Information Security, Digital Forensics and

Ethical Hacking
23 27 February 2015
Premier Hotel O. R. Tambo, Kempton Park Johannesburg South Africa
The ever-growing threats of fraud and security incidents present many challenges to law enforcement
and organizations across the globe. This has given rise to the need for organizations to build effective
incident management strategies, which will enhance the companys reactive capability to security &
forensic incidents.

Course Outcomes:

IT Governance and Compliance Standards

Pre-Incident Preparation
The Threat Model - Abuse vs Accidental vs Wilful vs Fraud
Tricks of the Trade: Digital Forensics Unpacked
Overview of Ethical Hacking

Who Should Attend?

Information Security Managers and Analysts

Risk Managers
Business Managers
Service Managers and Project Managers
IT Auditors
Governance and Assurance Professionals

About your Presenter:

Andr Naud
MSc Computer Security, CISSP, CWNA, CWSP
Your Facilitator began his career in Information Technology as a network administrator after
having successfully completed his studies in Computer Engineering and Industrial Electronics.
Later he became a Certified Wireless Security Professional working specifically in the design,
implementation and security of RF communications and wireless networks shortly before joining
the South African Police Services as a Reservist member. As a SAPS Reservist, he excelled in the
Crime Prevention Unit and Rapid Response units earning himself service excellence awards for
outstanding service every year since joining in 2007. It was his work and experience in the SAPS
combined with his technical background in IT that directed him in the path he currently finds
himself pursuing, as a certified forensic examiner and consultant and have extensive experience in
the field of Digital Forensics and Information Security. He is currently completing his Dissertation
to earn his MSc Computer Security.

Continuous Professional Education

CISA/CISM/CGEIT/CRISC certification holders may report CPE hours for Non-ISACA professional
educational activities and meetings. These activities include in-house corporate training,
university courses, conferences, seminars workshops and professional meetings and related
activities not sponsored by ISACA. By attending this workshop Certification holders will earn 35
CPE credits according to the number of hours of active participation

This training is based on a Multi-disciplinary Forensic Readiness Model. The model has
received global recognition by the information security and forensic science fraternity
and was recently published in the International Federation for Information Processing
(IFIP) Journal, including earlier publications in the Institute of Electrical and Electronics
Engineers (IEEE) forensic Journal.

Day 1
Monday 23rd February 2015
Legal and Technical Framework
IT Governance & Compliance Standards
ISO27000 Family
ISO38500 and ICT Governance
Other information security standards
Information Security Management Systems (ISMS)
Specific information security controls & services
Cryptography & security mechanisms
Security evaluation and assessment techniques & guidelines
Privacy& Identity Management
Biometric security
Legislation
PAI Act
ECT Act
RICA
POPI
COBIT 5
COBIT5 Principles
COBIT5 Enablers
COBIT5 Processes

Day 2
Tuesday, 24th February 2015
Incident Response
Pre-Incident Preparation

What an incident is in your organisation

Policies and procedures relating to the management of fraud incidents
Ensure that critical data is recorded and are usable in the event of an incident

Incident Detection

Defining trigger mechanisms to initiate an Incident Response Plan

Method of reporting incidents

First Response

Accurate determination of the breadth and depth of an incident

Evidence preservation

Response Strategy

Capacity and resource planning) who should be involved

The process with law enforcement and your organisation.

Investigation
Sophisticated tools and counter forensic techniques
Forensic analysis
Computers
Networks
Mobile devices
Databases
Reporting
Measures to ensure that the full process is documented
Disciplinary and/or court proceedings
Resolution
Post-incident
Recovery from the effects of the incident (loss or data or services)

Day 3
Wednesday, 25th February 2015
Information Security
Threat Model
External and Internal
Abuse vs Accidental vs Willful vs Fraud
Technical vs Human Threats
Software vs Hardware
Social engineering and others
Current Counter Measures
The Isolation Effect and why its not working
Policy and Procedure
What are Security Policies, Standards and Procedures?

Policies
Standards
Procedures

Security Policies
Framework: Information Security Policies
Network Computing Policies
Email Policies
Internet Policies

Security Standards
Security Procedures

Day 4
Thursday, 26th February 2015
Digital Forensics
Planning & Identification Mechanisms
Tricks of the Trade: Digital Forensics, Unpacked
Cyber Forensics
Mobile & Computer Forensics
Network Forensics
Discovery and examination of data
Fast and effective forensic drive duplication
Reconstruction of computer usage
Preservation and Presentation (court) of electronic evidence
Response Strategies
Response Team
Data Classification
Evidence Collection & Retention
Expert Forensic Assistance
External Partnerships
Law Enforcement
Legal System

Day 5
Friday, 27th February 2015
Data Fundamentals:
Where can data be stored?

Data Fundamentals 2:
How is data stored: An introduction to memory and storage
Intergrity of Evidence
Chain of Custody
The First Responder
Securing the scene
Search and Seziure

Ethical Hacking
The Ethics behind Ethical Hacking
Vulnerability Research
Computer Crimes and Implications
Processes to follow before the hacking occurs
Penetration Testing
Purpose of Ethical Hacking
When is hacking relevant
Complying with Legislations
International Laws
The Cybercrime Act 2001
The Information Technology Act
Types of Ethical Hacking
Server and Workstation Hacking
Course includes case studies and group exercises

Registration is at 07:30 am on Day One, tea and coffee will be served on arrival. The course
commences at 08:30 on Day One to Five. Lunch is usually served at 12:30 and end of the day
conclusion is at 16:30. Morning tea and afternoon tea will be approximately at 10:15 and 15:15.
Friday Workshop will conclude 13:30.
CPE
CISA/CISM/CGEIT/CRISC certification holders may report CPE hours for Non-ISACA professional
educational activities and meetings. These activities include in-house corporate training,
university courses, conferences, seminars workshops and professional meetings and related
activities not sponsored by ISACA. By attending this workshop Certification holders will earn 35
CPE credits according to the number of hours of active participation