Please check this page for all updates on Risk Management Training.
Presentation Slides / Notes
Classwork / Workshops
Class work 1:
Class Work 2:
- Please go to your email and screenshot all the possible phishing emails you find.
- Describe the features of these emails that made you realise they were phishing emails.
- Describe what you can do to prevent such emails from reaching your inbox in the future.
- Describe what measures you can put in place to ensure your staff and team members do not fall victim to such emails.
- In the event that a team member gets compromised, what can you do to limit the spread?
Useful Documents
- 10 Steps_ Secure Configuration – NCSC Site
- Common Cyber Attacks_ Reducing the Impact – NCSC Site
- 10 Steps_ A Board Level Responsibility – NCSC Site
- 10 Steps_ Executive Summary – NCSC Site
- Penetration Testing – NCSC Site
- 10 Steps_ Incident Management – NCSC Site
- 10 Steps_ Home and Mobile Working – NCSC Site
- 10 Steps_ Removable Media Controls – NCSC Site
- 10 Steps_ Monitoring – NCSC Site
- 10 Steps_ User Education and Awareness – NCSC Site
- 10 Steps_ Managing User Privileges – NCSC Site
- 10 Steps_ Network Security – NCSC Site
MORE RESOURCES ON DIGITAL RISK MANAGEMENT
Basic terminologies
- Glossary of Key Information Security Terms, National Institute of Standards and Technology, June 05, 2013
- What is cybersecurity? In search of an encompassing definition for the post-Snowden era, Morten Bay, French Journal For Media Research, n° 6/2016, ISSN 2264-4733
- ISO/IEC 27032 Information Technology – Security Techniques – Guidelines for Cybersecurity, IsecT
- Cyberspace: Definition and implications, Ottis, R., & Lorents, P. (2010). ICIW, 267–270.
Cyber Security Trends, Best Practices, etc.
- The future of risk management in the digital era, McKinsey & Company
- Key cybersecurity problems expected to mark 2021, Help Net Security
- Cybersecurity Insiders 2020 by AWS Cloud Security Report, Cybersecurity Insiders
- Cisco 2017 Annual Cybersecurity Report, Cisco Systems, Inc.
Stuxnet malware, APT
- How Digital Detectives Deciphered Stuxnet, The Most Menacing Malware in History, Kim Zetter, Wired
- Advanced Persistent Threat (APT), Imperva
- What is Ransomware?, CISA.gov
Privacy Risks
- The Eternal Value of Privacy, Bruce Schneier, Schneier on Security
- Why Privacy Matters: Glenn Greenwald at TEDGlobal 2014, Laura McClure, TED Blog
- Privacy in the Internet of Things: Threats and Challenges, Ziegeldorf, J. H., Morchon, O. G., & Wehrle, K. (2014). Security and Communication Networks, 7 (12), 2728-2742.
- A Day In the Life of Your Data, Apple, 2021.
RESOURCES
General Risk Management
Information security risk management: Understanding the components, Peter Sullivan, TechTarget
Note: the publisher asks for a corporate email address and additional information to access this article
What is Risk? The Bald Tire Scenario (video), Jack Jones, The FAIR Institute
Building an information security risk management program
Managing Information Security Risk: Organization, Mission, and Information System View, National Institute of Standards and Technology, NIST Special Publication 800-39
Guide for Conducting Risk Assessments, National Institute of Standards and Technology, NIST Special Publication 800-30
Risk management methodologies, tools and related standards
Definition: OCTAVE, Margaret Rouse, WhatIs.com
Introduction to Factor Analysis of Information Risk (FAIR), Jack A. Jones, CISSP, CISM, CISA, Risk Management Insight
Measuring and Managing Information Risk: A FAIR Approach, Jack Freund and Jack Jones, Butterworth-Heinemann, 2014. ISBN-13: 978-0124202313
IT Security Standards and Best Practices, InfoSec
COBIT 4.1: Framework for IT Governance and Control, ISACA
Threat Intelligence
Threat Intelligence Platforms: The Next ‘Must-Have’ For Harried Security Operations Teams, Tim Wilson, Editor in Chief, Dark Reading
Comparing the top threat intelligence services, Ed Tittel, TechTarget
REGISTER YOUR INFO TO RECEIVE DIRECT UPDATES