Scribd Logo
Upload

Welcome to Scribd!

  • CYBERBOK© Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework For Cyber Crime Management

    Uploaded by

    ejespino1127
    54 views22 pages
    Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

    Original Title

    CyberBoK

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    54 views22 pages

    CYBERBOK© Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework For Cyber Crime Management

    Uploaded by

    ejespino1127
    Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    CYBERBOK Cyber Crime Security Essential

    Body of Knowledge:
    A Competency and Functional Framework for
    Cyber Crime Management
    Security Workforce Development aligned with ISO 31000*
    risk management principles and guidelines.
    *Note : ISO 31000 is the internationally-adopted risk management standard recognized by over 60
    countries. More information : http://www.iso.org/iso/home/standards/iso31000.htm

    Ver 1.00

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    Training & Education:


    Program Goals and Objectives
    Improve cyber crime awareness and management education for
    cyber professionals in both law enforcement and corporate domain
    Increase efficiency of existing cyber security training programs to

    comply with ISO 31000


    Promote vendor-neutral cyber security certifications and
    compliance standards

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Definition

    Cyber Crime = unlawful act using any active or non


    active electronic device affecting the objectives of any type of
    networks or critical infrastructure.

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK 11 Cyber Risks Domains

    Cyber management practices


    Cyber Security management practices
    Cyber systems and methodology
    Cyber Telecommunications and networking security
    Cyber Cryptography
    Cyber Security architecture and models
    Cyber Operations security
    Cyber Application and systems development and security
    Cyber Security
    Business continuity and disaster recovery planning
    Laws, investigation, and ethics

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Cyber Crime Management


    CYBERBOK Cyber crime management focuses on cyber crime
    information management and containment.
    CYBERBOK cyber crime management objectives are:
    Manage and containment of cyber threats
    Awareness of cyber crime in the IT workforce arena
    Protecting cyber assist against cyber crime

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Cyber Risks Cyber risk


    management and ISO 31000
    Nature and impact of Cyber Risk / Cyber Crime
    Principles of Cyber risk management

    Alignment with ISO 31000


    Achieving the benefits of CRM (Cyber Risks Management)

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Practices
    Need to know what to do /act in time
    -Subjects should know objects that enables them to perform basic
    risk assessment and management during cyber online functions.
    Secure IT environment
    -Subjects should know how to work on a secure environment
    online what to do and what not to do
    IT administrative controls
    -Subjects should know Policies, Standards, Processes, Procedures,
    & Guidelines in their IT work environment
    Risk awareness
    -Subjects should know cyber risk awareness, good practices,
    Procedures, & Guidelines in their IT work environment when
    online

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    Categories of Cyber Risk Controls


    Cyber crime risk assessment online
    -Online Policies, standards procedures and processes together
    with guideline of online access during work and out of work.
    Cyber access control online
    -Service providers, firewalls, Infosec controls and identification
    control online in workforce or offline
    Cyber crime preventive controls online
    -Prevention policies, guidelines, ID visibility and program security
    online
    Cyber threat assessment online
    - Knowledge awareness of hacking, privacy, types of threats,
    trends of threats and impact,

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Objectives


    Ensure that all government officials and corporate staff who have
    access to the online web has a good knowledge of cyber crime
    management when on the world wide web.
    Establish a international baseline representing the essential
    knowledge and cyber skills when confronted with Cyber crime online in
    alignment with ISO 31000 risk management tools.
    Advance the cyber security landscape by promoting cyber crime risk
    management competency guideline aligned with ISO 31000

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Framework Model

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Methodology


    Develop notional cyber crime management competencies using ISO
    31000 Standard
    Identify functions from resources and critical infrastructure work
    functions (CIWFs) and map to crime management competencies
    Identify key terms and concepts for each cyber crime risk
    management competency area
    Identify theoretical cyber security roles
    Categorize functions as: evaluate risk type - manage
    Map roles to Key competencies to functional perspectives

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Functional Perspectives

    Evaluate
    Risk

    Key
    Competencies

    Type

    Manage
    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Functional Perspectives


    Evaluate - Assessing the potential risks, threats and the policy or
    processes to effective achieve objectives

    Risk - Scope of cyber threat risks and developing procedure guidelines to


    effectively asses the cyber risk.

    Type - Putting policies, programs in action to determine the type of Cyber


    risk at hand to categorize it within the guidance of the work framework

    Manage - Overseeing and managing technical aspects of the cyber


    security risk at low, medium or high level to change the risk and threat levels
    providing maximum cover in incident management possible.

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: The Framework

    Key Competency Areas (11)


    Regulatory and Standards such as ISO 31000 Guidelines
    17 Function-Based Cyber Security Roles

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Key Competency Areas

    IT systems and operations


    Network systems and operations
    Cyber incident management
    Critical infrastructures point of access
    Enterprise permanence
    Digital management
    Data Management
    System and application management
    IT access and management
    Information management
    Information access

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Regulatory and Standards


    Refers to the application of the ISO 31000 risk management principles,
    framework and process that enable an enterprise to meet applicable
    information security CRM, regulations, standards, and policies to
    satisfy statutory requirements, perform industry-wide best practices,
    and achieve its information security program goals.

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: 17 Function-Based Cyber


    Security Roles
    IT access and control
    Chief Information Officer
    Digital Forensics Professional
    Information Security
    Officer/Chief Security Officer
    IT Security Compliance Professional
    IT Security Engineer

    Cyber Crime
    Management
    CYBERPOL

    IT Systems Operations and


    Maintenance Professional
    IT Security Professional
    Physical Security Professional
    Privacy Professional
    Procurement Professional
    Law Enforcement officials
    Intelligence officers
    Military and flagship officers

    Concept & Definition

    CYBERBOK Security: Cyber Security


    Compliance Professional Role Description:
    The Cyber Crime Risk Management Security Compliance Professional is
    responsible for overseeing, evaluating, and supporting cyber risk compliance
    issues pertinent to the organization or government. Individuals in this role
    perform a variety of activities, encompassing cyber crime risk management
    compliance from an internal and external perspective. Such activities include
    leading and conducting internal investigations, assisting employees comply
    with internal cyber threat policies and procedures, and serving as a resource
    to external compliance officers during independent assessments. The Cyber
    Crime Risk Management Security Compliance Professional provides guidance
    and autonomous evaluation of the organization risk to Cyber crime and its
    management.

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    CYBERBOK Security: Support the Cyber


    Workforce

    TRAINING

    EXPERIENCE

    CYBERBOK

    COMPLIANCE

    Cyber Crime
    Management
    CYBERPOL

    Concept & Definition

    Contact Information:
    CYBERPOL Program Director
    Training and Education
    CYBERPOL -National Cyber Security Division

    training@cyberpol.co.uk

    Cyber Crime
    Management
    CYBERPOL

    CYBERPOL
    Cyber Crime Management

    Concept & Definition

    CYBERBOK Security: Testimonials & Feedback


    Aligned with our mandate to promote the internationally-recognized ISO 31000 risk management standard, we are strongly
    supporting the initiative of CYBERPOL to provide a structured and robust foundation for Cyber Crime Management. The CYBERBOK
    - Cyber Crime Security Essential Body of Knowledge should become an extremely valuable source of knowledge for anyone
    involved or confronted to Cyber Crime, especially since the publication will be aligned with the ISO 31000 risk management
    standard.
    Alex Dali, MBA, ARM, CT31000
    President : The Global Institute for Risk management Standards G31000

    Cyber Crime
    Management
    CYBERPOL

    You might also like