineer
#8 Security Analyst
#9 Computer Crime Investigator
#10 CISO/ISO or Director of Security
#11 Application Penetration Tester
#12 Security Operations Center Analyst
#13 Prosecutor Specializing in Information Security Crime
#14 Technical Director and Deputy CISO
#15 Intrusion Analyst
#16 Vulnerability Researcher/ Exploit Developer
#17 Security Auditor
#18 Security-savvy Software Developer
#19 Security Maven in an Application Developer Organization
#20 Disaster Recovery/Business Continuity Analyst/Manager
Skill Requirements
• BA/BS/MS/MBA degree in technology and financial related
field
• Certifications ( CISA, CISM, CISSP, ISC, etc. )
• Knowledge of Network, IT Operations, IT security, DBM, SQL,
data analytics, etc.
• Knowledge of GLB (privacy), HIPPA, COSO, COBIT, CMMI
• Project management skills
• Knowledge of information security, law & regulations
• Knowledge of business operations & risk management
• Experience in IT security xx years.
• DO YOUR OWN RESEARCH ON THE JOB YOU WANT!
• Pursuit the studies & experiences need to full fill the post.
Certifications
Recent Headline Security News
• 8/14/14 “A Russian crime ring has amassed the largest known
collection of stolen Internet credentials, including 1.2 billion
user name and password combinations and more than 500
million email addresses, security researchers say.”
• 8/15/2014 “The U.S.-based Supervalu supermarket chain is
investigating a network intrusion that may have resulted in
criminals compromising customer data from point-of-sale
systems at 180 stores in 25 states”
• 8/18/14 “Community Health Systems, which owns 206
hospitals, says a network breach exposed 4.5 million
patients' personal information. Forensics experts believe the
attacker was an "advanced persistent threat group originating
from China."
Challenges & Opportunities in Info Sec
• Info Sec Pros are in demand for the immediate
decade & beyond.
• ISACA “Cybersecurity attracts spur demand
for CISO talents” August 14, 2014 article.
• Rapid changes. Consistently stay in-tune &
updated. Get informed
– Cnet.com, SAN.org, Infragard.net, ISACA.org, etc.
• Stay ahead of the “bad guys”- Cyber War is
real & here!
Info Sec Challenges when you are the
CEO
• Info security is a significant boardroom issue that executives
need to understand to conduct business in modern time
• Security incidents have grown to a multi billion dollar industry
globally in increasing speed, complexity and business impact.
• Information security market today is immature and
opportunities for better solution.
• More regulations and governance will continue in a effort to
protect consumers and enterprise that engages in
ecommerce.
Next Week’s Assignments
•
•
•
•
Review Appendix D of the Executive Guide manual.
Research your 1st job requirements
Review Chapter 2 of the Executive Guide manual
Team 1 – Read & present the SRA International Inc.
case study from the Information Security
Contemporary Cases manual
• Power Point Presentation must include:
– Executive Summary of the case
– Answer Questions: 2, 3, 6, 8, 9, & 10
Questions?
Download