cyber training 23 5 2012
TRANSCRIPT
Strengthening the fight against cyber crime: Training initiatives
SARPCCO Training sub-committee
23 May 2012
Adv Jacqueline Fick
www.pwc.com
PwC 2
Agenda
Meet Mr. CybermanCyber crime definedTraining initiativesClosing remarks
May 2012Strengthening the fight against cyber crime: Training initiatives
Strengthening the fight against cyber crime: Training initiatives PwC 3
Meet Mr. Cyberman
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 4
Meet Mr. Cyberman
Resume
• I am a fourty year old South African male, but do have a passport from another country.
• My skills include:- Computer skills, including programming, network
administration, thorough knowledge of operating systems (Microsoft and open source).
- Ability to network (knowing the right person in the right place).
- Well-developed interpersonal skills.- Entrepreneurial skills.- Sound financial management skills. May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 5
Meet Mr. Cyberman
EducationGraduated from Malini High School with honours. • Completed a degree in Computer Science.
- Completed several IT courses to stay up to date.
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 6
Meet Mr Cyberman
Career historyOwned and taught at a computer college in Pietermaritzburg: • Average student count was 100 per year. • Also presented several training workshops for government
departments. Owned and operated a travel agency:• Offices in Durban, Johannesburg and Botswana.Free-lance computer expert:• Programming, computer repairs, network administration.
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 7
Cyber crime defined
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 8
Cyber crime defined
• Move in South African law to the use of the term cyber crime which is wide enough to encompass all illegal activities in respect of computers, information networks and cyberspace.
• Most important legislation is the Electronic Communications and Transactions Act, No. 25 of 2002.
• 'access' includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.
• 'data message' means data generated, sent, received or stored by electronic means and includes-
(a) voice, where the voice is used in an automated transaction; and
(b) a stored record;May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 9
Cyber crime defined
Common types of cyber crime in South Africa• Unauthorised access (s86(1))• Unauthorised modification of data and various forms of
malicious code (s86(2))• Denial of Service Attacks (S86(5))• Devices used to gain unauthorised access to data (s86(4))• Child pornography, cyber obscenity and cyber stalking• Computer-related fraud• Copyright infringement• Industrial espionage• Piracy• Online gambling
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 10
Cyber crime defined
Common types of cyber crime in South Africa (cont.)• For 15 consecutive months South Africa had been amongst
the top three target countries in the world for mass phishing attacks, but attacks have now gone down significantly.
• Identity theft remains the most common type of cyber crime in South Africa.
• “ Identity theft is a serious crime. It occurs when your personal information (name, social security number, date of birth, credit card number, or bank account number) is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name.” USA Federal Trade Commission
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 11
Training initiatives
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 12
Training initiatives
Who to train?• Widespread use of computers, mobile devices, etc.• Training for all members – members investigating crimes
and support personnel.• Include training in basic training programmes.• Keep your experts up to date.
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 13
Training initiativesCurriculum• Basic training for all members.• First responder – know what to look for and how to secure
the evidence.• Chain of custody.• Importance of policies, procedures and Standard Operating
Procedures (SOPs).• Keeping up to date: making your network work for you.• Curriculum:
- Know the law to enforce it.- Crime scene management.- Securing evidence and chain of custody.- Experts: keeping up to date.
May 2012
Strengthening the fight against cyber crime: Training initiatives PwC 14
Training initiatives
Train to maintain
• Investigating and prosecuting cyber crime – you rarely get a second chance.
• Knowing what to look for and why.• Secure the evidence – leave the analysis to the experts.• Chain of custody.• Keeping up to date.• Importance of public private partnerships.
May 2012
PwC 15
Closing remarks
Strengthening the fight against cyber crime: Training initiatives May 2012
PwC 16
Closing remarks
• Pro-actively addressing cyber crime requires a shift in paradigm.
• Not everybody needs to be an IT expert.• Realising the value of information.• Education and awareness: strongest tools in fight against
cyber crime.• Benefit of public private partnerships.
May 2012Strengthening the fight against cyber crime: Training initiatives
“Success is not the result of spontaneous combustion. You must set yourself on fire.”
Reggie Leach
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
© 2012 PricewaterhouseCoopers (“PwC”), the South African firm. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers in South Africa, which is a member firm of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entity and does not act as an agent of PwCIL.