Security Through Education · •Increasing state regulation and cyberspace surveillance will...

Copyright © 2017 ITpreneurs. All rights reserved. EC-Council

EC-Council

Security Through

Education

By Subela Bhatia


Agenda • Threat Landscape

• Demand for InfoSec , (Not just Professionals)

• NICE Framework

• EC-Council – Fulfilling the requirement

• CWC

• About ITpreneurs


Threat

Landscape “Sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity. (Ian Levy, Director, NCSC)


What’s happening?

• Exponential growth of data and information

• Dynamic workplace

• Automation

• Global consensus on privacy

• Cyber threat evolution

• Difficult-to-detect attacks

• Compliance challenges


And Its everywhere…

•When it comes to data security breaches, 2016 was yet another year that many security executives will not remember fondly.

•The year saw almost 1.4 billion data records lost or stolen, up 86% from 2015


Personal Data

• The year saw a number of incidents aimed at stealing personal data on Web sites

• Cyber criminals can extort victims into paying fees


Enterprise Wide Risk Management

• ERM has become a primary tool for organizational risk management

• Some areas of rationale for performing an enterprise security risk assessment include:

– Cost justification

– Productivity.

– Breaking barriers

– Communication

* http://www.isaca.org/journal/archives/2010/volume-1/pages/performing-a-security-risk-assessment1.aspx

http://www.isaca.org/journal/archives/2010/volume-1/pages/performing-a-security-risk-assessment1.aspx











































































Global State of Information Security Survey, http://www.pwc.com

Security incidents grow 66%

CAGR - Total number of detected

incidents


IDC Reports

• Organizations are increasingly deploying advanced security solutions.

• In addition, organizations have been implementing more expansive

training and awareness initiatives.

• Decision makers or CIOs see skills as the main hindrance .


•UAE foils over 561 cyber attacks against government, semi-government and private sector entities in the first half of 2017 as per TRA reports.

•TRA said it has been launching awareness campaigns and workshops, to promote cyber safety and best practices in this field.

•As cyber security becomes a growing concern both in the region and globally with the recent Wanna Cry incident which caused havoc in 150 countries and affected more than 200,000 computers. “Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online,” city can be exposed to such a collapse.”

Current Cyber Threats

http://https/en.wikipedia.org/wiki/WannaCry_ransomware_attack

http://https/en.wikipedia.org/wiki/WannaCry_ransomware_attack


Response to Cyber Threats

•Governments are likely to increase their surveillance and data-monitoring capabilities as they seek to ensure their own physical and cyber security.

•Countries are being urged to better protect their critical infrastructure.

•Increasing state regulation and cyberspace surveillance will present new challenges to domestic communication systems and indirectly affect companies, through issues such as regulated IT infrastructure requirements and strained internet service provision.

•Apex bodies like NESA and Supreme Council of National Security will take measures to increase the cyber security capabilities.


Building Capacity through Education

•It is crucially important to build competencies in information management and governance and the techniques of cybersecurity into higher education programs on two levels; technical and non-technical

•Reaping the economic potential of investing in education will yield both monetary and quality benefits. Graduates of these programs will be in demand in security firms, governments, corporations and the military.


Demand for InfoSec(not just)Professionals


IT USERS

IT Admin et al

Cyber Security

A Typical Organization


Spec

ializ

atio

n /

ex

per

tise

IT USERS


Demand for Cyber Security Professionals

http://burning-glass.com https://www.rit.edu


Fulfilling The Requirement


ANSI Accreditation

ANSI/ISO/IEC 17024 High quality

certification exam

Standard exam development

process

Imparts high value of

our certifications

1 2

3 4

ANSI Accredited Exam Process


100 percent mapping to NICE

Protect and Defend specialty

area

Skills and job roles based

learning

Standard-based training

modules

Better industry

acceptance

NICE Framework Compliance to National Initiative for Cybersecurity Education

(NICE)


NICE

Compliance

Why is it

important?

The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.


NCWF – NICE Cybersecurity Workforce

Framework

• The programs included fulfil the goals set up by NICE:

• Accelerate Learning and Skills Development

• Nurture a Diverse Learning Community • Guide Career Development and

Workforce Planning • Mapped to the Specialty Areas


NICE Framework • Cybersecurity certifications are valuable credentials that complement

academic degrees, work experiences of a candidate. • Certifications provide evidence of a person's specific knowledge, skills,

and abilities (KSAs) and are most valuable when they are both recognizable and verifiable.

• Mapping certifications to specialty areas has been done in the past and with the advent of the NICE Working Group Training and Certifications subgroup and the publication of the NICE Framework (NIST SP 800-181), additional efforts have begun to map certifications to the work roles identified in the NICE Cybersecurity Workforce Framework.


It comes from the

experience & expertise


Fulfilling the

mission

through

various

learning

options

• Capacity Building • Footprints • Awareness


Who do we Do It For?


Aspiring Students

• For Academia Students

• More than 300 universities and colleges

• EC-Council Academic Partners deliver EC-Council content to university students


World Class Organizations!

…and many more!


A typical CWC set up


Mission

Capacity building

To discover requirement and provide a platform for the users of any and all computing devices to learn and implement secure usage and application of their personal as well as organization’s information assets

1

Strengthen Awareness

•To educate the community on the issues of insecure usage of the information assets and its consequence and encourage continuous learning and sustained application of secure usage.

•Our mission is to spur the growth and raise awareness towards increased education and ethics in the information security domain through setting up CWCs

2

Footprints

•To foster friendship and encourage dialogue among the users of these information assets, whether as an individual, representing a corporation or for a national agency, and encourage frequent exchange of essential information, technology and skills through CWCs

3


What exactly is

CWC? Awareness Awareness

Pre-assessment Pre-assessment

Training Training

Post-assessment Post-assessment

Certification Certification

CWC addresses the need of the growing concerns of security and cyber threats within the organization, which needs to be prioritized on an ongoing basis.


Cyber Wellness Center

Awareness Awareness Pre

Assessment Pre

Assessment Core Training Core Training

Reinforcing the concepts Reinforcing

the concepts Post

Assessment Post

Assessment

• Live

Instructor

Experience

• Visual 3D

Slides

• Core

Content

• Video

Classes

Performance Based Learning

Cyber Range

• iLabs

• Exploits

• 24x7 online

• Anywhere

• Hands-on

Learning

Reach out

• Social Media

• Events

• Engagements

Certification Certification


About CWC

Pre-training assessment Pre-training assessment

Training Training

Post-training assessment Post-training assessment

Certification* Certification*

*if qualify in assessment


About CWCs

Three stages: •Assessment – Candidates (users of information assets) will take an assessment to gauge their current skill level

•Training – Based on the skill-gaps, training is provided to the candidate. Various learning options are available

•Post Training Assessment is conducted to assess the gains from the training received. A candidate upon receiving ‘passing marks’ would get an international certificate from the world’s largest certifying body in InfoSec – EC-Council. Certificate of Participation is given to all those who complete their post-training assessment


Participants from 22 countries

• QCERT • ANSIE • Saudi Telecom Company • The Information and

eGovernment Authority, Bahrain

• HCT • National Telecomm, Corp.

NTC • ITA, CERT • Commercial Bank, Qatar • Ministry of Transport and

Communications, Qatar

• OMIFCO • ITU • Djibouti Telecom

S.A. • EG-CERT • maCERT • Ministry of Interior,

Qatar • Ministry of Defense,

Oman • Libya CERT


Some

Examples


And it’s just the beginning!

• Governments in India, Saudi, Kenya

• Enterprise in Asia, Europe, Africa and Middle East

• Large Training players around the globe

• Universities


About ITpreneurs


ITpreneurs - Training Materials that make IT

departments move faster

ITpreneurs provides professional, worry free, courseware, certifications

and go-to-market services for innovative IT domains that help you to

run your own training courses. Every day over 500 training providers

across the world make use of ITpreneurs’ services. 40


ITpreneurs supports all organizations

throughout the supply chain

Portfolio

Planning

Training

Calendar Marketing Sales Delivery

ITpreneurs capabilities

400+ certifications,

1000+ titles

portfolio

Accreditation

Services

Training

Content

Partner Course

Calendar

Marketing in a Box

Marketing

Enablement

Leads Sharing

Sales

Enablement

Printing

Services

24/7 Service

Support LMS

Exam

management Training

Delivery

Primary Activities of a Training Provider


ITP Platform


Leapest Connects Buyers and Sellers

in the Training and Education Services

Domain

L


THANK YOU

For Further Details Contact

[email protected]

mailto:[email protected]

Security Through Education · •Increasing state regulation and cyberspace surveillance will...

Documents

Transcript of Security Through Education · •Increasing state regulation and cyberspace surveillance will...