Вы находитесь на странице: 1из 20

Managing Cyber Security

Managing Cyber Security

Effective from January 2016


Chartered Institute for Securities & Investment

Version 1

Chartered Institute for Securities & Investment

Managing Cyber Security

Objective of the Examination


The objective of the examination is to ensure that candidates have a basic knowledge of
the threat of Cybercrime and are able to evaluate the risks to the financial services
industry thus enabling the development of effective security solutions to prevent, detect
and mitigate cyber attacks.

The examination will test candidates across the following elements:

The background and nature of information security and Cybercrime

The legislative environment

The public-private interface

Cybercrime and the Financial Services Industry

Combating Cybercrime

Trends in Economic Crime Compliance

Syllabus Structure
The syllabus is divided into elements. These are broken down into sections of learning
objectives.

Each learning objective begins with the prefix Know, Understand, or Identify. These
words indicate the different levels of skill to be tested. Learning objectives prefixed:

Know require candidates to recall information such as facts, rules and principles

Understand require candidates to demonstrate comprehension of an issue, fact,


rule or principle

Identify require candidates to be able to discern a type of activity based on a


given scenario

Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security

Candidate Update
Candidates are reminded to check the Candidate Update area of the Institutes website
(www.cisi.org.) on a regular basis for updates that could affect their examination as a
result of industry change.

Examination Specification
Each examination paper is constructed from a specification that determines the
weightings that will be given to each element. The specification is given below.

It is important to note that the numbers quoted may vary slightly from examination to
examination as there is some flexibility in order to ensure that each examination has a
consistent level of difficulty. However, the number of questions tested in each element
should not change by more than plus or minus 2.

Examination specification
50 multiple choice questions
Element number
1

Element

Questions

The Background and Nature of Information


Security and

The legislative environment

The public-private interface in combating

Cybercrime and the financial services industry

Combating

10

Trends in Economic Crime Compliance

8
Total

Version 1

12

Chartered Institute for Securities & Investment

50

Managing Cyber Security

Assessment Structure
A 1 hour examination of 50 multiple choice questions.

Candidates sitting the exam by Computer Based Testing may have, in addition, up to
10% of additional questions as trial questions that will not be separately identified and
do not contribute to the result. Candidates will be given proportionately more time to
complete the test.

Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security

Summary Syllabus
Element 1

The Background and Nature of Information Security and Cybercrime

1.1

Definitions

1.2

Technical Cybercrime attacks

1.3

The human element

Element 2

The legislative environment

2.1

Legal concepts

2.2

UK legislation

2.3

Relevant foreign legislation

Element 3

The public-private interface in combating Cybercrime

3.1

Law enforcement agencies

3.2

Standards and best practice

3.3

The financial services industry

Element 4

Cybercrime and the financial services industry

4.1

Recognising the threat

4.2

Known vulnerabilities

4.3

Cybercrime detection

Element 5

Combating Cybercrime

5.1

Proactive governance

5.2

Risk management

5.3

Stress testing

5.4

Incident response

5.5

Business continuity

Element 6

Trends in Economic Crime Compliance

6.1

Emerging threats

6.2

Ethical issues

Version 1

Chartered Institute for Securities & Investment

Managing Cyber Security

Element 1
1.1

The Background and Nature of Information Security and Cybercrime


Definitions
On completion, the candidate should:
1.1.1 know the difference between the Internet and the World Wide Web
1.1.2 know the meaning of:

The Deep Web

The Dark Web

1.1.3 know the meaning of the term Cloud computing


1.1.4 understand the meaning of:

Software as a Service (SaaS)

Hardware as a Service (HaaS)

Infrastructure as a Service (IaaS)

1.1.5 know the meaning of the term co-location


1.1.6 know the meaning of:

database structure

Internet protocol (IP) addressing versions 4 and 6

domain Name servers

routers and gateways

data packets

1.1.7 know the Financial Conduct Authority (FCA) definition of electronic


money
1.1.8 understand the definition of information security

1.2

Distinctions
On completion, the candidate should:
1.2.1 know how cyber security is distinct from information security

1.2.2 understand the distinction between Cybercrime and cyber-enabled


crime
Chartered Institute for Securities & Investment
Version 1

Managing Cyber Security

1.3

Fundamental issues
On completion, the candidate should:
1.3.1 understand the fundamentals of cyber security:

1.4

Policies & Standards

Identity & Access Management

Threat & Vulnerability Management

Outside Service Providers

IT Risk Management

Technical Cybercrime attacks


On completion, the candidate should:
1.4.1 identify the following types of network level technical Cybercrime
attack:

denial of Service (DoS) and distributed denial of service (DDoS)

man-in-the-middle attacks (MitM)

sniffing attacks

session hijacks

Botnets

Malnets

Spam

1.4.2 identify the following types of network level technical Cybercrime


attack:

Version 1

remote code injection

structured query language (SQL) injection

cross site scripting (XXS)

format string vulnerabilities

user name enumeration

Chartered Institute for Securities & Investment

Managing Cyber Security

1.4.3 identify the most common types of technical Cybercrime attack at


device level:

device intrusions / hacking

password cracks

physical key loggers

in-built infections at point of manufacture or sale

device-sharing risks

device disposal and maintenance-related data breaches

device theft

1.4.4 identify the most common technical Cybercrime attack via


peripheral devices:

bring your own device (BYOD) risks

removable media risks

printer risks

1.4.5 identify the following types of technical Cybercrime based on


application exploits:

application hacking

password cracks

code injection

malicious websites

drive-by downloads

1.4.6 identify the main types of technical Cybercrime arising from


malware exploits, including:

Viruses

Worms

Trojans

Spyware

Rootkits

Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security


1.4.7 identify the following types of technical Cybercrime:

1.5

crypto-extortion attacks

web attack toolkits

data leakage and breaches

online frauds and other financially motivated eCrimes

The human element


On completion, the candidate should:
1.5.1 identify the most common types of technical Cybercrime stemming
from user-level issues:

errors and accidental disclosures

rogue insiders

Insider frauds

identity theft

Phishing

Pharming

physical intrusions

password sharing and weak passwords

self-provisioning

1.5.2 understand Social media risk in relation to Cybercrime:

Version 1

Social engineering ploys

identity theft

contact network analysis

blackmail

harassment

stalking

grooming

data breaches

Chartered Institute for Securities & Investment

Managing Cyber Security

reputational harm and brand damage

target acquisition and reconnaissance

1.5.3 know key desktop attack and concealment techniques used in


Cybercrime:

Element 2
2.1

search engine robots ploys

page source edits and hidden text

advanced online searching and reconnaissance

LinkedIn, Facebook and Twitter searches

security & privacy vulnerabilities

image searching methods

mapping & geo-location vulnerabilities

The legislative environment


Legal concepts
On completion, the candidate should:
2.1.1 understand the key concepts influencing internet law:

2.2

net neutrality

free speech on the Internet

Internet censorship

privacy expectations

Intelligence services surveillance

responsibilities of Internet Service Providers (ISPs)

UK legislation
On completion, the candidate should:
2.2.1 know the offences created under the Computer Misuse Act (1990)

10

Offence 1: accessing computer material without permission

Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security

Offence 2: accessing computer material without permission with


intent to commit further criminal offences

Offence 3: altering computer data without permission

2.2.2 know the maximum penalties applicable to Offence 1


2.2.3 know the maximum penalties applicable to Offence 2
2.2.4 know the maximum penalties applicable to Offence 3
2.2.5 know the amendment to unauthorised access and the 2 additional
offences defined in the Police and Justice Act (2006)

Section 36: unauthorised acts with intent to impair operation of


computer

Section 37: making, supplying or obtaining articles for use in


computer misuse offences

2.2.6 understand how the Fraud Act (2006) relates to Cybercrime

fraud by false representation

2.2.7 know the maximum penalty stipulated under the Fraud Act (2006)
2.2.8 understand how the Data protection Act (1998) relates to
Cybercrime
2.2.9 know the penalties that may be imposed for failing to comply with
the 8 data principles
2.2.10 Understand the core principles of the Regulation of Investigatory
Powers Act (RIPA) with respect to communications meta-data and
message content

2.3

Relevant foreign legislation


On completion, the candidate should:
2.3.1 know how European Union (EU) data protection law relates to
Cybercrime
2.3.2 know key US regulation and guidance that relates to Cybercrime

Version 1

Homeland Security Act (2002)

The DHS Critical Infrastructure Cyber Community (C-cubed)


Voluntary Program

Electronic Communication Privacy Act (1986)

Privacy Act (1974)

Chartered Institute for Securities & Investment

11

Managing Cyber Security

Element 3
3.1

Federal Information Security Management Act (2002)

Executive Order 13636, Improving Critical Infrastructure


Cybersecurity

The public-private interface in combating Cybercrime


Law enforcement agencies
On completion, the candidate should:
3.1.1 understand the role and activities of the following UK and EU
agencies:

3.2

the National Crime Agency (NCA)

the Metropolitan Police Service (Met) & SO15

the City of London Police

regional Police forces

Europol

Standards and best practice


On completion, the candidate should:
3.2.1 know the purpose and content of the main international standards
for Information security management
3.2.2 know the purpose and content of the UK governments (GCHQ)
information assurance Cyber Essentials scheme
3.2.3 understand the purpose and content of the UK Government
Communications Headquarters (GCHQ) guidance entitled 10 steps
to cyber security
3.2.4 understand the role of the European Network and Information
Security Agency (ENISA)

3.3

The financial services industry


On completion, the candidate should:
3.3.1 know the role of UK and EU Information Commissioners in relation
to Cybercrime

12

Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security


3.3.2 understand the obligations of financial services firms to the
Information Commissioner
3.3.3 know the role of the Financial Conduct Authority (FCA) and
Prudential Regulation Authority (PRA) in relation to Cybercrime

general activities

Operation Waking Shark

3.3.4 understand the obligations of financial services firms to the FCA


and PRA with regard to a Cybercrime event

Element 4
4.1

Cybercrime and the financial services industry


Recognising the threat
On completion, the candidate should:
4.1.1 understand the importance of financial services as a component of
critical national infrastructure:

Threats and impacts at national level

Managing cyber dependencies

National cyber security culture

4.1.2 understand how financial services firms are exposed to various


categories of cybercriminal

4.2
Version 1

employees and contractors

Hacktivists or single-issue extremists

Hackers and Script Kiddies

fraudsters

nation states

organised crime networks

malware developers

software developers

social engineers

Known vulnerabilities
Chartered Institute for Securities & Investment

13

Managing Cyber Security

On completion, the candidate should:


4.2.1 know typical classes of Cybercrime vulnerability affecting networks
4.2.2 know the typical classes of Cybercrime vulnerability of connected
devices
4.2.4 Know the typical classes of Cybercrime vulnerability of common
applications (Apps) and browsers
4.2.5 know the typical Cybercrime vulnerabilities of database systems

4.3

Cybercrime detection
On completion, the candidate should:
4.3.1 know how Firewalls are used to detect cyber-attacks and
vulnerabilities
4.3.2 know how intrusion detection systems (IDS) are used to detect
cyber-attacks and vulnerabilities
4.3.3 know how anti-malware applications are used to detect cyberattacks and vulnerabilities
4.3.4 know how logging and reporting applications are used to detect
cyber-attacks and vulnerabilities
4.3.5 know how penetration testing and vulnerability assessment
methodologies are employed to detect cyber-attacks
4.3.6 understand how other common data sources can be utilised to
identify evidence of Cybercrime, including:

Element 5
5.1
14

customer complaints

suspicious transactions

Internet and website usage patterns

customer device profiles

employee turnover statistics

Combating Cybercrime
Proactive governance
Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security


On completion, the candidate should:
5.1.1 understand the goals of information security governance:

scope and charter

organisational and third-party relationships

key cyber security and information security risk metrics

5.1.2 understand the information security framework:

strategy

risk management processes

business impact assessments

policies and procedures

compliance

audit methodologies

testing and validation

training and awareness

5.1.3 know commonly accepted cyber security control frameworks:

control categories

baseline controls

strengths and methods

components and architecture

inventory management and control (configuration management


databases)

user profiles and privileges management and reviews

key metrics

reporting exceptions

5.1.4 know effective due diligence techniques for:

Version 1

customers

employees

service providers

Chartered Institute for Securities & Investment

15

Managing Cyber Security

5.1.5 understand the impact of culture on cyber security for international


business

5.2

Risk management
On completion, the candidate should:
5.2.1 know the additional measures financial services firms can take to
manage the risk of Cybercrime originated or enabled by an
employee:

raising awareness

improving the management of privileges for joiners, movers and


leavers

classifying and segmenting data

embedding ethical practice in relation to data security

implementing whistleblowing procedures

5.2.2 know the implications of Cybercrime for technological procurement

bespoke software development

standards of software development

supplier due diligence

hardware and software lifecycles, including disposal with


respect to corporate social responsibility and the data protection
principles

5.2.3 know how to manage the risk of Cybercrime throughout the


employee lifecycle

5.3

Stress testing
On completion, the candidate should:
5.3.1 understand the application of penetration testing to different types
of vulnerabilities
5.3.2 understand the correct application of prepared planning and dry-run
modelling
5.3.3 know how firms can measure, or predict, the impact of cyber attack

16

Chartered Institute for Securities & Investment

Version 1

Managing Cyber Security


5.4

Incident response
On completion, the candidate should:
5.4.1 know the role of a computer emergency response team (CERT) or
computer security incident response team (CSIRT)
5.4.2 understand the concept of recovery time objectives (RTO)
5.4.3 know the components of an incident management procedure
5.4.4 know how to develop an incident management response plan

5.5

Business continuity
On completion, the candidate should:
5.5.1 understand the concept of business recovery and disaster recovery
planning (DRP)
5.5.2 know the purpose of the FCA Business Continuity Management
Practice Guide
5.5.3 know FCA requirements for business continuity (SYSC 13.8) and
incident response

Version 1

Chartered Institute for Securities & Investment

17

Managing Cyber Security

Element 6
6.1

Trends in Economic Crime Compliance


Emerging threats
On completion, the candidate should:
6.1.1 know the key sources of information on emerging vulnerabilities
6.1.2 know the concept of the Internet of Things (IOT)
6.1.3 understand the evolution and use of big data analytics
6.1.4 know the specific threats relating to cryptocurrencies such as
Bitcoin
6.1.5 know the specific threats relating to unregulated payment models
6.1.6 know the specific threats relating to mobile payment devices
6.1.7 know the specific threats relating to Cloud computing
6.1.8 know the specific risks relating to co-location
6.1.9 know the purpose and limitations of risk avoidance through
Cybercrime insurance policies

6.2

Ethical issues
On completion, the candidate should:
6.2.1 understand how the use of big data relates to FCA financial
promotion rules and Treating Customers Fairly (TCF)

informed consent

6.2.2 understand the concept of ethical search engine optimisation


6.2.3 know the concept of a fair usage policy
6.2.4 know the concept of good online practice
6.2.5 understand the balance between employee monitoring and
employee privacy:

18

the implications of Californian Law A.B. 1844

Chartered Institute for Securities & Investment

Version 1

Оценить