Requirements-driven Cybersecurity Solutions

SABSA Master Class S7

This interactive 2 day course provides an introduction to contemporary concepts of Cybersecurity  from an eSociety, eCommerce and eGovernment perspective.  The increasing use of the internet to provide services to support the public in their day to day lives is creating an eSociety that is becoming dependent upon access to electronic services.  Business is adopting eCommerce as a marketing and business support channel in order to reduce costs and gain access to a wider market, often globally. Government is also looking to gain more effective engagement with the public and businesses through deployment of internet-enabled information sources and services. There is a growing concern that these developments are occurring with inadequate understanding of the cyberspace environment and inadequate attention to the implications of malicious activity. At government levels around the world, there is a growing awareness of the need to adopt national cybersecurity strategies to counter these threats.


Internet security has traditionally focused on the issues related to viruses and worms, with a more recent activity following botnets. While these issues are a concern, the popular press they receive masks a number of stealthier and more insidious threats. This Master Class provides participants with a comprehensive understanding of the current state of cyberspace and the challenges to eSociety, eCommerce and eGovernment. From electronically manipulated elections, subverted nuclear control systems, electronic backdoors and counterfeit routers through to the way in which consumer credit cards are stolen and bank accounts are accessed, you will develop a good understanding of the issues and challenges in cyberspace and the way in which the SABSA framework can be used to deliver effective security at all levels. You will also understand how governments are using public-private partnership models to encourage and enforce the new cybersecurity Codes of Practice.

Who Should Attend

This course will be beneficial for a wide range of practitioners in the security space, as well as business managers with responsibility for internet-deployed technologies, including:

  • Staff responsible for implementation or management of Internet-based services
  • Information Security Managers
  • IT managers responsible for delivering or running critical business information systems
  • IT consultants advising clients on security matters
  • Information Service Provider (ISP) staff
  • Security Managers, Auditors, Project Managers, Operations Managers
  • Business Managers

What You Will Learn

This course will enable delegates to:

  • Understand the current state of internet-borne threats
  • Explain the way in which cybersecurity can be decomposed into discrete security outcomes
  • Develop the necessary skills to design, implement, and maintain cybersecurity
  • Understand public-private partnerships
  • Understand why cyberspace is now a military domain
  • Understand how to architect security into internet-based services

In addition the course will have hands-on activities in which delegates will have the opportunity to undertake practical exercises with the intention of gaining experience in analysing cyberspace requirements and architecting an effective cybersecurity regime.


Prerequisite

A basic knowledge of information systems, security and management processes.

In-House Training

This course is available for private presentation, either on your own premises or 'off-site'. There are many advantages to in-house training. Please contact ALC for a quotation and to discuss your requirements. Email certify@alctraining.com

Course Structure

The course will cover the following topics:

1 – SABSA Overview

2 – Cybersecurity Strategies

3 – Cyberspace for eGovernment

  • Cyber Espionage and Cyber Warfare
  • Critical Infrastructure and Telecommunications Assurance
  • Lawful Intercept and Traceback


4 – Cyberspace for eCommerce

  • Backdoors and Technology Subversion
  • Digital Rights and Copyright Code of Practice
  • Forensics in Cyberspace


5 – Cyberspace for eSociety

  • Phishing, Botnets, Internet Vigilantes and Cyberpolicing
  • The (Credit) Carding Underworld
  • Online Safety and ISP Code of Practice
  • Softpower and Electronic Voting


6 – Architecting Cybersecurity with SABSA


Course Content

Cyberspace Strategies


   •    Cyberspace
   •    US Strategy to secure cyberspace
   •    UK Cybersecurity Policy
   •    ISO 27032
   •    Australian Cybersecurity Policy
   •    eSociety, eCommerce, and eGovernment
   •    Cybersecurity policy architecture
   •    Public Private Partnerships

Cyberspace for eGovernment


   •    Government Use of Cyberspace
   •    Cyber Espionage and Cyber Warfare
        o    Revolution in Military Affairs
        o    Cyberwarfare in an Information Warfare Context
              -    Information Operations
              -    US & Chinese Cyberwarfare Commands
              -    Grey Goose
              -    Cast Lead and other Indicators
        o    Cyber Espionage
              -    Solar Sunrise, Moonlight Maze, Titan Rain and Aurora
              -    Echelon
   •    Critical Infrastructure
        o    SCADA systems
        o    UK Telecommunications Standards
        o    Survivability
   •    Cybercrime, Lawful Intercept & Traceback
        o    Regulatory Obligations
        o    Intercept Management Architectures
        o    Recovering Encrypted Intercept
        o    Intercept of Dark Fibre

Cyberspace for eCommerce


   •    Contemporary eCommerce
   •    Backdoors and Technology Subversion
        o    Windows “NSA Key”
        o    STUXNET
        o    Malicious Cryptography and Firewalls
   •    Bugs and Zero Days
        o    OWASP - SQL Injection and Cross Site Scripting
        o    The OpenBSD Paradox
        o    MSA2000 Hidden Administration Access
   •    Digital Rights and Copyright Code of Practice
   •    Forensics in Cyberspace

Cyberspace for eSociety


   •    Using Cyberspace
   •    Threats
        o    Phishing, Botnets, etc
        o    The (Credit) Carding Underground
   •    Internet Vigilantes and Cyberpolicing
   •    Online Safety and ISP Code of Practice
   •    Electronic Voting
        o    Diebold and the Florida Elections
        o    European Trials of eVoting
   •    Softpower and the Conquest of Cyberspace
        o    Netroots
        o    Netwars
        o    Coalitions

Architecting Cybersecurity with SABSA


   •    Formalising Cybersecurity Requirements
   •    Establishing the Cybersecurity Threat Inventory
   •    Creating the Cybersecurity Attribute Taxonomy
   •    Establishing Critical Success Factors for Cybersecurity Attributes
   •    A Top Level Cybersecurity Dashboard