DIGITAL FORENSIC FRAUD AND IT SECURITY TRAINING
THE NEED
It is not a secret that crime incidents involving cyber-crime are on the rise and there is an urgent need for organizations to review their general IT security controls.
With the increasing usage and dependency on IT based operations coupled with growing sophistication in technology, cyber-crime is also on the rise. Attacks on sites, directory and routing services are often linked to advanced international hackers with extortion in mind.
In addition increasing use of computers for processing organizational data has added a new scope to the review and evaluation of internal controls for audit purposes. IT controls are of great value in any computerized system and it is important for an organization to ensure that not only adequate controls exist, but they also work effectively. Internal controls should be commensurate with the risk assessed to as to reduce the impact of identified risks to acceptance levels. There is therefore a need to evaluate the adequacy of internal controls in computer systems to mitigate the risk of loss due to errors, fraud and other acts and disasters or incidents that may cause the system to be unavailable.
ABOUT THE TRAINING
This 5-day program is designed to provide a firm base of understanding of cybercrime in an organizational wide context, to show the degree of required competency and proficiency needed in preventing, detecting, and reporting and redressing cyber-crime.
TRAINING OBJECTIVES
At the e end of the seminar, participants will be able to:
• Demonstrate application of new knowledge of IT security systems
• Identify a range of electronic crime fraud activities
• Identify how cyber-crime can seep into the business
• Spot indicators and detect mechanisms on cybercrime
• Understand required ethical investigations and reporting standards
• Confidently set out fraud policy, best practice and compliance mechanisms.
• Demonstrate how to create an Anti-Fraud culture within the organization
TRAINING METHODOLOGY
The content of the program will be structured from introductory level, to dismantle some ‘common sense’ assumptions of what CYBER-SECURITY is and gain new insight. The program will then build and follow a format of presentations backed by case studies. For full training value, structured and perceptive group work will be included to help apply new awareness and skills to different fraud scenarios.
Participants must come with their laptops to facilitate practicals and demonstrations during the training.
WHO SHOULD ATTEND?
The training will be of great benefit to; IT/ICT Managers and Officers, Data Security Professionals, System Auditors, Site Administrators and those concerned about security and integrity of network infrastructure in Banks, National and County Governments Parastatals, Telco’s, Private Enterprises, NGOs and SACCOS ,Finance Managers and Internal Auditors
TRAINING OUTLINE
The 5-day training program will cover the following aspects in detail.
Overview of Cyber Crime
• What is cyber-crime?
• The nature of cyber-crime
• Types of cyber-crime
• Impact of cyber-crime on Personal, Corporate and Nation
Cyber Crime, Law and Ethics
• Criminal Justice system in Kenya
• Law of Evidence
• Case studies on cybercrime
Cybercrime Fraud Schemes
• Challenges of dealing with cybercrime
• Civil remedy and criminal intent
• Admissibility of electronic crime
Digital Forensic and Computer Security
• Branches of forensic
• Network forensic security
• Database forensic
• Mobile forensics
Steps performed in Digital Forensic
• Seizing (rights to property)
• Imaging
• Analysis
• Documentation and reporting
Developing Digital Forensic Report
• Report design
• Characteristics of a good report
• Motive, Opportunity and Means (MOM)
• IT security compliance
• Exhibits, annexure
• Annexures
• Case studies
Cybercrime: Information security as countermeasures
• What’s information security
• Dimensions of information security
• Means of information protection: people, processes and technology
• Governance: policies, standards and guidelines
• Risk management: assessment and compliance
• Strategies and counter measures
Access Controls and Management
• Restriction of access rights to networks, computer systems, application, functions and data
• Identification, authentication and access
• Access control methods: passwords
• Access threats: password cracking/guessing/tools
Application and Network Security Systems
• Information Systems Acquisition
• Secure System Development Life Cycle (SSDLC)
• Network Security, including wireless security
• Host application and data security
Business Continuity Management
• Business continuity and disaster recovery planning
• Planning for crisis and response
• Response and recovery teams composition, roles and responsibilities
Practical Session
• Digital forensic and Analytical tool
• Forensic Explorer, DT Search / IDEA
• Forensic Explorer
Venue : Nairobi, Kenya
Training Duration : 5 Days
Registration Deadline : 23rd June 2017
Target Region : Global
Training Fee : US$1,200
Language : English
Kindly contact : [email protected]
To apply visit : www.intexservices.co.ke