716 West Ave Austin, TX USA

Size: px
Start display at page:

Download "716 West Ave Austin, TX USA"

Transcription

1 Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX USA

2 TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud Versus Computer Crime... 3 Computer Fraud... 3 Computer Crime... 4 The Extent Question: How Much Computer Fraud Is There?... 5 A Few Statistics... 6 Vulnerability Projections... 6 The Internet... 7 The Perpetrators of Computer Fraud... 7 The Necessary Skills... 8 Inside or Outside... 8 Securing Information Resources... 9 Categories of Computer Fraud Content Learning Objectives II. THE USE OF COMPUTERS IN OCCUPATIONAL FRAUD Asset Misappropriation Cash Schemes Noncash Schemes Control Weaknesses Internal Control Weaknesses Control Activities Review Questions III. EMERGING TECHNOLOGY CONSIDERATIONS Fragmented Data Storage Video Bring Your Own Device Video Video Cloud Computing Video Video Video Social Media Organizational Risks Video Video Individual Risks Video Mobile Devices Mobile Ad Fraud Device Cloning i

3 III. EMERGING TECHNOLOGY CONSIDERATIONS (CONT.) Fraudulent Mobile Webpages Malicious Mobile Applications Minimizing Risks with Mobile Devices The Deep Web Video Virtual Currencies The Internet of Things Video Review Questions IV. DATA MANIPULATION AND DESTRUCTION Data Manipulation Fraud by Input Manipulation Fraud by Program Manipulation Fraud by Output Manipulation Computer Forgery Data Destruction Malware Drive-by Downloads Types of Malware Malware Carriers Malware Symptoms Preventing Infection What to Do if Infected Antivirus and Other Security Software Investigating Malware Infections Malware Information Resources Laws Used to Combat the Manipulation and Destruction of Data The Computer Fraud and Abuse Act The Electronic Communications Privacy Act Wire Fraud Review Questions V. UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS AND SERVICES Categories of Security Attacks Interception Interruption Modification Fabrication Passive and Active Attacks Passive Attacks Active Attacks Common Methods of Attack Social Engineering Reverse Social Engineering Hacking Anti-Intrusion Legislation ii

4 V. UNAUTHORIZED ACCESS TO COMPUTER SYSTEMS AND SERVICES (CONT.) Preventing Unauthorized Access Basic Prevention Measures Warning Screens Security Policies Firewalls Security Software Encryption Protecting Wireless and Remote Access Wi-Fi Security Video Usernames Passwords Multifactor Authentication Hacker Publications and Communications Review Questions VI. SOFTWARE PIRACY AND THE THEFT OF TRADE SECRETS Introduction Software Piracy The Effects of Software Piracy Anti-Piracy Measures Costs of Software Piracy Types of Software Piracy Copyright Laws Anti-Piracy Resources Theft of Trade Secrets Digital Data Economic Espionage Identifying and Protecting Proprietary Information Sample Designations of Confidentiality Sample Employee Manual Information Legislation Used to Protect Proprietary Information Economic Espionage Act of 1996 (18, U.S.C., ) Disclosing Government Trade Secrets (18, U.S.C., 1905) Interstate Transportation of Stolen Property (18, U.S.C., 2314) The Wire Fraud Statute (18, U.S.C., 1343) The Computer Fraud and Abuse Act (18, U.S.C., 1030) The Uniform Trade Secrets Act Review Questions VII. INTERNET AND E-COMMERCE FRAUD Introduction Internet Fraud Scams Identity Theft Video Abuse Phishing iii

5 VII. INTERNET AND E-COMMERCE FRAUD (CONT.) Video Video Video Video Foreign Trust Schemes Investment Schemes Combating Internet Fraud Encryption Customer Validation Internal Network Security Firewalls Auditing and Intrusion Detection Electronic Commerce Types of E-Commerce Types of E-Commerce Scams Electronic Commerce and Information Security Information Security Goals Consumer Confidence Guidelines for E-Commerce Transactions Smart Cards and E-Commerce Review Questions VIII. COMPUTER SECURITY CONSIDERATIONS Computer Security Computer Security Risk Analysis Computer Security Controls Frameworks and Standards ISO/IEC 27002: COBIT Payment Card Industry s Data Security Standard Standard of Good Practice Cloud Security Alliance Security and Privacy Controls for Federal Information Systems and Organizations Physical Security and Controls Physical Threats Physical Controls Video Detective Physical Controls Technical and Administrative Controls Security Policies and Awareness Training Logical Access Controls Video Network Security Operating System Security Encryption Application Security Data Classification iv

6 VIII. COMPUTER SECURITY CONSIDERATIONS (CONT.) Review Questions IX. SECURITY AUDITING AND TESTING Introduction Log Management and Analysis Recommendations for Log Management Types of Event Logs Event Attributes Dynamic Monitoring Log Analysis and Reporting Incident Response Plan Security Audits Video Phases of Security Audits Information Examined in Security Audits Event Logs External Security Audits Penetration Testing Review Questions X. LEGAL ISSUES REGARDING COMPUTER AND INTERNET FRAUD INVESTIGATIONS Avoiding Liability When Conducting Investigations Video Personal Privacy Employees Duties and Rights Employees Duty to Cooperate Employees Rights During an Investigation Monitoring and Surveillance Video Video Video Surreptitious Recording Review Questions XI. DIGITAL FORENSICS Introduction Hiring a Forensic Expert Video Conducting Investigations Involving Computers Preliminary Investigation Digital Evidence Computer Investigations and Computer Forensics Plan Seize the Data Acquire an Image Process the Data v

7 XI. DIGITAL FORENSICS (CONT.) Analyze the Data Report and Testify Mobile Forensic Investigations Plan Seize Extract Analyze Document Report and Testify Review Questions XII. CONCLUSION XIII. PRACTICAL PROBLEMS Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem XIV. APPENDIX A: RESOURCES ON INTERNET AND COMPUTER FRAUD XV. APPENDIX B: VIDEO TRANSCRIPTS XVI. SOLUTIONS TO REVIEW QUESTIONS II. The Use of Computers in Occupational Fraud III. Emerging Technology Considerations IV. Data Manipulation and Destruction V. Unauthorized Access to Computer Systems and Services VI. Software Piracy and the Theft of Proprietary Information VII. Internet and E-Commerce Fraud VIII. Computer Security Considerations IX. Security Auditing and Testing X. Legal Issues Regarding Computer and Internet Fraud Investigations XI. Digital Forensics XVII. SOLUTIONS TO PRACTICAL PROBLEMS Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem Practical Problem XVIII. PRACTICAL PROBLEM EPILOGUE vi

8 XIX. FUNDAMENTALS OF COMPUTER AND INTERNET FRAUD FINAL EXAMINATION... E-1 XX. INDEX... I-1 vii

THE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR

THE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR THE CORPORATE CON: INTERNAL FRAUD AND THE AUDITOR GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION Video Supplement... 1 Course Objectives

More information

FRAUD-RELATED INTERNAL CONTROLS

FRAUD-RELATED INTERNAL CONTROLS GLOBAL HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX 78701-2727 USA TABLE OF CONTENTS I. THE NEED FOR INTERNAL CONTROLS Example... 1 Threats to an Organization s Internal Control Environment...

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 Copyright 2011 Pearson Education, Inc. STUDENT LEARNING OBJECTIVES Why are information systems vulnerable to destruction, error, and abuse? What is the business

More information

716 West Ave Austin, TX USA

716 West Ave Austin, TX USA : THE BASICS OF ASSET MISAPPROPRIATION GLOBAL HEADQUARTERS the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION The Pervasive Threat of Employee Theft... 1 Introduction

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value

More information

Information Security in Corporation

Information Security in Corporation Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero

More information

CHAPTER 8 SECURING INFORMATION SYSTEMS

CHAPTER 8 SECURING INFORMATION SYSTEMS CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is

More information

Small Business FRAUD PREVENTION Manual

Small Business FRAUD PREVENTION Manual Small Business FRAUD PREVENTION Manual TABLE OF CONTENTS PREFACE... ix PART 1: INTERNAL FRAUD THREATS I. INTRODUCTION TO EMPLOYEE FRAUD The Shocking Cost of Employee Theft and Fraud... 1 The Cost of Fraud

More information

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,

More information

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE

More information

COMPUTER FORENSICS (CFRS)

COMPUTER FORENSICS (CFRS) Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics

More information

Securing Information Systems

Securing Information Systems Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group, Port Security Management Second Edition KENNETH CHRISTOPHER CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business Preface

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.

More information

Security Standards for Information Systems

Security Standards for Information Systems Security Standards for Information Systems Area: Information Technology Services Number: IT-3610-00 Subject: Information Systems Management Issued: 8/1/2012 Applies To: University Revised: 4/1/2015 Sources:

More information

Hacking and Cyber Espionage

Hacking and Cyber Espionage Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

THE SMALL BUSINESS FRAUD PREVENTION MANUAL

THE SMALL BUSINESS FRAUD PREVENTION MANUAL THE SMALL BUSINESS FRAUD PREVENTION MANUAL TABLE OF CONTENTS PART 1: INTERNAL FRAUD THREATS I. INTRODUCTION TO EMPLOYEE FRAUD The Shocking Cost of Employee Theft and Fraud... 1 The Cost of Fraud to Small

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,

More information

CruiseSmarter PRIVACY POLICY. I. Acceptance of Terms

CruiseSmarter PRIVACY POLICY. I. Acceptance of Terms I. Acceptance of Terms This Privacy Policy describes CRUISE SMARTER policies and procedures on the collection, use and disclosure of your information. CRUISE SMARTER LLC (hereinafter referred to as "we",

More information

Securing Information Systems

Securing Information Systems Chapter 8 Securing Information Systems 8.1 2010 by Pearson LEARNING OBJECTIVES Explain why information systems are vulnerable to destruction, error, and abuse. Assess the business value of security and

More information

Chapter 6 Network and Internet Security and Privacy

Chapter 6 Network and Internet Security and Privacy Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal

More information

Cyber-Threats and Countermeasures in Financial Sector

Cyber-Threats and Countermeasures in Financial Sector Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats

More information

The Cyber War on Small Business

The Cyber War on Small Business The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber

More information

ISO/IEC Information technology Security techniques Code of practice for information security management

ISO/IEC Information technology Security techniques Code of practice for information security management This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security

More information

Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc.

Blackjacking. Daniel Hoffman. Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise. Wiley Publishing, Inc. Blackjacking Security Threats to BlackBerry Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc. Contents About the Author Acknowledgments Introduction Chapter 1 Understanding

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY

AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY WORLD JOURNAL OF PHARMACY AND PHARMACEUTICAL SCIENCES Shoba. SJIF Impact Factor 6.647 Volume 6, Issue 5, 304-308 Review Article ISSN 2278 4357 AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY *Prof. V.

More information

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de

More information

IS Today: Managing in a Digital World 9/17/12

IS Today: Managing in a Digital World 9/17/12 IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war

More information

Baseline Information Security and Privacy Requirements for Suppliers

Baseline Information Security and Privacy Requirements for Suppliers Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.

More information

OTHER PEOPLE S MONEY: THE BASICS OF ASSET MISAPPROPRIATION

OTHER PEOPLE S MONEY: THE BASICS OF ASSET MISAPPROPRIATION : THE BASICS OF ASSET MISAPPROPRIATION World Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION The Pervasive Threat of Employee Theft... 3 Introduction

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

June 2 nd, 2016 Security Awareness

June 2 nd, 2016 Security Awareness June 2 nd, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. if security breaks down, technology breaks down Protecting People, Property and Business Assets Goal

More information

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Presented by Keith Barger and Audra A. Dial March 19, 2014 2014 Kilpatrick Townsend & Stockton LLP Protection of

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming

More information

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting

More information

Security Policies and Procedures Principles and Practices

Security Policies and Procedures Principles and Practices Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

Personal Cybersecurity

Personal Cybersecurity Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions

More information

Course Outline (version 2)

Course Outline (version 2) Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR 1 2 1 Agenda: Types of Fraud Things you can do internally Things that companies can do Services Provided by the Bank 3 Because that is where the money is. 4 2 Checks Credit Cards ACH (Debits / Credits)

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11

God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise 1 Eleventh Edition 2 Chapter Objectives C h a p t e r 11 Eleventh Edition James A. O Brien Identify several ethical

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning

More information

Risk Management in Electronic Banking: Concepts and Best Practices

Risk Management in Electronic Banking: Concepts and Best Practices Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface

More information

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO The BUSINESS of Fraud. Don t let it put you out of business. Veenindra J. Singh, First Vice President, Treasury Management Consultant California Bank & Trust 300 Lakeside Drive, Suite 800 Oakland, Ca 94612

More information

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51 Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual

More information

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER. When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the

More information

Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida

Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida Cybercrime and Information Security for Financial Institutions AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida Defining Cybercrime Stealing and Monetizing Financial and Identity Data

More information

ADIENT VENDOR SECURITY STANDARD

ADIENT VENDOR SECURITY STANDARD Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational

More information

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection

More information

Critical Information Infrastructure Protection Law

Critical Information Infrastructure Protection Law Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Data Security and Privacy Principles IBM Cloud Services

Data Security and Privacy Principles IBM Cloud Services Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer

More information

Annexure I: Contact Details:

Annexure I: Contact Details: Ref: CO/IT-BPR/CSC Date:.09.2017 Annexure I: Contact Details: a) Name of the company b) Company s address in India c) Contact person d) Telephone no. e) Fax f) E-mail address g) Service tax registration

More information

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most Security Protect your business from security threats with Pearl Technology The Connection That Matters Most Committed to Your Future When it comes to your business, security can mean many things. But to

More information

Red Flags/Identity Theft Prevention Policy: Purpose

Red Flags/Identity Theft Prevention Policy: Purpose Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and

More information

CYBERCRIME The Legal Issues

CYBERCRIME The Legal Issues The IBIA Annual Convention Cancun 3-5 November, 2015 CYBERCRIME The Legal Issues J. Stephen Simms jssimms@simmsshowers.com +1.410.783.5795 Welcome to Cyber-Holics Anonymous Group Therapy To Start our meeting:

More information

PCI Compliance Updates

PCI Compliance Updates PCI Compliance Updates PCI Mobile Payment Acceptance Security Guidelines Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance February, 2013 - PCI Mobile

More information

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:

More information

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011 How technology changed fraud investigations Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011 The Changing Cyberfraud Landscape Underground Economy Malware Authors Organized

More information

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving

More information

Unit 2 Essentials of cyber security

Unit 2 Essentials of cyber security 2016 Suite Cambridge TECHNICALS LEVEL 2 IT Unit 2 Essentials of cyber security A/615/1352 Guided learning hours: 30 Version 1 September 2016 ocr.org.uk/it LEVEL 2 UNIT 2: Essentials of cyber security A/615/1352

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Contents. Cybercrime and Escalating Risks 3. PART 1 Crisis in Information Security 1 CHAPTER 1. Acknowledgments About the Editor About the Authors

Contents. Cybercrime and Escalating Risks 3. PART 1 Crisis in Information Security 1 CHAPTER 1. Acknowledgments About the Editor About the Authors Preface Acknowledgments About the Editor About the Authors xiv xviii xix xx PART 1 Crisis in Information Security 1 CHAPTER 1 Cybercrime and Escalating Risks 3 Expanding Global Cybersecurity Threats 4

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why

More information

Certified Cyber Security Analyst VS-1160

Certified Cyber Security Analyst VS-1160 VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The

More information

CITADEL INFORMATION GROUP, INC.

CITADEL INFORMATION GROUP, INC. CITADEL INFORMATION GROUP, INC. The Role of the Information Security Assessment in a SAS 99 Audit Stan Stahl, Ph.D. President Citadel Information Group, Inc. The auditor has a responsibility to plan and

More information

Electronic Communication of Personal Health Information

Electronic Communication of Personal Health Information Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th, 2017 Nicole Minutti, Health Policy Analyst Agenda 1. Protecting Privacy

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each. Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard

More information

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more. FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from

More information

Keep Cyber Threats from Destroying Your Company

Keep Cyber Threats from Destroying Your Company Keep Cyber Threats from Destroying Your Company Every year, security risks are growing, and that growth isn t going to stop. Every company is a target, no matter its size, function or annual revenue. Security

More information

Implementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc.

Implementing. Security Technologies. NAP and NAC. The Complete Guide to Network Access Control. Daniel V. Hoffman. WILEY Wiley Publishing, Inc. Implementing NAP and NAC Security Technologies The Complete Guide to Network Access Control Daniel V. Hoffman m WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XIII XV Chapter 1 Chapter

More information

ISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management

ISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion

More information

What to do if your business is the victim of a data or security breach?

What to do if your business is the victim of a data or security breach? What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want

More information

National Cybersecurity preparation to deal with Cyber Attacks

National Cybersecurity preparation to deal with Cyber Attacks National Cybersecurity preparation to deal with Cyber Attacks Dr. Chaichana Mitrpant Assistant Executive Director, Electronic Transactions Development Agency (ETDA) 1 Over all Internet usage in Thailand

More information

Contents CHAPTER 1 CHAPTER 2. Recommended Reading. Chapter-heads. Electronic Funds Transfer) Contents PAGE

Contents CHAPTER 1 CHAPTER 2. Recommended Reading. Chapter-heads. Electronic Funds Transfer) Contents PAGE Contents Foreword Recommended Reading Syllabus Chapter-heads iii v vii ix MODULE I : Technology in bank CHAPTER 1 Banking Environment and Technology u Introduction 3 u Evolution of Banking Technology over

More information

Chapter 4. Network Security. Part I

Chapter 4. Network Security. Part I Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid

More information

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable? Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011

More information

Chapter 16: Advanced Security

Chapter 16: Advanced Security : Advanced Security IT Essentials: PC Hardware and Software v4.0 1 Purpose of this Presentation To provide to instructors an overview of : List of chapter objectives Overview of the chapter contents, including

More information

Securing Information Systems Barbarians at the Gateway

Securing Information Systems Barbarians at the Gateway Securing Information Systems Barbarians at the Gateway Learning Objectives Security breaches are on the rise Understand the potentially damaging impact of security breaches Security must be made a top

More information

2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center

2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center OVERALL RESULTS E-Crime Watch Survey: 2005 Field Dates: 3/3/05 3/14/05 Total completed surveys: 819 Margin of Error: +/- 3.4% NOTE TO EDITOR For the purpose of this survey, electronic crime, intrusion,

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

CITY UNIVERSITY OF NEW YORK. i. Visit:

CITY UNIVERSITY OF NEW YORK. i. Visit: CITY UNIVERSITY OF NEW YORK I. ACCESSING IRB NET (New Registration) i. Visit: https://www.irbnet.org/release/index.html ii. New users: Click on New Registration in the top right corner iii. Fill-out the

More information

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information