security through education · •increasing state regulation and cyberspace surveillance will...
TRANSCRIPT
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
EC-Council
Security Through
Education
By Subela Bhatia
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Agenda • Threat Landscape
• Demand for InfoSec , (Not just Professionals)
• NICE Framework
• EC-Council – Fulfilling the requirement
• CWC
• About ITpreneurs
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Threat
Landscape “Sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity. (Ian Levy, Director, NCSC)
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
What’s happening?
• Exponential growth of data and information
• Dynamic workplace
• Automation
• Global consensus on privacy
• Cyber threat evolution
• Difficult-to-detect attacks
• Compliance challenges
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
And Its everywhere…
•When it comes to data security breaches, 2016 was yet another year that many security executives will not remember fondly.
•The year saw almost 1.4 billion data records lost or stolen, up 86% from 2015
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Personal Data
• The year saw a number of incidents aimed at stealing personal data on Web sites
• Cyber criminals can extort victims into paying fees
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Enterprise Wide Risk Management
• ERM has become a primary tool for organizational risk management
• Some areas of rationale for performing an enterprise security risk assessment include:
– Cost justification
– Productivity.
– Breaking barriers
– Communication
* http://www.isaca.org/journal/archives/2010/volume-1/pages/performing-a-security-risk-assessment1.aspx
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Global State of Information Security Survey, http://www.pwc.com
Security incidents grow 66%
CAGR - Total number of detected
incidents
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
IDC Reports
• Organizations are increasingly deploying advanced security solutions.
• In addition, organizations have been implementing more expansive
training and awareness initiatives.
• Decision makers or CIOs see skills as the main hindrance .
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
•UAE foils over 561 cyber attacks against government, semi-government and private sector entities in the first half of 2017 as per TRA reports.
•TRA said it has been launching awareness campaigns and workshops, to promote cyber safety and best practices in this field.
•As cyber security becomes a growing concern both in the region and globally with the recent Wanna Cry incident which caused havoc in 150 countries and affected more than 200,000 computers. “Just imagine what could happen if an attack, like WannaCry, infected airport systems of passenger flow monitoring and passport control, posting all passenger data online,” city can be exposed to such a collapse.”
Current Cyber Threats
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Response to Cyber Threats
•Governments are likely to increase their surveillance and data-monitoring capabilities as they seek to ensure their own physical and cyber security.
•Countries are being urged to better protect their critical infrastructure.
•Increasing state regulation and cyberspace surveillance will present new challenges to domestic communication systems and indirectly affect companies, through issues such as regulated IT infrastructure requirements and strained internet service provision.
•Apex bodies like NESA and Supreme Council of National Security will take measures to increase the cyber security capabilities.
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Building Capacity through Education
•It is crucially important to build competencies in information management and governance and the techniques of cybersecurity into higher education programs on two levels; technical and non-technical
•Reaping the economic potential of investing in education will yield both monetary and quality benefits. Graduates of these programs will be in demand in security firms, governments, corporations and the military.
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Demand for InfoSec(not just)Professionals
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
IT USERS
IT Admin et al
Cyber Security
A Typical Organization
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Spec
ializ
atio
n /
ex
per
tise
IT USERS
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Demand for Cyber Security Professionals
http://burning-glass.com https://www.rit.edu
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Fulfilling The Requirement
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
ANSI Accreditation
ANSI/ISO/IEC 17024 High quality
certification exam
Standard exam development
process
Imparts high value of
our certifications
1 2
3 4
ANSI Accredited Exam Process
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
100 percent mapping to NICE
Protect and Defend specialty
area
Skills and job roles based
learning
Standard-based training
modules
Better industry
acceptance
NICE Framework Compliance to National Initiative for Cybersecurity Education
(NICE)
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
NICE
Compliance
Why is it
important?
The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
NCWF – NICE Cybersecurity Workforce
Framework
• The programs included fulfil the goals set up by NICE:
• Accelerate Learning and Skills Development
• Nurture a Diverse Learning Community • Guide Career Development and
Workforce Planning • Mapped to the Specialty Areas
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
NICE Framework • Cybersecurity certifications are valuable credentials that complement
academic degrees, work experiences of a candidate. • Certifications provide evidence of a person's specific knowledge, skills,
and abilities (KSAs) and are most valuable when they are both recognizable and verifiable.
• Mapping certifications to specialty areas has been done in the past and with the advent of the NICE Working Group Training and Certifications subgroup and the publication of the NICE Framework (NIST SP 800-181), additional efforts have begun to map certifications to the work roles identified in the NICE Cybersecurity Workforce Framework.
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
It comes from the
experience & expertise
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Fulfilling the
mission
through
various
learning
options
• Capacity Building • Footprints • Awareness
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Who do we Do It For?
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Aspiring Students
• For Academia Students
• More than 300 universities and colleges
• EC-Council Academic Partners deliver EC-Council content to university students
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
World Class Organizations!
…and many more!
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
A typical CWC set up
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Mission
Capacity building
To discover requirement and provide a platform for the users of any and all computing devices to learn and implement secure usage and application of their personal as well as organization’s information assets
1
Strengthen Awareness
•To educate the community on the issues of insecure usage of the information assets and its consequence and encourage continuous learning and sustained application of secure usage.
•Our mission is to spur the growth and raise awareness towards increased education and ethics in the information security domain through setting up CWCs
2
Footprints
•To foster friendship and encourage dialogue among the users of these information assets, whether as an individual, representing a corporation or for a national agency, and encourage frequent exchange of essential information, technology and skills through CWCs
3
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
What exactly is
CWC? Awareness Awareness
Pre-assessment Pre-assessment
Training Training
Post-assessment Post-assessment
Certification Certification
CWC addresses the need of the growing concerns of security and cyber threats within the organization, which needs to be prioritized on an ongoing basis.
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Cyber Wellness Center
Awareness Awareness Pre
Assessment Pre
Assessment Core Training Core Training
Reinforcing the concepts Reinforcing
the concepts Post
Assessment Post
Assessment
• Live
Instructor
Experience
• Visual 3D
Slides
• Core
Content
• Video
Classes
Performance Based Learning
Cyber Range
• iLabs
• Exploits
• 24x7 online
• Anywhere
• Hands-on
Learning
Reach out
• Social Media
• Events
• Engagements
Certification Certification
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
About CWC
Pre-training assessment Pre-training assessment
Training Training
Post-training assessment Post-training assessment
Certification* Certification*
*if qualify in assessment
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
About CWCs
Three stages: •Assessment – Candidates (users of information assets) will take an assessment to gauge their current skill level
•Training – Based on the skill-gaps, training is provided to the candidate. Various learning options are available
•Post Training Assessment is conducted to assess the gains from the training received. A candidate upon receiving ‘passing marks’ would get an international certificate from the world’s largest certifying body in InfoSec – EC-Council. Certificate of Participation is given to all those who complete their post-training assessment
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Participants from 22 countries
• QCERT • ANSIE • Saudi Telecom Company • The Information and
eGovernment Authority, Bahrain
• HCT • National Telecomm, Corp.
NTC • ITA, CERT • Commercial Bank, Qatar • Ministry of Transport and
Communications, Qatar
• OMIFCO • ITU • Djibouti Telecom
S.A. • EG-CERT • maCERT • Ministry of Interior,
Qatar • Ministry of Defense,
Oman • Libya CERT
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Some
Examples
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
And it’s just the beginning!
• Governments in India, Saudi, Kenya
• Enterprise in Asia, Europe, Africa and Middle East
• Large Training players around the globe
• Universities
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
About ITpreneurs
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
ITpreneurs - Training Materials that make IT
departments move faster
ITpreneurs provides professional, worry free, courseware, certifications
and go-to-market services for innovative IT domains that help you to
run your own training courses. Every day over 500 training providers
across the world make use of ITpreneurs’ services. 40
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
ITpreneurs supports all organizations
throughout the supply chain
Portfolio
Planning
Training
Calendar Marketing Sales Delivery
ITpreneurs capabilities
400+ certifications,
1000+ titles
portfolio
Accreditation
Services
Training
Content
Partner Course
Calendar
Marketing in a Box
Marketing
Enablement
Leads Sharing
Sales
Enablement
Printing
Services
24/7 Service
Support LMS
Exam
management Training
Delivery
Primary Activities of a Training Provider
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
ITP Platform
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
Leapest Connects Buyers and Sellers
in the Training and Education Services
Domain
L
Copyright © 2017 ITpreneurs. All rights reserved. EC-Council
THANK YOU
For Further Details Contact