Whoami

Abel Yeboah-Ofori. PhD, SFHEA,

▪ Associate Professor in Cyber Security
▪ PhD in Cyber Security
▪ PgCert in Higher Education
▪ MSc. Information Security and Digital Forensics
▪ BSc (Hons). Computing and Information Systems
▪ Consultant in Cyber Security and Digital Forensics
▪ Certified P2 Project Management Practitioner
▪ Certified in Cyber Security and Digital Forensics Investigations Practitioner
▪ Certified in Cybersecurity (ISC2)
 Outline

• UK NSCS StSG report

• Systems Security – Seven Phase
• Cyber Security
• Cyberattack Challenges – leading to vulnerabilities
• Cyber Security System – Cyber Security – Cyber Crime – Forensics
• Cyber Security Project – Systems Development Lifecycle
• AI in Cyber Security
• Why Certifications are relevant
• What Certificates are Required
• Q&A
 Introduction

The Sociotechnical Security Group (StSG) at UK National Cyber Security Centre advocates
a sociotechnical approach to address cyber security issues.
They claimed that "Traditional approaches to security research have been focused on
understanding technology.
But it's only part of the picture and doesn't account for the interaction of technology with
people, processes and organisations."

I think we must include: Law, AI and Society

 Seven Phases of Systems Security

Systems Security
Applications Security
Passwords
Computer Security ID Management System
Autherntication

Secure Swicthes
Network Security Intelligence Hubs
Socket Security

Cryptography
Information Security AES, RSA, PGP

SSL/TLS
Firewalls/IDS/IPS
Internet Security Browser Security

Secure Cyber Space

Telecom Security
Cyber Security Cloud Security

Perimeter Security
Server Rooms
Physical Security CCTV

Human Errors
Human Security Social Engineering Attack
All these level requires different Recconaissance
OSINT
security skills
 Factors Influence Cyber Security Challenges

CYBER SECURITY CHALLENGES

• Invincibility nature of Cyberattacks

• The evolving threat landscape

• The Changing attack surface

• Integration of supply chain stakeholders into the

cyber threat model

• Inability to determine cascading threat impacts

on inbound and outbound supply chain systems

• There are several cyberattacks on Critical

Infrastructure Systems
 Cyber Security Domain
CYBERATTACKS CYBERCRIMES DIGITAL FORENSICS

Various Penetrations to Various Manipulation Investigate who, when,

exploit a System done in the system how, what where

Reconnaisance Alterations Incidence Response

Remote Access Industrial

Trojan Espionage Preservation

Change Delivery
Phishing Channels Identification

Intellectual Property
Session Hijacking Transport
Theft

Evidence
MITM ID Theft
Extraction

Phishing Data Thief Examination

All these domains
require different Cyber Island Hooping FDIA Documentation

security skillsets
Malware/Spyware Diversions Report
 Cyber Security Domain

Cyber Security Domain

Organizational
• Profit Oriented Organizations Goal
Business
• Services Oriented Organizations Requirements
• SMEs or Large Companies
Business Process

Information
Flows

Data Structures

Security Goal

Security
Requirements
 Cyber Security Systems Development
Sampling
Security Questionnaires

• DevSecOps Requirement
Capturing
Interview
Research
Observations

• Considers software security Network System Design

Security Security Modelling
Attack Modelling
Specification ID Vulnerable Spots
Strategic Mgt Approval

Security Cost
Budgeting
Security Design Security Equipments
Expertise
Security
Cyber Security Verification
Project Systems Implementation
Implementation
Development Security Implementation
Lifecycle
Unit Testing
Integration Testing
Testing Stress Testing
Penetration Testing
Security
Validation

Deployment System Usage

All Cyber Security professionals must have a

Security Policy
Security
certain level of cyber security knowledge required Maintenance
Security Controls
Standards
for the different implementation phases. Incident Response
Security Agreement
 Attack Pattern

Attack Process Buffer Overflow

Buffer Overflow
Malware
Cross Site Virus
Malware
Request DoS SQL
Passive Attacks Virus
Session Forgery Intrusion Injection
Interception DoS
Interrruption Intrusion Hijacking
IP Spoofing Attack Attack Attack
Attack
Attack Attack

Laptop

DataEncrption
Encryption Key
Work station Internal
AttackMobil SSL External Login Screen
Firewall -User ID Firewall
Digital Deep Packet Application
Deep Packet -Password Web Server
Certificates Inspection Server
Verication Inspection
th
5 Generation 5th Generation
Initiated Fire wall
Fire wall
Threat
Actor
All Cyber Security professionals must have a certain level of cyber
security knowledge required for the:
• different vulnerable spots on the network
• and the attacks that could be deployed implementation phases.
 AI in Cyber Security
Integrating AI in Cyber Security
• AI in Cyber Security provides Vulnerability Detection
• AI in Cyber Security provides Cyber Threat Predictive Analytics
• AI in Cyber Security provides Behavioural Analytics
• AI in Cyber Security provides anomaly detections
• AI in Cyber Security provides Malware/Ransomware Detection and
Prevention
• AI in Cyber Security provides Automated Incidence Response
• AI in Cyber Security is able to support Risk Assessment
• AI in Cyber Security is able to detect Phishing and Business Email
Compromise (BEC) Threats

• Cyber Security professionals should learn AI and the various

algorithms to have knowledge of the anomalies that Adversarial AI
Threats in the algorithms
 Why The Need For Cyber Security
Certification Courses

Certifications are Good

• No matter where you are in your cybersecurity career

• ISC2 certifications can help you achieve your professional

goals.

• Certifications keeps you updated on current trends in

understanding:

• Changing attack surface

• Changing threat landscape

https://www.isc2.org/certifications
Proves you have the foundational knowledge, skills and abilities for an entry- or junior-level cybersecurity role.

WHAT TO EXPECT ON THE CC EXAM

Domain 1. Security Principles

Domain 2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts

Domain 3. Access Controls Concepts

Domain 4. Network Security

Domain 5. Security Operations

For all certification information, visit the link below:

https://www.isc2.org/certifications
 CISSP – Certified Information Systems
Security Professional

The gold standard in

cybersecurity.

Proves the holder has what

it takes to effectively design,
implement and manage a
best-in-class cybersecurity
program.
 CISSP – Certified Information Systems
Security Professional

CYBERSECURITY LEADERSHIP AND OPERATIONS

Recognizes cybersecurity professionals with the knowledge, skills and abilities to lead an
organization’s information security program.
WHAT TO EXPECT ON THE CISSP EXAM
Domain 1. Security and Risk Management
Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security
 SSCP – Systems Security Certified
Practitioner

Demonstrates the advanced technical

skills and knowledge to implement,
monitor and administer IT
infrastructure using security best
practices, policies and procedures
established by the cybersecurity
experts at ISC2.
 SSCP – Systems Security Certified
Practitioner

SECURITY ADMINISTRATION AND OPERATIONS

Demonstrates professionals have the knowledge and skills to implement, monitor and administer IT
infrastructure using cybersecurity best practices.

WHAT TO EXPECT ON THE SSCP EXAM

Domain 1. Security Operations and Administration
Domain 2. Access Controls
Domain 3. Risk Identification, Monitoring and Analysis
Domain 4. Incident Response and Recovery
Domain 5. Cryptography
Domain 6. Network and Communications Security
Domain 7. Systems and Application Security

* Earning a post-secondary degree (bachelor’s or master’s) in computer science, information technology (IT) or related fields may satisfy the one year of required experience.
 CCSP – Certified Cloud Security
Professional

Proves advanced technical skills and

knowledge to design, manage and secure
data, applications and infrastructure in
the cloud using best practices, policies
and procedures established by our
certified members and cybersecurity
experts around the globe.
 CCSP – Certified Cloud Security
Professional

CLOUD SECURITY
Demonstrates professionals have the advanced technical skills and knowledge to design, manage and secure
data, applications and infrastructure in the cloud.

WHAT TO EXPECT ON THE CCSP EXAM

Domain 1. Cloud Concepts, Architecture and Design
Domain 2. Cloud Data Security
Domain 3. Cloud Platform & Infrastructure Security
Domain 4. Cloud Application Security
Domain 5. Cloud Security Operations
Domain 6. Legal, Risk and Compliance
 CGRC – Governance, Risk and
Compliance Certification

Demonstrates knowledge and skills to

integrate governance, performance
management, risk management and
regulatory compliance within your
organization.
 CGRC – Governance, Risk and
Compliance Certification

GOVERNANCE RISK AND COMPLIANCE

Shows advanced technical skills and knowledge to protect, authorize and maintain information systems within
various risk management frameworks.

WHAT TO EXPECT ON THE CGRC EXAM

Domain 1: Information Security Risk Management Program
Domain 2: Scope of the Information System
Domain 3: Selection and Approval of Security and
Privacy Controls
Domain 4: Implementation of Security and Privacy Controls
Domain 5: Assessment/Audit of Security and
Privacy Controls
Domain 6: Authorization/Approval of Information System
Domain 7: Continuous Monitoring
 CSSLP – Certified Secure Software
Lifecycle Professional

Build a strong career incorporating

security practices into each phase
of the software development
lifecycle (SDLC).
 CSSLP – Certified Secure Software
Lifecycle Professional

SECURE SOFTWARE DEVELOPMENT

Shows software development and security professionals have the expertise to apply best practices throughout
the secure software development lifecycle.
WHAT TO EXPECT ON THE CSSLP EXAM
Domain 1. Secure Software Concepts
Domain 2. Secure Software Lifecycle Management
Domain 3. Secure Software Requirements
Domain 4. Secure Software Architecture and Design
Domain 5. Secure Software Implementation
Domain 6. Secure Software Testing
Domain 7. Secure Software Deployment, Operations, Maintenance
Domain 8. Secure Software Supply Chain
Proves your knowledge and leadership skills establishing, presenting and governing information security programs.

ISSMP CERTIFICATION OVERVIEW

• Align security with organizational governance
• Security policies and agreements
• Integrate security through organizational initiatives
• Develop and manage risk through the supply chain and beyond
• Security operations, threat intelligence and incident management
• Contingency planning, resilience and recovery
Shows the ability to incorporate security into projects, applications, business processes and all information systems.

ISSEP CERTIFICATION OVERVIEW

• Execute system security engineering processes
• Technical procurement and management
• Security risk management and operations
• Security planning and engineering
• Security design and systems requirement setting
• Security solutions, operations and management
 Technical Certification Courses

CISCO Certifications
• Technical Networks and Security

Offensive Security Certified Professional (OSCP) Certifications

• Penetration Testing and Vulnerability Testing

Developing Self Paced Technical Skills

• Kal Linux VM and Tools for personal learning
 End of Presentation

Any Questions

You may find me at my LinkedIn account :

https://www.linkedin.com/in/abel-yeboah-ofori-phd-in-cyber-
security-sfhea-course-director-in-cyber-security-90a2a849/
Please take a moment to leave your feedback &
comments in the “Rate This” tab