Cybercrime Prevention

Advanced IT RISK, Security management and Cybercrime Prevention
Topics to be covered
Information Security and Risk Management
Objectives
Mission
Example Mission Statements
Goals
Security Support of Mission, Objectives, and Goals

Risk Management
Qualitative Risk Assessment
Quantifying Countermeasures
Geographic Considerations
Risk Assessment Methodologies
Risk Treatment

Security Management Concepts
Security Controls
CIA: Confidentiality, Integrity, Availability
Defense in Depth
Single Points of Failure
Fail Open / Fail Closed
Privacy

Security Management
Security Governance
Policies, Requirements, Guidelines, Standards, and Procedures
Security Roles and Responsibilities
Service Level Agreements
Secure Outsourcing
Data Classification and Protection
Certification and Accreditation
Internal Audit

Security Strategies
Personnel / Staffing Security
Hiring Practices and Procedures
Termination
Security Education, Training, and Awareness
Professional Ethics

Access Controls
Objectives
Identification and Authentication
Authentication Methods
How Information Systems Authenticate Users
How a User Should Treat Userids and Passwords
How a System Stores Userids and Passwords
Strong Authentication
Two Factor Authentication
Biometric Authentication
Authentication Issues

Access Control Technologies
Single Sign-On (SSO)
Reduced Sign-On

Access Control Attacks
Buffer Overflow
Script Injection
Data Remanence

Denial of Service (DoS)
Dumpster Diving
Eavesdropping
Emanations
Spoofing and Masquerading
Social Engineering
Phishing
Pharming
Password Guessing
Password Cracking
Malicious Code

Access Control Concepts
Principles of Access Control
Types of Controls
Categories of Controls
Detective Controls
Deterrent Controls
Preventive Controls
Corrective Controls
Recovery Controls
Compensating Controls
Testing Access Controls
Penetration Testing
Application Vulnerability Testing
Audit Log Analysis

Application Security
Objectives
Types of Applications

Application Models and Technologies
Control Flow Languages
Structured Languages
Object Oriented Languages
Knowledge Based Applications

Threats to Applications
Buffer overflow
Malicious Software
Malicious Software countermeasures
Input attacks
Object Reuse
Mobile code
Social Engineering
Back door
Logic bomb

Security in the Software Development Life Cycle (SDLC)
Security in the conceptual stage
Security application requirements and specifications
Security in application design
Threat risk modeling
Security in application coding
Security in testing
Protect the SDLC itself

Application Environment and Security Controls
Authentication
Authorization
Audit logging
Databases and Data Warehouses
Database Concepts and Design
Database Architectures
Database Transactions
Database Security Controls

Business Continuity and Disaster Recovery Planning
Objectives
What Is a Disaster
Natural Disasters
Man-made Disasters
How Disasters Affect Businesses
How BCP and DRP Support Security
BCP and DRP Differences and Similarities
Industry Standards Supporting BCP and DRP
Benefits of BCP and DRP Planning
The Role of Prevention

Running a BCP / DRP Project
Pre-project Activities
Performing a Business Impact Assessment
Survey In-scope Business Processes
Threat and Risk Analysis
Determine Maximum Tolerable Downtime (MTD)
Develop Statements of Impact
Record Other Key Metrics
Ascertain Current Continuity and Recovery Capabilities
Develop Key Recovery Targets
Sample Recovery Time Objectives
Criticality Analysis
Improve System and Process Resilience
Develop Business Continuity and Disaster Recovery Plans
Select Recovery Team Members
Emergency Response
Damage Assessment and Salvage
Notification
Personnel Safety
Communications
Public Utilities and Infrastructure
Logistics and Supplies
Business Resumption Planning
Restoration and Recovery
Improving System Resilience and Recovery
Training Staff on Business Continuity and Disaster Recovery Procedures

Testing Business Continuity and Disaster Recovery Plans
Document Review
Walkthrough
Simulation
Parallel Test
Cutover Test

Maintaining Business Continuity and Disaster Recovery Plans
Events that necessitate review and modification of DRP and BCP procedures

Cryptography
Objectives
Applications and Uses of Cryptography
What Is Cryptography
Encryption Terms and Operations

Encryption Methodologies
Methods of Encryption
Types of Encryption
Types of Encryption Keys
Substitution Cipher
Transposition Cipher
Monoalphabetic Cipher
Polyalphabetic Cipher
Running-key Cipher
One-time Pad
Block Ciphers
Block Cipher: Electronic Code Book
Block Cipher: Cipher Feedback (CFB)