ICFE eNEWS #16-46 - December 2016

Cybersecurity Risk Management: New Opportunities for Professional Employment

By Yan Ross, Director of Special Projects, ICFE

"Cybersecurity professionals needed; taskforce looking to make Arizona cybersecurity capital of U.S."

So reads a front-page headline of a current Arizona hometown newspaper. What conclusions can Identity Theft Risk Management Specialists draw from this feature news article?

According to the Institute of Consumer Financial Education (ICFE), there are several relevant aspects of this development. Chief among them are these:

• Cybersecurity awareness is not limited to large population centers or headquarters of Fortune 500 companies. • The work of cybersecurity professionals can be done from almost anywhere
• An understanding of the role of cybersecurity within the broader scope of identity theft risk management is key to preparing for these good-paying jobs
• There are many resources available to people of all ages to learn to perform this work
• ICFE provides an integrated approach to this important education requirement

"Cybersecurity" has become both an everyday word and also a much misunderstood phenomenon. Technically, the term also may be called "Computer Security" or "IT Security," and encompasses "the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide." [Wikipedia]

Just the use of such a tech-heavy name tends to intimidate many people who would otherwise easily relate to the underlying concepts. In practice, even though there are some who prefer to maintain a magical, mystical unattainable nature of this endeavor, it really consists of a system of building blocks, each of which is in fact accessible to individuals with intelligence and proper study skills.

To be sure, the complexity of effective cybersecurity has grown immeasurably over the past couple of years. It has spread from exploitations of individual and social media data bases, to financial institution account information, to medical patient history and insurance coverage, and continues to go far beyond. Most recently, failures in cybersecurity may even have affected the way voters made their decisions in the presidential election (although to date no claim has been made that there has been any compromise of the electoral system itself).

But at the foundation, the protection of information assets from cyber-attacks still must be seen as a response to the motives of the cyber-attackers themselves. What do they seek, what are the values of the information accessed, and what is the context of the business of cybersecurity?

Under current thinking, the principal motives of cyber intruders appear to be three:

• Access to and resale of account information of financial customers and medical patients; this appears to be a purely economic undertaking. With an active market carried on via the so-called "dark web," such information as credit card accounts, medical patient history and insurance coverage, and other data assets become the stock in trade.
• Disruption of operations, which may be either for "sport" or again to gain economic advantage. "Denial of Service" attacks may be launched either directly (DOS) or by co-opting many individual computer devices usually those connected to the internet, referred to as "Distributed Denial of Service" (DDOS). In this category the most rapid development has been in the intrusion of ransomware, in which the target’s system and data are held hostage until payment in some form is made, often in untraceable Bitcoin. Unfortunately, the target does not learn whether the attacker can actually restore the original data (usually via an encryption key) until after the ransom is paid.
• Illicit access to and distribution of confidential information, which may include trade secrets, proprietary intellectual assets, and even political information. The objectives of the attacker in these cases may be economic, sociological, or political, depending on the circumstances. There are mainly two aspect of the compromise of such information: sale of confidential information to competitors and the demand for payment to the attacker for not disclosing the information to the public or to competitors.

While it’s true that cybersecurity professionals may be trained to accomplish a variety of menial and repetitive tasks to install and maintain cybersecurity programs, the fundamental understanding of the broader challenge gives the individual a distinct advantage in understanding the playing field and discharging responsibilities in an effective manner.

ICFE stands ready to provide this valuable educational resource as this important initiative goes forward.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

ICFE eNEWS is available FREE upon request by visiting the ICFE's Web site and filling out the contact form, selecting "Yes" for "Add to Mailing List." Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401