Info Assurance Lesson 9 - Becoming a Cybersecurity Specialist

User Domain

It includes the users who access the organization's information system

Users

are often the weakest link in the information security systems and pose a significant threat to the confidentiality, integrity, and availability of the organization's data.

Ethics

It is the little voice in the background guiding a cybersecurity specialist as to what he should or should not do, regardless of whether it is legal.

cybersecurity specialist

The organization entrusts the _______________________________________________ with the most sensitive data and resources.

Computer Ethics Institute

It is a resource for identifying, assessing, and responding to ethical issues throughout the information technology industry.

Computer Ethics Institute

It was one of the first organizations to recognize the ethical and public policy issues arising from the rapid growth of the information technology field.

Laws

It prohibit undesired behaviors.

faster

Unfortunately, the advancements in information system technologies are much __________________ than the legal system can accommodate.

cyberspace

A number of laws and regulations affect ________________________________.

computer-assisted crime,

computer targeted crime,

computer-incidental crime

A computer may be involved in a cybercrime in a couple of different ways. There is _____________________________________, ________________________________________, and ___________________________________.

Child pornography

is an example of computer-incidental crime; the computer is a storage device and is not the actual tool used to commit the crime

Department of Justice

In the Philippines, the _____________________________________________ have established the Office of Cybercrime, which functions under R.A. No. 10175or the Cybercrime Prevention Act of 2012.

Office of Cybercrime

In the Philippines, the Department of Justice have established the __________________________________, which functions under R.A. No. 10175or the Cybercrime Prevention Act of 2012.

R.A. No. 10175

In the Philippines, the Department of Justice have established the Office of Cybercrime, which functions under ____________________________ or the Cybercrime Prevention Act of 2012.

Cybercrime Prevention Act of 2012

In the Philippines, the Department of Justice have established the Office of Cybercrime, which functions under R.A. No. 10175 or the ___________________________________________________.

Central Authority

OOC was designated as the ________________________________ in all matters relating to international mutual assistance and extradition for cybercrime and cyber-related matters.

statutory law,

administrative law,

common law

In the United States, there are three primary sources of laws and regulations: ______________________________, ________________________________, and _________________________________. All three sources involve computer security.

federal

The U.S. Congress established ___________________ administrative agencies and a regulatory framework that includes both civil and criminal penalties for failing to follow the rules.

National Vulnerability Database (NVD)

is a U.S. government repository of standards-based vulnerability management data that uses the Security Content Automation Protocol (SCAP).

CERT

The Software Engineering Institute (SEI) at Carnegie Mellon University helps government and industry organizations to develop, operate, and maintain software systems that are innovative, affordable, and trustworthy. It is a Federally Funded Research and Development Center sponsored by the U.S. Department of Defense.

Internet Storm Center

provides a free analysis and warning service to Internet users and organizations. It also works with Internet Service Providers to combat malicious cyber criminals. The Internet Storm Center gathers millions of log entries from intrusion detection systems every day using sensors covering 500,000 IP addresses in over 50 countries.

The Advanced Cyber Security Center (ACSC)

is a non-profit organization that brings together industry, academia, and government to address advanced cyber threats. The organization shares information on cyber threats, engages in cybersecurity research and development, and creates education programs to promote the cybersecurity profession.

Vulnerability Scanners

assess computers, computer systems, networks, or applications for weaknesses. It help to automate security auditing by scanning the network for security risks and producing a prioritized list to address weaknesses.

Penetrating Testing (or pen testing)

is a method of testing the areas of weaknesses in systems by using various malicious techniques

Vulnerability testing

This testing just identifies potential problems.

Pen testing

This testing involves a cybersecurity specialist who hacks a website, network, or server with the organization's permission to try to gain access to resources without the knowledge of usernames, passwords, or other normal means.

Packet Analyzers (or packet sniffers)

It intercept and log network traffic. It captures each packet, shows the values of various fields in the packet, and analyzes its content.

T

T or F:

A sniffer can capture network traffic on both wired and wireless networks

Security Tools

There is no one size fits all when it comes to this. Much depends on the situation, circumstance, and personal preference. A cybersecurity specialist must know where to go to get sound information

Indeed,

CareerBuilder,

USAJobs

A variety of websites and mobile applications advertise information technology jobs. Each site targets varying job applicants and provides different tools for candidates researching their ideal job position:

• ____________________.com

•_____________________.com

• _____________________.gov