Syllabus and teacher training
First, how to network and risk implications of information technology opportunities and challenges for financial companies
(a) network risk in financial services
1, the definition of network risk
2, these networks of risk events occurring
( 1) Information Security Incident Review North America 2018-2019
( 2) the nation's largest Medicare depth analysis of data breaches
3, the financial services industry in response to the efforts made by the network risk
( 1) US network security management framework for banks Interpretation
( 2) a Canadian financial institution network security organization
( 3) the rise of ethical hacking and network red team
( 4) Canada "Black Five" penetration test case analysis
(two) network risk ≠ network security
1, network security what to do?
( 1) the definition of network security
( 2) network security technology path
2, the White House interpretation of federal cybersecurity report
( Framework of Reading 1) Federal Network Security Report
( 2) Analysis of the key network security key
3, how to distinguish between the network and the associated risks and correct understanding of network security?
( 1) network risk areas
4, why we are increasingly concerned about online risks?
( 1) Set to see network risk from developing post (with TD BANK for example)
( 2) from regulatory and rating see network risk
(iii) the opportunities and challenges brought by network technology
The opportunities and challenges of a new work ( BYOD)
( Application Status 1) BYOD in North America
( 2) bring BYOD privacy protection and information security conflicts
( . 3) the BYOD network security Decalogue
2, large data
( 1) a large data application untangling
( 2) big data application security analysis
( 3) the means to deal with large data security
3, cloud computing
( 1) Cloud computing concept and classification
( 2) Analysis of cloud security feature
( 3) North American mainstream cloud computing products and security features
4, artificial intelligence
( Concepts and Applications 1) artificial intelligence
( 2) the application of artificial intelligence in risk early warning network
( 3) artificial intelligence risk prevention
5, block chain
( 1) The concept of parsing block chain
( 2) security technology blocks chain
( Security Challenges 3) facing the block chain applications
(Iv) how to solve the balance safety, efficiency and investment ( DevSecOps)
1, how to solve the conflict information system security, efficiency and investment
( 1) How to Obtain management support for network security budget
( 2) discuss how network security risks with the business sector
( 3) how to discuss the issue of network security and technical team
2, What is DevOps and DevSecOps
( Definition and characteristics 1) DevOps of
( Proposed 2) DevSecOps concept
3, how to implement DevSecOps
( . 1) frame embodiment DevSecOps
( 2) DevSecOps roles and responsibilities
( . 3) obtained in step DevSecOps
4, DevSecOps monitoring and key indicators
( 1) DevSecOps monitoring principles
( Reading 2) DevSecOps key indicators
Second, from the perspective of the regulatory evaluation, how to look for the important role of the financial services network risk
(A) regulatory requirements
1, different regulatory requirements of national security Comparative
2, SOX (SOX) with BaselⅢ (Basel Ⅲ)
( 1) SOX (Sarbanes-Oxley) and network risk
( 2) BaselⅢ (Basel Ⅲ) operation risk requirements
3, GDPR (EU General Data Protection Regulation)
( . 1) Introduction frame GDPR
( 2) GDPR core protection requirements
( 3) how to assess the gap between business processes and policies of GDPR
4, the rise RegTech (regulatory technology) of
(B) industry standards and best practices
1, North American common industry standards and best practices for application analysis
( 1) North America common industry standards and best practices introduced
( 2) North America common industry standards and best practices for scene analysis application
2、ISO27001
( 1) ISO27001 series of standards interpretation framework
( 2) The ISO27001 standard points with embodiment
3、COBIT
( . 1) Reading frame COBIT2019
( 2) COBIT2019 variance analysis and COBITS
( 3) risks COBIT COBIT Security and resolve
4, PCI-DSS
( 1) Introduction to PCI-DSS
( 2) the DSS-demand and control the PCI process
( . 3) the PCI-compliant the DSS treatment method
5, COSO
( . 1) interpret the COSO frame
( 2) and the scope of application scenario the COSO
6, NIST SP800
( . 1) Reading frame SP800
( 2) Scope and Application scenario SP800
7, Canada PIPEDA
( . 1) Reading frame PIPEDA,
( 2) the implementation of PIPEDA Case Analysis
Third, how to manage cyber risk and to reduce the risk of negative impact on the company network, customers, regulators and market evaluation of credit rating brings.
(A) to establish a network of risk management framework
1, the interests of risk management stakeholders
( 1) What is a Stakeholder
( 2) how to identify stakeholders
( 3) how to establish communication mechanisms with stakeholders
2, segregation of duties risk management
( Definition of responsibilities 1) Risk Management
( Identification and Classification and 2) risk management positions
( 3) incompatible positions to identify network risk management
3, the risk of loss recognition and measurement of assets
( Range 1 and definitions) data assets
( Importance 2) data assets with priority
( Value and risk of loss 3) measurement data assets
( 4) how to assess the value of information systems
4, risk management policies and procedures
( Policy Framework 1) Risk Management Design
( Process orchestration and maintenance 2) risk management
( 3) the risk of employee awareness training methods and automation tools
(B) how to conduct risk assessment and risk identification
1, how to develop a risk assessment plan?
2, who will perform a risk assessment, internal or external audit?
3 methods and tools, risk assessment
( 1) the principles of risk assessment automation tools
( 2) two common SIEM tools Qrada and Splunk
( 3) North America threat intelligence analysis of the development status
(C) network risk response and sustained
1, it is not all risks need to dispose of?
( 1) general principles of risk disposal
( Costs and Benefits 2) the balance of risk treatment
( Factor 3) the risk management process requires special consideration
2, how to look at the potential impact of risk and loss?
3, the method and cost of risk response considerations
4, network security insurance, risk management, a good backup means
( Network Security Insurance Features 1) major insurance companies
( 2) Analysis of the North American Security Insurance Case
(Iv) Course Summary
1, the Sino-US differences in risk management network
( 1) roles and responsibilities
( 2) culture and risk awareness training for employees
( 3) security budget and project management
( 4) Technical means of development path and tools
Dr. Tang Yang international network security and network risk management experts
Dr. Tang Yang holds a Ph.D. in computer science, Microsoft Certified Systems Engineer ( MCSE), the North American information security professionals (CISSP), Chinese information security expert (CISP) certification.
Insurance is now the block chain technology and network security company founder and a director of North America, information security experts and consultants in North America in the field of science and technology finance, advisory services for all types of financial technology companies, including IT network security (Network Security) and macro network security and network risk management (Cyber security & Cyber risk management) . China Construction Bank has been working in the past 20 years, responsible for network security, it is one of the few possess extensive experience in the traditional financial sector and financial successes of science and technology and security experts.
As information security expert, he has a wealth of experience in all areas of enterprise information security professionals, including IT internal control and compliance, data security, development security, operational security, network security, physical environment, safety, risk assessment, safety monitoring and safety incident response and so on. Familiar with the information security management practices of banks and major banks of Canada and USA.
As a financial technology governance expert who is familiar with the international mainstream information technology governance and information security standards, he served as the International Association for Information Systems Audit ( ISACA) invited experts to participate in COBIT5 Chinese version of the translation work, and participate in the preparation of ISACA IT governance best practices.
In the study of information technology risk supervision, monitoring and evaluation of his attention to science and technology of the world's financial risk for the world's major national regulatory requirements to protect information security been carried out in-depth research, the China Banking Regulatory Commission, "Information Technology Banking Financial Institutions Supervision" Writing Group members.
