Managing Cyber Security

Managing Cyber Security

Version 3 © Chartered Institute for Securities & Investment 1


Effective from 11 January 2019

© Chartered Institute for Securities & Investment


2 © Chartered Institute for Securities & Investment Version 3

Objective of the Examination

The objective of the examination is to ensure that candidates have a basic knowledge of

the threat of Cybercrime and are able to evaluate the risks to the financial services

industry thus enabling the development of effective security solutions to prevent, detect

and mitigate cyber-attacks.

The examination will test candidates across the following elements:

• The background and nature of information security and Cybercrime

• The legislative environment

• The public-private interface

• Cybercrime and the Financial Services Industry

• Combating Cybercrime

• Trends in Economic Crime Compliance

Syllabus Structure

The syllabus is divided into elements. These are broken down into sections of learning

objectives.

Each learning objective begins with the prefix Know, Understand, or Identify. These

words indicate the different levels of skill to be tested. Learning objectives prefixed:

• Know require candidates to recall information such as facts, rules and principles

• Understand require candidates to demonstrate comprehension of an issue, fact,

rule or principle

• Identify require candidates to be able to discern a type of activity based on a

given scenario



Candidate Update

Candidates are reminded to check the ‘Candidate Update’ area of the Institute’s website

(www.cisi.org.) on a regular basis for updates that could affect their examination as a

result of industry change.

Examination Specification

Each examination paper is constructed from a specification that determines the

weightings that will be given to each element. The specification is given below.

It is important to note that the numbers quoted may vary slightly from examination to

examination as there is some flexibility in order to ensure that each examination has a

consistent level of difficulty. However, the number of questions tested in each element

should not change by more than plus or minus 2.

Examination specification

50 multiple choice questions

Element number Element Questions

1 The Background and Nature of Information

Security and Cybercrime 12

2 The Legislative Environment 8

3 The Public-Private Interface in Combating

Cybercrime and the Financial Services Industry 5

4 Cybercrime and the Financial Services Industry 7

5 Cybercrime and the Financial Services Industry 10

6 Trends in Economic Crime Compliance 8

Total 50



Assessment Structure

A 1-hour examination of 50 multiple choice questions.

Candidates sitting the exam by Computer Based Testing may have, in addition, up to

10% of additional questions as trial questions that will not be separately identified and do

not contribute to the result. Candidates will be given proportionately more time to

complete the test.



Summary Syllabus

Element 1 The Background and Nature of Information Security and Cybercrime

1.1 Definitions

1.2 Distinctions

1.3 Fundemental Issues

1.4 Technical Cybercrime attacks

1.5 The Human element

Element 2 The Legislative Environment

2.1 Legal concepts

2.2 UK legislation

2.3 Relevant foreign legislation

Element 3 The Public-Private Interface in Combating Cybercrime

3.1 Law enforcement agencies

3.2 Standards and best practice

3.3 The financial services industry

Element 4 Cybercrime and the Financial Services Industry

4.1 Recognising the threat

4.2 Known vulnerabilities

4.3 Cybercrime detection

Element 5 Combating Cybercrime

5.1 Proactive governance

5.2 Risk management

5.3 Stress testing

5.4 Incident response

5.5 Business continuity

Element 6 Trends in Economic Crime Compliance

6.1 Emerging threats

6.2 Ethical issues



Element 1 The Background and Nature of Information Security and Cybercrime

1.1 Definitions

On completion, the candidate should:

know the difference between the Internet and the World Wide Web

know the meaning of:

• The Deep Web

• The Dark Web

know the meaning of the term Cloud computing

understand the meaning of:

• Software as a Service (SaaS)

• Platform as a Service (PaaS)

• Infrastructure as a Service (IaaS)

know the meaning of:

• database structure

• Internet protocol (IP) addressing versions 4 and 6

• domain name servers

• routers and gateways

• data packets

know the Financial Conduct Authority (FCA) definition of electronic money

understand the definition of information security

1.2 Distinctions


know how cyber security is distinct from information security

understand the distinction between Cybercrime and cyber-enabled crime



1.3 Fundamental issues


understand the fundamentals of cyber security:

• Policies & Standards

• Identity & Access Management

• Threat & Vulnerability Management

• Outside Service Providers

• IT Risk Management

1.4 Technical Cybercrime attacks


identify the following types of network level technical Cybercrime attack:

• denial of Service (DoS) and distributed denial of service (DDoS)

• Distributed reflected denial of service attacks (DRDoS)

• man-in-the-middle attacks (MitM)

• sniffing attacks

• session hijacks

• Botnets

• Malnets

• Spam

identify the following types of network level technical Cybercrime attack:

• remote code injection

• structured query language (SQL) injection

• cross site scripting (XXS)

• format string vulnerabilities

• user name enumeration



identify the most common types of technical Cybercrime attack at device level:

• device intrusions / hacking

• password cracks

• physical key loggers

• in-built infections at point of manufacture or sale

• device-sharing risks

• device disposal and maintenance-related data breaches

• device theft

identify the most common technical Cybercrime attack via peripheral devices:

• bring your own device (BYOD) risks

• removable media risks

• printer risks

identify the following types of technical Cybercrime based on application exploits:

• application hacking

• password cracks

• code injection

• malicious websites

• drive-by downloads

identify the main types of technical Cybercrime arising from malware exploits, including:

• Viruses

• Worms

• Trojans

• Spyware

• Rootkits



identify the following types of technical Cybercrime:

• crypto-extortion attacks or ransomware

• web attack toolkits and scripts

• data leakage and breaches

• online frauds and other financially motivated eCrimes

1.5 The human element


identify the most common types of technical Cybercrime stemming from user-level issues:

• errors and accidental disclosures

• rogue insiders

• Insider frauds

• identity theft

• Phishing

• Vishing

• Pharming

• physical intrusions

• password sharing and weak passwords

• self-provisioning

understand Social media risk in relation to Cybercrime:

• Social engineering ploys

• identity theft

• contact network analysis

• blackmail

• harassment

• stalking

• grooming



• data breaches

• reputational harm and brand damage

• target acquisition and reconnaissance

know key desktop attack and concealment techniques used in Cybercrime:

• keylogging

• screen-scraping

• advanced online searching and reconnaissance

• Google and Pastebin

• LinkedIn, Facebook and Twitter searches

• security & privacy vulnerabilities

• image and reverse-image searching methods

• mapping & geo-location vulnerabilities

Element 2 The Legislative Environment

2.1 Legal concepts


understand the key concepts influencing internet law:

• net neutrality

• free speech on the Internet

• Internet censorship

• privacy expectations

• Intelligence services surveillance

• responsibilities of Internet Service Providers (ISP’s)



2.2 UK legislation


know the offences created under the Computer Misuse Act (1990)

• Offence 1: unauthorised access to computer material

• Offence 2: unauthorised access with intent to commit or facilitate commission of further offences

• Offence 3: unauthorised access with intent to impair

know the maximum penalties applicable to Offence 1



know the amendment to “unauthorised access” and the two additional offences defined in the Police and Justice Act (2006)

• Section 36: unauthorised acts with intent to impair operation of computer

• Section 37: making, supplying or obtaining articles for use in computer misuse offences

understand how the Fraud Act (2006) relates to Cybercrime

• fraud by false representation

know the maximum penalty stipulated under the Fraud Act (2006)

know how the European Union (EU) General Data Protection Regulation relates to Cybercrime

understand the core principles of the Regulation of Investigatory Powers Act (RIPA) with respect to communications meta-data and message content

2.3 Relevant foreign legislation


know key US regulation and guidance that relates to Cybercrime

• Homeland Security Act (2002)

• The Department of Homeland Security (DHS) Critical Infrastructure Cyber Community (C-cubed) Voluntary Program

• Electronic Communication Privacy Act (1986)



• Privacy Act (1974)

• Federal Information Security Management Act (2002)

• Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”

Element 3 The Public-Private Interface in Combating Cybercrime

3.1 Law enforcement agencies


understand the role and activities of the following UK and EU agencies:

• the National Crime Agency (NCA)

• the Metropolitan Police Service (Met) & SO15

• the City of London Police

• regional Police forces

• Europol

3.2 Standards and best practice


know the purpose and content of the main international standards for Information security management

know the purpose and content of the UK government’s (GCHQ) information assurance “Cyber Essentials” scheme

understand the purpose and content of the UK Government Communications Headquarters (GCHQ) guidance entitled “10 steps to cyber security”

understand the role of the UK National Cyber Security Centre (NCSC)

understand the role of the European Network and Information Security Agency (ENISA)



3.3 The financial services industry


know the role of UK and EU Information Commissioners in relation to Cybercrime

understand the obligations of financial services firms to the Information Commissioner

know the role of the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) in relation to Cybercrime

understand the obligations of financial services firms to the FCA and PRA with regard to a Cybercrime event

Element 4 Cybercrime and the Financial Services Industry

4.1 Recognising the threat


understand the importance of financial services as a component of critical national infrastructure:

• Threats and impacts at national level

• Managing cyber dependencies

• National cyber security culture

understand how financial services firms are exposed to various categories of cybercriminal

• employees and contractors

• “Hacktivists” or single-issue extremists

• Hackers and Script Kiddies

• fraudsters

• nation states

• organised crime networks

• malware developers

• software developers

• social engineers



4.2 Known vulnerabilities


know typical classes of Cybercrime vulnerability affecting networks

know the typical classes of Cybercrime vulnerability of connected devicesknow the typical classes of Cybercrime vulnerability of common applications (Apps) and browsers

know the typical Cybercrime vulnerabilities of database systems

4.3 Cybercrime detection


know how Firewalls are used to detect cyber-attacks and vulnerabilities

know how intrusion detection systems (IDS) are used to detect cyber-attacks and vulnerabilities

know how anti-malware applications are used to detect cyber-attacks and vulnerabilities

know how logging and reporting applications are used to detect cyber-attacks and vulnerabilities

know how penetration testing and vulnerability assessment methodologies are employed to detect cyber-attacks

know how artificial intelligence is used to detect cyber-attacks and vulnerabilities, its limits and its role in financial services, as well as the resulting cyber security risks

understand how other common data sources can be utilised to identify evidence of Cybercrime, including:

• customer complaints

• suspicious transactions

• Internet and website usage patterns

• customer device profiles

• employee turnover statistics



Element 5 Combating Cybercrime

5.1 Proactive governance


understand the goals of information security governance:

• scope and charter

• organisational and third-party relationships

• key cyber security and information security risk metrics

understand the information security framework:

• strategy

• risk management processes

• business impact assessments

• policies and procedures

• compliance

• audit methodologies

• testing and validation

• training and awareness

know commonly accepted cyber security control frameworks:

• control categories

• baseline controls

• strengths and methods

• components and architecture

• inventory management and control (configuration management databases)

• user profiles and privileges management and reviews

• key metrics

• reporting exceptions



know effective due diligence techniques for:

• customers

• employees

• service providers

understand the impact of culture on cyber security for international business

5.2 Risk management


know the additional measures financial services firms can take to manage the risk of Cybercrime originated or enabled by an employee:

• raising awareness

• improving the management of privileges for joiners, movers and leavers

• classifying and segmenting data

• embedding ethical practice in relation to data security

• implementing whistleblowing procedures

know the implications of Cybercrime for technological procurement

• bespoke software development

• standards of software development

• supplier due diligence

• hardware and software lifecycles, including disposal with respect to corporate social responsibility and the data protection principles

know how to manage the risk of Cybercrime throughout the employee lifecycle



5.3 Stress testing


understand the application of penetration testing to different types of vulnerabilities

understand the correct application of prepared planning and dry-run modelling

know how firms can measure, or predict, the impact of cyber attack

5.4 Incident response


know the role of a computer emergency response team (CERT) or computer security incident response team (CSIRT)

understand the concept of recovery time objectives (RTO)

know the components of an incident management procedure

know how to develop an incident management response plan

5.5 Business continuity


understand the concept of business recovery and disaster recovery planning (DRP)

know the purpose of the FCA “Business Continuity Management Practice Guide”

know FCA requirements for business continuity (SYSC 13.8) and incident response

5.6 Password security

understand the importance and impact of password security:

• the role of hashing and the ‘reversing’ of hashes using online resources

• the hacking of password databases

• the ease of finding stolen credentials online



• dictionary attacks on hashed password tables

• longer hashes, Salts, Peppers and encryption; protecting the password management process more effectively

• Password Managers and other authentication options that replace or augment password-based solutions

5.7 Encryption

know the fundamentals of encryption:

• substitution and transposition explained

• a short history of encryption, from the Caesar Code to RSA

• symmetric encryption explained

• prime numbers, semi-primes, the factorisation challenge and asymmetric encryption demystified

• ephemeral keys and modern encrypted messaging apps

Element 6 Trends in Economic Crime Compliance

6.1 Emerging threats


know the key sources of information on emerging vulnerabilities

know the concept of the “Internet of Things” (IOT), the smart home and office, Mirai and related threats/solutions

understand the evolution and use of big data analytics

know the specific threats relating to cryptocurrencies such as Bitcoin

know the specific threats relating to unregulated payment models

know the specific threats relating to mobile payment devices

know the specific threats relating to Cloud computing

know the specific risks relating to co-location

know the purpose and limitations of risk avoidance through Cybercrime insurance policies



6.2 Ethical issues


understand how the use of big data relates to FCA financial promotion rules and Treating Customers Fairly (TCF)

• consent

understand the concept of ethical search engine optimisation

know the concept of a fair usage policy

know the concept of good online practice

understand the balance between employee monitoring and employee privacy:

• the implications of Californian Law A.B. 1844

Documents

Managing Cyber Security