Information Security - Network Security for Internal Control Assurance (Course Id 1525)

Computer Software & Applications - Computer Software & Applications for Course Id 1525

Internal control requires that the information systems in a company are secure, reliable, and can be trusted. Cyberattacks and data breaches represent the greatest threat to most company’s today. Network security for internal control assurance is a course that will describe the importance of network security for all types of businesses and practices. This course will identify the vulnerabilities and define safeguards for computers, networks, networking components, software applications, and mobile devices. This course will describe the threats that can compromise the computers and company data such as viruses, trojans and phishing. This course will describe some simple steps that users can take to properly protect themselves from any threats that penetrate the network and protect confidential company data. Finally, this course will discuss how to create a data security plan and an information security risk management plan along with some recommendations and best-practices for keeping networks safe.

NASBA QAS - Text - NASBA Registry - 1525

Course Learning Objectives

• Identify the importance of network security for CPAs and Tax Practitioners.
• Identify what a network is along with the different components that make up a network.
• Identify the different types of network security that contribute to a comprehensive information security protocol.
• Define the term “identify theft” and recognize how identify theft most commonly occurs.
• Recognize why CPAs and Tax Professionals are being targeted by cybercriminals.
• Recognize the importance of encrypting client data.
• Identify the importance of creating internal controls and a security plan to protect client data.

Chapter 1 - Information Security - Network Security for Internal Control Assurance

Course Learning Objectives

Introduction

Information Security

What is a computer network?

Network Technologies

Wired Network Technologies

Wireless Network Technologies

IEEE 802.11

IEEE 802.11b

IEEE 802.11g

IEEE 802.11n

IEEE 802.11ac

IEEE 802.11ax

Network Components

Network hubs

Network Switches / Bridges

Network Switching

Network Routers

Hybrid Devices

What is Routing?

Routing Data Packets

Identifying Reachable Networks

Routing Metrics

Network Protocols

Wireless access points

Access Point Modes

Multiple Access Points

Wireless Routers

Internet

Information Security

Application security

Incident response

Vulnerability management

Why Worry about Network Security?

Information Security Risk Management

Risk Control

Security Concepts

Confidentiality

Integrity

Availability

People Accessing Information

Authentication

Authorization

Nonrepudiation

Unsecured Computers and Networks

Types of Network Security

Access Control/Network Access Control (NAC)

Antivirus and/or Antimalware Software

Application Security

Behavioral Analytics

Data Loss Prevention

Email Security

Email Security - Best Practices for Companies

Email Security - Best Practices Best Practices for Individual Users

Firewalls

Intrusion Prevention Systems (IPS)

Mobile Device Security

Network Segmentation

Physical Security

Virtual Private Network (VPN)

Web Security

Web Application Security

Wireless Security

Disposing of Equipment Securely

Techniques for Removing Information

Deleting information

Overwriting information

Secure Erasure

Physical destruction

Disposing of Mobile Phones and Tablets

Network Threats

Review Questions

Phishing

Spear Phishing

Clone Phishing

Whale Phishing

Social Media Phishing

Phishing Evolution

Phishing Opportunities

Criminals are Learning and Evolving

Phishing Tools

Bots/Botnets

Phishing Kits

URL Obfuscation

Simple HTML redirection

Use of JPEG images

Use of alternate IP addresses

Registration of similar domain names

Web Browser Vulnerabilities used for Phishing

Session Hijacking

Domain Name Resolving Attacks

Global DNS Hijacking Campaign

Cross-Site Scripting Attacks

Domain Name Typos

Man-in-the-Middle Attacks

Phishing-Related Malware Examples

Bancos

Bankash

W32/Grams

CoreFloo

Dyre Banking Malware

Phishing Mitigations

Phishing Solutions

Prevent Phishing Attacks:

Two-factor authentication

Identify Theft

Identify Theft Methods

Trash Sifting/Dumpster Diving

Mail Theft

Address Manipulation:

Skimming

Scanning

Straightforward Theft:

Conning

Identify Theft Crimes

Yahoo Data Breach

Equifax breach

Target Data Breach

Malware

Viruses and Worms

Virus

Worm

Trojans

Backdoor / Remote Access Trojan (RAT)

Botnets

Adware

Information stealers

Ransomware

Rootkits

Downloaders or Droppers

File Wipers

Spyware

Malware Summary

Data security plan

Complying with the Safeguards Rule

Who Must Comply?

How To Comply

Securing Information

Employee Management and Training.

Information Systems.

Detecting and Managing System Failures.

Creating an Information Security Risk Management Plan

Identify Risks

Perform Risk Analysis

Plan Risk Responses

Implement Risk Responses

Monitor Risks

Basic Security Training

Use Security Software

Avoid Phishing and Malware

Protect Personal Information

Mobile Phone Security

Mobile Phone Theft

Securing Mobile Phones

Installing Apps with Malware

E-mail attachments

SMS links

Keeping Your Network and Information Safe

Install operating system updates regularly

Run Antivirus software on all computers and run regular scans

Keep Antivirus software updated

Practice safe online activities

Use both network firewalls and personal firewalls on all computers

Implement enhanced security features to better protect sensitive information

Encrypt Client Data

Back up all data regularly

Create Strong Passwords

Making Passwords More Secure

Password Managers

Making Online Accounts More Secure

Review Questions

Glossary