Upload
ejespino1127
View
4
Download
0
Embed Size (px)
DESCRIPTION
Cyber Crime Security EssentialBody of Knowledge:A Competency and Functional Framework forCyber Crime Management
Citation preview
CYBERBOK Cyber Crime Security Essential Body of Knowledge:
A Competency and Functional Framework for Cyber Crime Management Security Workforce Development aligned with ISO 31000* risk management principles and guidelines. *Note : ISO 31000 is the internationally-adopted risk management standard recognized by over 60 countries. More information : http://www.iso.org/iso/home/standards/iso31000.htm
Cyber Crime Management
CYBERPOL
Ver 1.00
Concept & Definition
CYBERPOL
Improve cyber crime awareness and management education for
cyber professionals in both law enforcement and corporate domain
Increase efficiency of existing cyber security training programs to
comply with ISO 31000
Promote vendor-neutral cyber security certifications and
compliance standards
Training & Education: Program Goals and Objectives
Cyber Crime Management
CYBERBOK Definition
CYBERPOL
Cyber Crime = unlawful act using any active or non active electronic device affecting the objectives of any type of networks or critical infrastructure.
Concept & Definition
Cyber Crime Management
CYBERBOK 11 Cyber Risks Domains
CYBERPOL
Cyber management practices Cyber Security management practices Cyber systems and methodology Cyber Telecommunications and networking security Cyber Cryptography Cyber Security architecture and models Cyber Operations security Cyber Application and systems development and security Cyber Security Business continuity and disaster recovery planning Laws, investigation, and ethics
Concept & Definition
Cyber Crime Management
CYBERBOK Cyber Crime Management
CYBERPOL
CYBERBOK Cyber crime management focuses on cyber crime information management and containment. CYBERBOK cyber crime management objectives are:
Manage and containment of cyber threats Awareness of cyber crime in the IT workforce arena Protecting cyber assist against cyber crime
Concept & Definition
Cyber Crime Management
CYBERBOK Cyber Risks Cyber risk management and ISO 31000
CYBERPOL
Nature and impact of Cyber Risk / Cyber Crime
Principles of Cyber risk management
Alignment with ISO 31000
Achieving the benefits of CRM (Cyber Risks Management)
Concept & Definition
Cyber Crime Management
CYBERBOK Practices
CYBERPOL
Need to know what to do /act in time -Subjects should know objects that enables them to perform basic risk assessment and management during cyber online functions.
Secure IT environment -Subjects should know how to work on a secure environment online what to do and what not to do
IT administrative controls -Subjects should know Policies, Standards, Processes, Procedures, & Guidelines in their IT work environment
Risk awareness -Subjects should know cyber risk awareness, good practices, Procedures, & Guidelines in their IT work environment when online
Concept & Definition
Cyber Crime Management
Categories of Cyber Risk Controls
CYBERPOL
Cyber crime risk assessment online -Online Policies, standards procedures and processes together with guideline of online access during work and out of work.
Cyber access control online -Service providers, firewalls, Infosec controls and identification control online in workforce or offline
Cyber crime preventive controls online -Prevention policies, guidelines, ID visibility and program security online
Cyber threat assessment online - Knowledge awareness of hacking, privacy, types of threats, trends of threats and impact,
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Objectives
CYBERPOL
Ensure that all government officials and corporate staff who have access to the online web has a good knowledge of cyber crime management when on the world wide web.
Establish a international baseline representing the essential knowledge and cyber skills when confronted with Cyber crime online in alignment with ISO 31000 risk management tools.
Advance the cyber security landscape by promoting cyber crime risk management competency guideline aligned with ISO 31000
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Framework Model
CYBERPOL
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Methodology
CYBERPOL
Develop notional cyber crime management competencies using ISO 31000 Standard Identify functions from resources and critical infrastructure work functions (CIWFs) and map to crime management competencies Identify key terms and concepts for each cyber crime risk management competency area Identify theoretical cyber security roles Categorize functions as: evaluate risk type - manage Map roles to Key competencies to functional perspectives
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Functional Perspectives
CYBERPOL
Evaluate
Risk
Type
Manage
Concept & Definition
Key Competencies
Cyber Crime Management
CYBERBOK Security: Functional Perspectives
CYBERPOL
Concept & Definition
Evaluate - Assessing the potential risks, threats and the policy or processes to effective achieve objectives
Risk - Scope of cyber threat risks and developing procedure guidelines to effectively asses the cyber risk.
Type - Putting policies, programs in action to determine the type of Cyber risk at hand to categorize it within the guidance of the work framework
Manage - Overseeing and managing technical aspects of the cyber security risk at low, medium or high level to change the risk and threat levels providing maximum cover in incident management possible.
Cyber Crime Management
CYBERBOK Security: The Framework
CYBERPOL
Key Competency Areas (11)
Regulatory and Standards such as ISO 31000 Guidelines
17 Function-Based Cyber Security Roles
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Key Competency Areas
CYBERPOL
IT systems and operations Network systems and operations Cyber incident management Critical infrastructures point of access Enterprise permanence Digital management Data Management System and application management IT access and management Information management Information access
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Regulatory and Standards
CYBERPOL
Refers to the application of the ISO 31000 risk management principles, framework and process that enable an enterprise to meet applicable information security CRM, regulations, standards, and policies to satisfy statutory requirements, perform industry-wide best practices, and achieve its information security program goals.
Concept & Definition
Cyber Crime Management
CYBERBOK Security: 17 Function-Based Cyber Security Roles
CYBERPOL
IT access and control Chief Information Officer Digital Forensics Professional Information Security Officer/Chief Security Officer IT Security Compliance Professional IT Security Engineer
Concept & Definition
Cyber Crime Management
IT Systems Operations and Maintenance Professional IT Security Professional Physical Security Professional Privacy Professional Procurement Professional Law Enforcement officials Intelligence officers Military and flagship officers
CYBERBOK Security: Cyber Security Compliance Professional Role Description:
CYBERPOL
The Cyber Crime Risk Management Security Compliance Professional is responsible for overseeing, evaluating, and supporting cyber risk compliance issues pertinent to the organization or government. Individuals in this role perform a variety of activities, encompassing cyber crime risk management compliance from an internal and external perspective. Such activities include leading and conducting internal investigations, assisting employees comply with internal cyber threat policies and procedures, and serving as a resource to external compliance officers during independent assessments. The Cyber Crime Risk Management Security Compliance Professional provides guidance and autonomous evaluation of the organization risk to Cyber crime and its management.
Concept & Definition
Cyber Crime Management
CYBERBOK Security: Support the Cyber Workforce
CYBERPOL
Concept & Definition
Cyber Crime Management
CYBERBOK
TRAINING EXPERIENCE
COMPLIANCE
Contact Information:
CYBERPOL
CYBERPOL Program Director Training and Education CYBERPOL -National Cyber Security Division
Concept & Definition
Cyber Crime Management
CYBERPOL
Cyber Crime Management
CYBERBOK Security: Testimonials & Feedback
CYBERPOL
Concept & Definition
Cyber Crime Management
Aligned with our mandate to promote the internationally-recognized ISO 31000 risk management standard, we are strongly supporting the initiative of CYBERPOL to provide a structured and robust foundation for Cyber Crime Management. The CYBERBOK - Cyber Crime Security Essential Body of Knowledge should become an extremely valuable source of knowledge for anyone involved or confronted to Cyber Crime, especially since the publication will be aligned with the ISO 31000 risk management standard.
Alex Dali, MBA, ARM, CT31000 President : The Global Institute for Risk management Standards G31000