All staff that use computers in any financial institution must be required to undergo CSCU certification training so as to promote computer security and minimize the risk of fraud and cyber attack. This is needed as a matter of urgency. Failure by financial institutions and telecom companies to provide proper structured training to their staff is a source of several ‘weak links’ within the organisation’s security program. The risk of cyber attack and computer aided fraud is real. You need the skills at user level to prevent and protect your organisation.
At several disciplinary hearings I have attended, staff often use the excuse of ‘I did not know my responsibility’ for my username and password. People use the excuse of ignorance to escape responsibility for their negligence in ensuring information system security over their system access rights.
Below are the top 10 reasons why CSCU will not only help the organisation reduce cyber and computer related frauds by over 60%, but provides an opportunity to employees to excel in their career. Every one wants people who are educated about information security.
1. Total Computer Security Framework for Enterprise End Users
EC-Council Basic Computer Security Framework for Enterprise End Users is based on a comprehensive analysis of fundamental information security job roles and critical information security controls. The framework encompasses the established standard, guidelines and frameworks available for computer security from an end user perspective. CSCU completely maps to EC-Council Basic Computer Security Framework for Enterprise End Users.
2. Standard Compliance
CSCU provides fundamental knowledge required for compliance to various information security standards such as:
Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for institutions that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The PCI DSS council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc to promote security over the use of payment cards. All organizations that make, issue, process or handle payment cards must be compliant with the PCI DSS to ensure security.
The Health Insurance Portability and Accountability Act was passed by Congress in 1996. HIPAA provides for the following:
- Provides the ability to transfer and continue health insurance coverage for millions of workers [ American] and their families when they change or lose their jobs;
- Reduces health care fraud and abuse;
- Mandates industry-wide standards for health care information on electronic billing and other processes; and
- Requires the protection and confidential handling of protected health information
This regulation is considered best practice for the health sector information security management. Most countries have adopted it for implementation as it promotes best practices — Uganda and EA in general are no exception.
The Family Educational Rights and Privacy Act of 1974 (FERPA or the Buckley Amendment) is a United States federal law.
It gave students access to their education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student’s consent prior to the disclosure of education records after that student is 18 years old. The law only applies to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education. (Source: Wikipedia). More information here.
iv. ISO 27001
ISO 27001 defines how to organize information security in any kind of organisation, profit or non-profit, private or state-owned, small or large. It is safe to say that this standard is the foundation of information security management.
ISO 27001 is for information security the same thing that ISO 9001 is for quality. ISO 27001 is the international standard which is recognized globally for managing risks to the security of business information. Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of information you hold. ISO 27001:2005 (the current version of ISO 27001) provides a set of standardized requirements for an information security management system (ISMS). The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS
The ISO 27001 Information Security Management system (ISMS) standard provides a framework for Information Security Management best practice that helps organizations:
- protect clients and employee information
- manage risks to information security effectively
- achieve compliance
- protects the company’s brand image.
All organizations are advised to be ISO 27001 compliant, and to undergo annual independent security reviews to ensure total security over their information assets. Is your organisation ISO compliant?
FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. These standards are adopted as best practices by companies world over.
The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses). The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.
The Federal Information Security Management Act of 2002 (“FISMA”, 44 U.S.C. § 3541, et seq.) is a US law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107–347, 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
FISMA has brought attention within the federal government to cyber security and explicitly emphasized a “risk-based policy for cost-effective security.” FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency’s information security program and report the results to Office of Management and Budget (OMB). OMB uses this data to assist in its oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act. In FY 2008, federal agencies spent $6.2 billion securing the government’s total information technology investment of approximately $68 billion or about 9.2 percent of the total information technology portfolio (Source: Wikipedia).
3. Hands-on Training
CSCU provides effective hands-on instructions for computer security. All the modules in CSCU program are purely based on hands-on training. Every module has step by step instructions to configure computer security. You will be amassed by the skills you will acquire. How good is your investment in technology if you do not have strategies and insights to protect them?
4. Well Designed Labs
CSCU lab manual contains well designed and instructed labs to reinforce the learning. Labs present real time security challenges to students and demonstrate the workarounds.
At SCL training lab, you will be able to configure your own computer security. No need for those system administrators who for long are known to be a source of security risks.
Some computer administrators when they come to fix your computer security, they often leave behind a ‘spyware’ which keeps sending them all the activities on your computer. In the end, you are too open to have any secret.
Come and learn at SCL how to be secure effectively.
5. Security Tools DVD
Well organized DVD-ROM content. CSCU DVD-ROM includes approximately 2.5 GB of security tools. You will get all the tools you need to ensure your personal security.
6. Video Demonstrations
DVD set also includes approximately 250 minutes of video demonstration of various computer security techniques.
7. Security Checklist and Guidelines
Detailed security checklist and guidelines at the end of each module to identify, remove and protect your system from viruses, Trojans, worms, and attacks.
8. Up-to-Date Information
CSCU provides updated information, well organized content, and covers latest operating systems.
9. Coverage of Latest Security Threats
CSCU covers emerging threats such threats to information security due to social networking and evolution of smartphones, pads, etc. and also focuses on advance security challenges such as identity theft, insider attacks, etc.
10. Visual Content Technology (VCT)
CSCU presents security concepts, threats, attacks, and countermeasures in graphically rich presentation style for better understanding.
Copyright Summit Consulting Ltd, 2013. All rights reserved.