Cybercrime and Cybersecurity (Course Id 2685)

• Who is this course for?
  This course is intended for anyone needing Continuing Professional Education (CPE), including CPAs, accountants, and professionals interested in cybersecurity awareness and risk management.

• What is this course about or what problem does this course solve?
  This course addresses the growing threat of cybercrime by educating participants on emerging cybersecurity challenges, attacker tactics, legal frameworks, and strategies to protect data and networks from malicious activities.

• How can the knowledge from this course be used?
  The knowledge can be applied to recognize and prevent various cyberattacks, implement effective security measures, respond to breaches, and align organizational practices with established cybersecurity frameworks and federal laws.

• Why is this course important to a CPA, Accountant, or IRS Enrolled Agent?
  As data privacy and security are increasingly regulated and targeted by cybercriminals, CPAs and similar professionals must understand cybersecurity risks to protect client information and ensure compliance with laws and regulations.

• When is this course relevant or timely?
  This course is especially timely now, as technological advancements and interconnectivity continue to accelerate, making organizations more vulnerable to cyber threats and increasing the urgency of cybersecurity preparedness.

• How is a course like this consumed or used?
  This is a NASBA QAS self-study text-based course that can be completed online at the learner’s own pace, requiring successful completion of a final exam to earn 8.0 CPE credits.

Technological advances change how we live, work, and relate to one another. Remote presence and the interconnectivity of people, devices, and organizations open a whole new playing field of vulnerabilities and access points that cybercriminals can exploit. While the pace of technology innovation is increasing, cyberattacks are becoming more destructive globally.  Security incidents continue to rise and will continue to be a top-of-mind item for businesses, governments, and industry regulators. Cybersecurity is not just an IT responsibility. To effectively prevent attacks and build robust defenses, everyone within an organization needs to stay aware of emerging threats, technologies, and practices. This course is designed to help both individuals and organizations adopt a security-centric mindset and habits that safeguard data and networks from potential cyberattacks and theft. It is divided into four parts: 
    Part I explains how the evolution of technology has transformed society, connected people in ways never imagined, and changed the face of computer and Internet fraud. It addresses the concern of IoT adoption, the danger of the interdependent nature of critical infrastructure sectors, security challenges of cloud-based solutions, and the rise of AI-enabled cybercrime.
    Part II identifies the causes of individuals in the performance of cybercriminal behavior and threat actor profiles to help organizations understand and anticipate attacker behavior. It also introduces the MITRE ATT&CK framework, a global knowledge base of real-world adversary tactics and techniques, to help organizations prevent, detect, and respond to attacks more effectively.  Finally, it discusses how attackers prey on human emotions to achieve their goals. 
    Part III explains how cyberattacks manifest in different forms and includes security measures that protect both individuals and organizations from a wide range of malicious online activities. It explains how to recognize and avoid phishing attacks and business email compromise schemes. It also discusses security strategies for both ransomware and DDoS attacks, encompassing protection and recovery. Finally, it describes common digital skimming methods and mitigation strategies for businesses and individuals.
    Part IV highlights key federal laws that govern the nation’s cybersecurity and computer-based fraud. Industry-specific federal laws regulating the privacy and security of data are also discussed. Finally, it identifies widely recognized cybersecurity frameworks, such as the NIST Cybersecurity Framework and ISO/IEC 27001:2022 and describes how they help organizations communicate, manage, and reduce cybersecurity risk to protect their cyber environment. Real-world examples are included as well.
The enclosed case study, “Change Healthcare Cyberattack”,  demonstrated how vulnerabilities in cybersecurity practices led to a significant breach. Real-world examples are incorporated throughout courses to enhance understanding. The course also includes checklists that guide you through the recovery process after losing personal information and help businesses to make smart, sound decision of responding to a data breach, as well as cybersecurity tips for small businesses that protect the business, customers, and data from growing threats.

NASBA QAS - Text - NASBA Registry - 2685

Course Learning Objectives

1. Recognize threats driven by emerging technologies
2. Identify factors contributing to the rise of cybercrime
3. Recognize the key components of the MITRE ATT&CK framework
4. Identify common types of cyber threat actors
5. Recognize phishing attempts and ways to avoid them
6. Identify ransomware protection and response strategies
7. Recognize the target of digital skimming and protection measures
8. Identify DDoS attack methods and mitigation techniques
9. Recognize the key federal laws that govern data privacy and security
10. Identify the NIST Cybersecurity Framework core functions
11. Recognize the key aspects of ISO 27001 and PCI DSS
12. Recognize the benefit of the CIS controls

Appendix A: When Information Is Lost or Exposed

Appendix B: Data Breach Response

Appendix C: 10 Cyber Security Tips for Small Business

Appendix D: Building an Insider Threat Mitigation Program

Glossary