Information Security Capacity Building Programs For Selected Public Institutions in Nigeria

The International Multilateral Partnership Against Cyber Threats (IMPACT), Malaysia and Global Network for Cybersolution (GNC), Nigeria are offering an exclusive IMPACT SECURITYCORE TRAINING PROGRAMME for selected public institutions in Nigeria.

Objectives of the Capacity Building:

• Creating skilled Information Security and Compliance Personnel for the Public Institutions
• An opportunity for Cybercrime Unit and ICT personnel to build a security foundation for the organization and drive their organization to become globally certified institution with capacity to provide compliance direction for others within their domain.
• Generate operational wide information security readiness and consciousness in Public Institution.

 

This course sets a core foundation of IT security knowledge for all attendees describing the core fundamentals of information security in an interesting, relevant and applied manner, this course describes the close alignment of information security with ever-changing institutional requirements and enables the attendees to effectively understand information security concepts and build them into all institutional IT processes and data operation.

The Highlight of Training Program:

Training Program Highlights

Venue:  Chamscity exclusively, Maitama

Date: Full day –March 29^th – 31^th 2011

Cost per Participant: N150, 000 per participant

Payment must be confirmed 2weeks before the training

(Covers training, Toolkits, Demonstration, Materials, Certificate)

Refreshment: Breakfast (tea break) & Lunch

Special Features: Special SANS & GAIC scholarship to the overall best participant as

Approved by IMPACT/SANS

Global Standard: ISO_IEC_27002:2005, and other internationally

recognized standards and practices

Maximum No Class:                      50

Minimum No Class:                      30

Nature of Training:                       Global,  Technical & Management program, Practically Exclusive & executive in delivery .

 

The Scope of the Training

The training covers the four strategic international modules essential to the protection and survivability of IT systems within the scope of global information system security assurance (GIAC) and standard most applicable in public and corporate organizations. The four modules that will be covered are as follows:

• Module One: Introduction to Information and Information Security
• Module Two: The Core Fundamentals of Information Security
• Module Three: Designing and Implementing Security
• Module Four: Assurance and Compliance

Supporting Standards:

In order to be a credible and authoritative program, this course is based on the ISO_IEC_27002; 2005, and other internationally recognized standards and practices.

Benefit & Outcome of the Training Program

• The outcome of the program will repositioned the participants in information security readiness essential to providing institutional roadmap, legal and security compliance regime for the country .
• Delivery of capacity with adaptable- global skills and strategies required to securing public institution critical information operations and protection against cyber threats and insider vulnerability.
• Eliminate internal workforce information security weaknesses, while raising technical capacity to engaged and collaborate technically with the industry and other core stakeholders in the administration of safety and protection of Nigeria local cyberspace against cyber threats.

Targeted Participants

The programme is specifically designed for the Nigeria Public Institutions targeting the following core department and Critical Users departments (CUD):

• Personnel of Information Technology unit
• Personnel of Legal unit
• Related critical user departments (CUD) such as Human Resource personnel, Finance personnel, and all  critical digital information users, from the newest member of the team to the most experienced professional.

We have included Training Program outlines and other detailed proposed projects for your consideration.

For comprehensive information on the training, please visit: www.impact-alliance.org. For instance local response to your further enquiry, please call: GNC-IMPACT Nigeria Desk; Segun 08037017537, 080 56268940, Olumide – 0803 271 5724 or send enquiry to impact@cybersolutionafrica.org .

IMPACT SecurityCore Course Outline

Proposed length:

2 days (14 hours contact time)

Course Format:

Audience:

IT systems administrators, security administrators, database administrators, Access control (PKI) administrators, systems analysts and designers, application developers, business analysts and user representatives.

Course Objective:

This course sets a core foundation of IT security knowledge for all attendees. It is suitable for any member of the IT community from the newest member of the team to the most experienced professional. Describing the core fundamentals of information security in an interesting, relevant manner, this course describes the close alignment of information security with ever-changing business requirements and enables the attendees to effectively understand information security concepts and build them into all business processes and design.

Supporting Standards:

In order to be a credible and authoritative program, this course is based on the ISO_IEC_27002;2005, and other internationally recognized standards and practices.

Course Outline:

Module One: (Introduction to Information and Information Security)

Special Tribute to First Bank

Behind every EFFECTIVE Global Institution, there is a LEGACY of global commitment. This global commitment has been clearly demonstrated by one of the foremost financial institutions in the country. CYBER THREAT is real, colossal, damaging and undermines reputation of any global institution.

We recalled the statement credited to Mr. Ademola Adewale, the First Bank Head, Internal Control and Reconciliation, during our 1st National Conference on Cybercrime and Cybersecurity in 2008, he gave us a clue to the first bank understanding of the global threat and First Bank readiness and response strategy for prevention and protection.

“We are lucky that cyber criminals have not done any such big time fraud. But, we need to quickly move up and provide security. Otherwise when they strike, banks will lose a lot of money. What we’re having now are more of fraud, ATM theft… using it to steal money; but real time internet fraud – big time fraud has not yet happened. Banks have to quickly deal with that…there is a frame work, and we involved consultants who have developed a standard for the Bank and the bank is actually looking at meeting the 150 standards on security. So we are looking beyond Nigeria, we are identifying ourselves with the best banks in the World so we are in good steps in First Bank…”

It is better to pass through the rigour of prevention than to pass through the rigour of crisis. This is what First Bank has clearly demonstrated. Now, how does the certification translate into global values for first bank and our country?

Boosting first bank confidence in a connected world
Facilitate global confidence in First Bank
Reinforces global trust in its corporate business transactions
Global first choice among others
Breaking of limitations and expanded Investment leverages
And more importantly yield increase return and secure investment growth benefits to depositors, shareholders, customers and the country at large.

This is truly an indisputable Nigeria-Global institution that is ready for competitive engagement in the 21st century emergent cyber-ecosystem. We are proud to associate with First Bank in this achievement. This is basis of our cybersecurity advocacy.

We encourage other vision-driven institutions in our country to emulate First Bank giant stride in the pre-emptive strategies against cyberthreats. This is the only way we can build confidence in our connected – highly competitive world – for the foundation laying for a new Nigeria.

We therefore invite corporate institutions to the 1st IMPACT Cyber-Security Core foundation training program. This is IT Security Programs for selected financial and other institutions in Nigeria. The training is a credible and authoritative program based on the ISO_IEC_27002;2005, and other internationally recognized standards and practices. This our action plan for ISO_IEC_27002;2005, and other internationally recognized standards and practices. For details please visit: www.cybersolutionafrica.org.

CONGRATULATION FIRST BANK PLC!

Global Network for Cybersolution Ltd/Gte
www.cybersolutionafrica.org

IMPACT Security Core Foundation Programme

Global Network for Cybersolution Ltd/gte (GNC), a frontline cybersecurity organization, and International Multilateral Partnership Against CyberThreat, Malaysia (IMPACT), the global hosting Center for Global Incidence Response and Global Cybersecurity Agenda of International telecommunication Union, are set to publicly unveiled local Cybersecurity Capacity building Programs in Nigeria and West African developing nations. The public unveiling will be taking place in November at Protues Hotel Maryland, Lagos.

With its successful partnership with International Multilateral Partnership Against CyberThreat, Malaysia (IMPACT) through the signing of Memorandum of Understanding (MoU) and Memorandum of Technical Agreement (MoA) , GNC now has global technical and management capacities to deliver local technical (Global) training and manpower development in Cybersecurity skills, innovations, strategies, from core foundation to professional status most relevant to local industry. GNC-IMPACT partnership guarantee access to Global Cybersecurity Scholarship of SysAdmin, Audit, Network, Security (SANS) Scholarship, global career progression in Global Information Assurance Certification (GIAC) from Security Essentials certification course to specialized areas.

The GNC-IMPACT partnership on Cybersecurity Capacity Building is the 1st of its kind in the Country and West Africa Sub-Region. It will strategically boost local capacity development in cybersecurity, facilitate global confidence, while building local platform for global trust in information and data security among public institutions and the industries in Nigeria and the ECOWAS sub-region. The partnership will be reflected in the emergence of Cybersecurity Industry which is capable of engaging over one million young graduates and professionals thereby redirecting or eliminating tendencies to commit cybercrime while creating limitless professional global engagement.

GNC will be receiving IMPACT officials in Nigeria to plan, coordinate and deliver 1ST-IMPACT Cybersecurity Core Professional Programs for the industry, and to unveil Global Career & Standard Progression Strategy (GCSPS) in the country and ECOWAS sub-region.
We invite you to watch out for the 1st ever IMPACT Security Core Foundation Professional Programme in Nigeria for special participants/professionals in the country . Details of the Foundation Program and Global Career Plan Strategy will soon be made available to the public as we unveil GNC-IMPACT AGENDA in our great country.

We invite public and corporate organizations to come on board to receive essential – adapted- global skills and strategies require to securing their operations and protecting themselves against the global cyber

About IMPACT

IMPACT is the first comprehensive global partnership against cyber threats. As an international not-for-profit organisation, IMPACT is a politically neutral platform, bringing together governments, academia and industry experts to enhance the global community’s capacity to prevent, defend against and respond to cyber threats.

IMPACT is the pioneer forum that enables all partner countries to collectively take a global leadership role in the interest of their national cybersecurity. Located in Cyberjaya, Malaysia, IMPACT’s Global HQ has been named as the physical and operational home of the International Telecommunication Union’s (ITU) Global Cybersecurity Agenda (GCA). This landmark collaboration provides ITU’s 191 member states (Nigeria is a member) with IMPACT’s expertise, facilities and resources to effectively address the world’s most serious cyber threats.

For more information on IMPACT, please visit www.impact-alliance.org.

List of Fake/Phished Nigerian Websites

Many websites/emails have been created by fraudsters and are being used to dupe Nigerians. Here are some we’ve figured out. If you get a mail or sms as regards any of the websites or email, PLEASE DISREGARD. We do appreciate your comments. As we get more we will update the list.

Interswitch

• http://www.interswitch.info.ms/ (It’s fake!)
• interswitchng@yahoo.com (Interswitch never uses free email e.g. YahooMail and they will never ask for you PIN, never!)

MTN Treasure Hunt

• http://www.mtntreasurefinf.t35.com (Fake! MTN does not use free hosting)

U.S. to create cybersecurity military command!

WASHINGTON, April 21 (Reuters) – The Obama administration plans to create a new military command to focus on Pentagon computer networks and offensive capabilities in cyberwarfare, The Wall Street Journal reported on Tuesday, citing current and former officials familiar with the plans. The initiative will reshape the military’s efforts to protect its networks from attacks by hackers, especially those from countries such as China and Russia, the newspaper said.

Pentagon officials were quoted as saying the new command will be unveiled within the next few weeks.
The cyber command will likely to be led by a military official of four-star rank and initially would be part of the Pentagon’s Strategic Command, the newspaper said, citing officials familiar with the proposal.

Spokesmen for the Pentagon and White House were not immediately available for comment. President Barack Obama is expected to announce a plan to improve cybersecurity this month after completion of a White House review of the issue, the Wall Street Journal said.

Defense Secretary Robert Gates plans to announce the creation of a new military “cyber command” after the roll-out of the White House review, the report said, citing multiple military officials familiar with the plan.

The newspaper earlier reported that computer spies have repeatedly breached the Pentagon’s costliest weapons program — the $300 billion Joint Strike Fighter project.

Information assurance training is available for those who want a career in cyber security.

The identity of the attackers and the amount of damage to the project could not be learned, the paper said.

The Journal quoted former U.S. officials as saying the attacks seemed to have originated in China, although it noted it was difficult to determine the origin because of the ease of hiding identities online.

The Chinese Embassy said China “opposes and forbids all forms of cyber crimes,” the Journal said.

Culled from Reuter News

McAfee Annual Security Report: Three Major Global Challenges Emerged

First, cybercrime isn’t yet enough of a priority for governments around the world to allow the fight against it to make real headway worldwide. Added to that, the physical threat of terrorism and economic collapse is diverting political attention elsewhere.

In contrast, cybercriminals are sharpening their focus. Recession is fertile ground for criminal activity as fraudsters clamour to capitalize on rising use of the Internet and the climate of fear and anxiety. Are we in danger of irrevocably damaging consumer trust and, in effect, limiting the chances of economic recovery?

Second, cross border law enforcement remains a long-standing hurdle to fighting cybercrime. Local issues mean laws are difficult to enforce transnationally.

Read more

Cisco: Worldwide cyber security threats set to rise as economy slows down

Cisco report warns of more sophisticated, targeted internet attacks, says spam accounts for nearly 200 billion messages each day, approximately 90 per cent of worldwide e-mail.

Cisco has warned that internet-based attacks are becoming increasingly sophisticated and specialised as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers. In the 2008 edition of the Cisco Annual Security Report, the company identifies the year’s top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities.

“Every year we see threats evolve as criminals discover new ways to exploit people, networks and the internet. This year’s trends underscore how important it is to look at all basic elements of security policies and technologies,” said Patrick Peterson, Cisco fellow and chief security researcher.

According to the report:

• The overall number of disclosed vulnerabilities grew by 11.5 per cent over 2007;
• Vulnerabilities in virtualisation technology nearly tripled from 35 to 103 year over year;
• Attacks are becoming increasingly blended, cross-vector and targeted;
• Cisco researchers saw a 90 per cent rise in threats originating from legitimate domains, nearly double what was seen in 2007;
• The volume of malware successfully propagated via e-mail attachments is declining. Over the past two years (2007-2008), the number of attachment-based attacks decreased by 50 per cent from the previous two years (2005-2006).
• According to Cisco, spam accounts for nearly 200 billion messages each day, approximately 90 per cent of worldwide e-mail. The US is the biggest source at 17.2 per cent. Other countries who contribute spam include Turkey (9.2 per cent), Russia (eight per cent), Canada (4.7 per cent), Brazil (4.1 per cent), India (3.5 per cent), Poland (3.4 per cent), South Korea (3.3 per cent), Germany and the UK (2.9 per cent each).

• Phishing. While targeted spear-phishing represents about one per cent of all phishing attacks, it is expected to become more prevalent as criminals personalise spam and make messages appear more credible.
• Botnets. Botnets have become a nexus of criminal activity on the internet. This year, numerous legitimate Web sites were infected with IFrames, malicious code injected by botnets that redirect visitors to malware-downloading sites.
• Social engineering. The use of social engineering to entice victims to open a file or click links continues to grow. Cisco expects that in 2009, social engineering techniques will increase in number, vectors and sophistication.
• Reputation hijacking. More online criminals are using real e-mail accounts with large, legitimate Web mail providers to send spam. Reputation hijacking offers increased deliverability because it makes spam harder to detect and block. Cisco estimates that in 2008 spam resulting from e-mail reputation hijacking of the top three Web mail providers accounted for less than 1 per cent of all spam worldwide but constituted 7.6 per cent of the providers’ mail traffic.

Findings for the report came in part from Cisco Security Intelligence Operations, an aggregation of tightly integrated data and security services derived from multiple Cisco divisions and devices to continuously assess and correlate Internet threats and vulnerabilities. In 2009, researchers from Cisco security teams say they will be watching the following trends closely:

• Insider threats. Negligent or disgruntled employees can threaten corporate security. The global economic downturn may prompt more security incidents involving employees, making it crucial for IT, HR, and other lines of business to collaborate on mitigating threats;
• Data loss. Whether through carelessness, breaches by hackers, or from insiders, data loss is a growing problem that can lead to grave financial consequences. Technology, education and clear, well-enforced data security policies can make compliance easier and reduce incidents;
• Mobility, remote working, and new tools as risk factors. The trend toward remote working and the related use of Web-based tools, mobile devices, virtualisation, ‘cloud computing’ and similar technologies to enhance productivity will continue in 2009. It will be a challenge for security personnel. The edge of the network is expanding rapidly, and the increasing number of devices and applications in use can make the expanding network more susceptible to new threats.

Symantec Annual Underground Economic Report 2008

Symantec Annual Underground Economic report reveals booming underground economy

SYMANTEC Corporation recently released its Report on the Underground Economy. The report details an online underground economy that has matured into an efficient, global marketplace in which stolen goods and fraud-related services are regularly bought and sold, and where the estimated value of goods offered by individual traders is measured in millions of dollars. The report is derived from data gathered by Symantec’s Security Technology and Response (STAR) organisation, from underground economy servers between July 1, 2007 and June 30, 2008.

The potential value of total advertised goods observed by Symantec was more than $276 million for the reporting period. This value was determined using the advertised prices of the goods and services and measured how much advertisers would make if they liquidated their inventory.

Credit card information is the most advertised category of goods and services on the underground economy, accounting for 31 percent of the total. While stolen credit card numbers sell for as little as $0.10 to $25 per card, the average advertised stolen credit card limit observed by Symantec was more than $4,000. Symantec has calculated that the potential worth of all credit cards advertised during the reporting period was $5.3 billion.

The popularity of credit card information is likely due to the many ways this information can be obtained and used for fraud; credit cards are easy to use for online shopping and it’s often difficult for merchants or credit providers to identify and address fraudulent transactions before fraudsters complete these transactions and receive their goods. Also, credit card information is often sold to fraudsters in bulk, with discounts or free numbers provided with larger purchases.

The second most common category of goods and services advertised was financial accounts at 20 percent of the total. While stolen bank account information sells for between $10 and $1,000, the average advertised stolen bank account balance is nearly $40,000. Calculating the average advertised balance of a bank account together with the average price for stolen bank account numbers, the worth of the bank accounts advertised during this reporting period was $1.7 billion. The popularity of financial account information is likely due to its potential for high payouts and the speed at which payouts can be made. In one case, financial accounts were cashed out online to untraceable locations in less than 15 minutes.

During the reporting period, Symantec observed 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums. The potential value of the total advertised goods for the top 10 most active advertisers was $16.3 million for credit cards and $2 million for bank accounts. Furthermore, the potential worth of the goods advertised by the single most active advertiser identified by Symantec during the study period was $6.4 million.

The underground economy is geographically diverse and generates revenue for cybercriminals who range from loose collections of individuals to organised and sophisticated groups. During this reporting period, North America hosted the largest number of such servers, with 45 percent of the total; Europe/Middle East/Africa hosted 38 percent; followed by Asia/Pacific with 12 percent and Latin America with 5 percent. The geographical locations of underground economy servers are constantly changing to evade detection.

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored.

Expression of Gratitude to Our Official Supporters, Partners and Sponsors

As we embark on the new year journey of 2009, the Board and Management of Global Network for Cybersolution Ltd/Gte would like to express our profound gratitude to all our pioneered anti-cybercrime and cybersecurity advocacy supporters, sponsors and partners.

We would like to give exclusive special recognition to the support of His Excellency, President Musa Yar’dua, -The President and Commander-In-Chief of the Federal Republic of Nigeria, His Excellency, Dr. Jonathan Goodluck, -The Vice President of the Federal Republic of Nigeria , and the following government institutions and corporate bodies for supporting our historic and the 1^st National Cybercrime and Cybersecurity conference in Nigeria;

Government Institution official supporters

• The Presidency
• Federal Ministry of Justice of Nigeria (FMoJ)
• National Information Technology Development Agency (N.I.T.D.A)
  (Under Federal Ministry of Science and Technology)
• Nigeria Communication Commission (NCC)
• Ghana-India Koffi-Annan Center of Excellence in ICT, Ghana.
• Directorate of Cybersecurity – Office of National Security Adviser
• Representatives of the Sokoto, Kano, Bauchi, Imo, Nassarawa, Rivers, Lagos, and Ogun State Governments
• Economic and Financial Crime Commission (EFCC)
• Independent Corrupt Practices Commission (ICPC)
• Nigeria Police Headquarters

Professional Bodies Supporters

• Computer Professional of Nigeria (CPN)
• Nigeria Computer Society (NCS)
• Nigerian Internet Registration Association (NIRA)
• Information Technology Association of Nigeria (ITAN)
  and host of others

Financial Institutions & Corporate Bodies/Sponsors

• First Bank of Nigeria PLC
• Access Bank of Nigeria PLC
• CHAMS PLC
• Dlink Nigeria Ltd
• Programmos
• System Specs Nig Ltd
• Omatek PLC
• Micromedia Computer Network Ltd
•  Connect Technologies Ltd
• Olujinmi & Akeredolu Chambers
• Paradigm Initiative Nigeria
• Zinox Computers
• ennovate NIGERIA

We appreciate your support, participation, sponsorship, and partnership that enabled us to succeed during the 1st National Conference on Cybercrime and Cybersecurity hosted in Abuja this year. We have all pioneered the emergence of Cyber-safety and Cybe security-legacy for Nigerian, and Africa continental.

We assured you the outcome and recommendations of the conference have been submitted to all relevant federal policy making institutions in the country, right from the presidency, National Security Adviser office, Nigeria Communication Commission, Federal Ministry of Justice as well as National Info. Tech. Dev. Agency (NITDA). We can assure you that Federal Government is taking major step toward implementing some of the recommendations.

Our collective actions at the conference is just the beginning of the enthronement of anti-cybercrime and cybersecurity culture in line with Global Cybersecurity Agenda as mandated by World Information Summit on Information Society.

The sensitization conference is reawakening policy makers and National legislative leaders, and is alreadily yielding unimaginable results some of which are; altering yet-to-be release New National IT Policy, accelerating implementation of National Critical Information Infrastructure Protection policy, 2nd reading of Cybercrime Law bill at the senate, sensitization of all relevant IT security stakeholders and professional bodies, as well renewed National media awareness coverage focusing on Cybercrime and Cybersecurity in the country.

We wish to assure you of our continued commitment and renewed drive to providing Anti-cybercrime initiatives and Cybersecuirty Advocacy, and look forward to a more rewarding partnership with our supporters and sponsors in this new year of Cyber-Realignment.

Shortly, we would be sending to your mailbox our unveiling Cyber-Safety and Security programs for our nations’ vulnerabilities. Please watch out for these program.

We use this opportunity to wish you all a prosperous new year.

Thank you and best regards.

Chairman LOC – Cybercrime Conference ’08
Tel: +234-9-7801555
E-Mail: segun@cybersolutionafrica.org
Alt. E-Mail: cybersolutionafrica@hotmail.com
Website: www.cybersolutionafrica.org

Next Page »