Security Through Education · •Increasing state regulation and cyberspace surveillance will...

EC-Council

Security Through

Education

By Subela Bhatia

Agenda • Threat Landscape

• Demand for InfoSec , (Not just Professionals)

• NICE Framework

• EC-Council – Fulfilling the requirement

• CWC

• About ITpreneurs

Threat

Landscape “Sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity. (Ian Levy, Director, NCSC)

What’s happening?

• Exponential growth of data and information

• Dynamic workplace

• Automation

• Global consensus on privacy

• Cyber threat evolution

• Difficult-to-detect attacks

• Compliance challenges

And Its everywhere…

•When it comes to data security breaches, 2016 was yet another year that many security executives will not remember fondly.

•The year saw almost 1.4 billion data records lost or stolen, up 86% from 2015

Personal Data

• The year saw a number of incidents aimed at stealing personal data on Web sites

• Cyber criminals can extort victims into paying fees

Enterprise Wide Risk Management

• ERM has become a primary tool for organizational risk management

• Some areas of rationale for performing an enterprise security risk assessment include:

– Cost justification

– Productivity.

– Breaking barriers

– Communication

* http://www.isaca.org/journal/archives/2010/volume-1/pages/performing-a-security-risk-assessment1.aspx

Global State of Information Security Survey, http://www.pwc.com

Security incidents grow 66%

CAGR - Total number of detected

incidents

IDC Reports

• Organizations are increasingly deploying advanced security solutions.

• In addition, organizations have been implementing more expansive

training and awareness initiatives.

• Decision makers or CIOs see skills as the main hindrance .

•UAE foils over 561 cyber attacks against government, semi-government and private sector entities in the first half of 2017 as per TRA reports.

•TRA said it has been launching awareness campaigns and workshops, to promote cyber safety and best practices in this field.

•As cyber security becomes a growing concern both in the region and globally with the recent Wanna Cry incident which caused havoc in 150 countries and affected more than 200,000 computers. “Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online,” city can be exposed to such a collapse.”

Current Cyber Threats

Response to Cyber Threats

•Governments are likely to increase their surveillance and data-monitoring capabilities as they seek to ensure their own physical and cyber security.

•Countries are being urged to better protect their critical infrastructure.

•Increasing state regulation and cyberspace surveillance will present new challenges to domestic communication systems and indirectly affect companies, through issues such as regulated IT infrastructure requirements and strained internet service provision.

•Apex bodies like NESA and Supreme Council of National Security will take measures to increase the cyber security capabilities.

Building Capacity through Education

•It is crucially important to build competencies in information management and governance and the techniques of cybersecurity into higher education programs on two levels; technical and non-technical

•Reaping the economic potential of investing in education will yield both monetary and quality benefits. Graduates of these programs will be in demand in security firms, governments, corporations and the military.

Demand for InfoSec(not just)Professionals

IT USERS

IT Admin et al

Cyber Security

A Typical Organization

IT USERS

Demand for Cyber Security Professionals

http://burning-glass.com https://www.rit.edu

Fulfilling The Requirement

ANSI Accreditation

ANSI/ISO/IEC 17024 High quality

certification exam

Standard exam development

process

Imparts high value of

our certifications

ANSI Accredited Exam Process

100 percent mapping to NICE

Protect and Defend specialty

Skills and job roles based

learning

Standard-based training

modules

Better industry

acceptance

NICE Framework Compliance to National Initiative for Cybersecurity Education

(NICE)

Compliance

Why is it

important?

The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

NCWF – NICE Cybersecurity Workforce

Framework

• The programs included fulfil the goals set up by NICE:

• Accelerate Learning and Skills Development

• Nurture a Diverse Learning Community • Guide Career Development and

Workforce Planning • Mapped to the Specialty Areas

NICE Framework • Cybersecurity certifications are valuable credentials that complement

academic degrees, work experiences of a candidate. • Certifications provide evidence of a person's specific knowledge, skills,

and abilities (KSAs) and are most valuable when they are both recognizable and verifiable.

• Mapping certifications to specialty areas has been done in the past and with the advent of the NICE Working Group Training and Certifications subgroup and the publication of the NICE Framework (NIST SP 800-181), additional efforts have begun to map certifications to the work roles identified in the NICE Cybersecurity Workforce Framework.

It comes from the

experience & expertise

Fulfilling the

mission

through

various

learning

options

• Capacity Building • Footprints • Awareness

Who do we Do It For?

Aspiring Students

• For Academia Students

• More than 300 universities and colleges

• EC-Council Academic Partners deliver EC-Council content to university students

World Class Organizations!

…and many more!

A typical CWC set up

Mission

Capacity building

To discover requirement and provide a platform for the users of any and all computing devices to learn and implement secure usage and application of their personal as well as organization’s information assets

Strengthen Awareness

•To educate the community on the issues of insecure usage of the information assets and its consequence and encourage continuous learning and sustained application of secure usage.

•Our mission is to spur the growth and raise awareness towards increased education and ethics in the information security domain through setting up CWCs

Footprints

•To foster friendship and encourage dialogue among the users of these information assets, whether as an individual, representing a corporation or for a national agency, and encourage frequent exchange of essential information, technology and skills through CWCs

What exactly is

CWC? Awareness Awareness

Pre-assessment Pre-assessment

Training Training

Post-assessment Post-assessment

Certification Certification

CWC addresses the need of the growing concerns of security and cyber threats within the organization, which needs to be prioritized on an ongoing basis.

Cyber Wellness Center

Awareness Awareness Pre

Assessment Pre

Assessment Core Training Core Training

Reinforcing the concepts Reinforcing

the concepts Post

Assessment Post

Assessment

• Live

Instructor

Experience

• Visual 3D

Slides

• Core

Content

• Video

Classes

Performance Based Learning

Cyber Range

• iLabs

• Exploits

• 24x7 online

• Anywhere

• Hands-on

Learning

Reach out

• Social Media

• Events

• Engagements

Certification Certification

About CWC

Pre-training assessment Pre-training assessment

Training Training

Post-training assessment Post-training assessment

Certification* Certification*

*if qualify in assessment

About CWCs

Three stages: •Assessment – Candidates (users of information assets) will take an assessment to gauge their current skill level

•Training – Based on the skill-gaps, training is provided to the candidate. Various learning options are available

•Post Training Assessment is conducted to assess the gains from the training received. A candidate upon receiving ‘passing marks’ would get an international certificate from the world’s largest certifying body in InfoSec – EC-Council. Certificate of Participation is given to all those who complete their post-training assessment

Participants from 22 countries

• QCERT • ANSIE • Saudi Telecom Company • The Information and

eGovernment Authority, Bahrain

• HCT • National Telecomm, Corp.

NTC • ITA, CERT • Commercial Bank, Qatar • Ministry of Transport and

Communications, Qatar

• OMIFCO • ITU • Djibouti Telecom

S.A. • EG-CERT • maCERT • Ministry of Interior,

Qatar • Ministry of Defense,

Oman • Libya CERT

Examples

And it’s just the beginning!

• Governments in India, Saudi, Kenya

• Enterprise in Asia, Europe, Africa and Middle East

• Large Training players around the globe

• Universities

About ITpreneurs

ITpreneurs - Training Materials that make IT

departments move faster

ITpreneurs provides professional, worry free, courseware, certifications

and go-to-market services for innovative IT domains that help you to

run your own training courses. Every day over 500 training providers

across the world make use of ITpreneurs’ services. 40

ITpreneurs supports all organizations

throughout the supply chain

Portfolio

Planning

Training

Calendar Marketing Sales Delivery

ITpreneurs capabilities

400+ certifications,

1000+ titles

portfolio

Accreditation

Services

Training

Content

Partner Course

Calendar

Marketing in a Box

Marketing

Enablement

Leads Sharing

Enablement

Printing

Services

24/7 Service

Support LMS

management Training

Delivery

Primary Activities of a Training Provider

ITP Platform

Leapest Connects Buyers and Sellers

in the Training and Education Services

Domain

THANK YOU

For Further Details Contact

Subela.Bhatia@itpreneurs.com

Security Through Education · •Increasing state regulation and cyberspace surveillance will...

Documents

Transcript of Security Through Education · •Increasing state regulation and cyberspace surveillance will...

Uberveillance Ubiquitous online surveillance and computer science – ethical and legal issues David Vaile Co-convenor, Cyberspace Law and Policy Community.

SECURING CYBERSPACE

Disaster Mental Health Surveillance at State Health Agencies: … · 2018. 4. 4. · Disaster Response ... Mental health status, in turn, directly and indirectly influences individuals'

EVOLVING INTELLIGENCE, SURVEILLANCE & RECONNAISSANCE … · 2014. 6. 3. · of cyberspace operations is driving an imperative to evolve Intelligence, Surveillance and Reconnaissance

Internet and cyberspace

What’s In Cyberspace

Cyberspace Framing

[TECHNOLOGY ROADMAP FOR CYBERSPACE SECURITY] · KEMENTERIAN SAINS, TEKNOLOGI & INOVASI, MALAYSIA Technology Roadmap for Cyberspace Security 1. Introduction to Cyberspace Security

A New Approach to Well Completion Design, Surveillance › wp-content › uploads › ... · The companies in which Royal Dutch Shell plc directly and indirectly owns investments

Space and Cyberspace

Sleepless in Cyberspace?

Cyberspace and Transportation

Cyberspace Textuality

Cyberspace The Visualisation of Virtual Surveillance

Security in Cyberspace

Cyberspace jurisdiction

Mapping Cyberspace

The Agonistic Social Media: Cyberspace in the Formation of ... · ity through surveillance operations, propaganda, and hacktivism. Online social media are agonistic arenas where information,

Cyberspace LTE

Cyberspace & Digital Divide