Programme Objective

How do you reduce cyber risk without increasing the budget?

Criminals are leveraging the connectivity of the Internet to actively engage in corporate espionage and steal intellectual property, engineering designs, customer sensitive data as well as other confidential business and financial information.

When it comes to raising IT and cyber budgets, accounting and finance professionals are increasingly being asked to referee and opine on cybersecurity spending. There is a way to reduce the risk exposure but simply opening the purse strings and increasing the budget is not the solution. For example, a leading international bank, despite spending over $500 million annually on cybersecurity, suffered a major data breach.

Are you informed enough to be able to make strategic and operational decisions before and after a data breach?

This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of cybersecurity and the real threats to their organisation.

This is not a technical course, therefore, there are no prerequisites. This training is available as a one-day, internal workshop.

Target Competencies

Information Risk Management, Policies and Standards.
Strategies to protect business reputation, brand image and bottom line.
Data Breach Response – Strategy, planning and management.
Basic awareness on cyber and breach regulatory and legal issues.

Course Objectives:

Identify, evaluate and treat cyber risk to improve the organisation’s security posture. Undertake responsive measures to reduce business risk exposure to within risk appetite, with constrained resources and within budget.
Explain the key differences between the various types of attacks and discuss mitigating strategies.
Understand the business benefits of complying with international standards including the UK Government’s Cyber Essentials Scheme, NIST and ISO 27001:2013.

Modules

Information Risk Management

Understand the concepts of and establish an Information Risk Management programme (risk identification, risk assessment and risk treatment, risk monitoring)
Understand how to produce and implement an effective Cyber Information Governance Strategy
Understand the concepts of cyber resilience, business governance and cyber governance

Information Security Strategy

Information Security Policies

Understand the role of policies in an effective strategy and create an effective policy framework
The CIA principles and their relationship to the information security strategy model
Understand the international standard in Information Security ISO 27001:2013
Build an Information Security Management System (ISMS)
IT security policies, procedures and IT security framework
Type of controls including procedural, technical and physical
Key elements of an effective ISMS
Interactive session – Learn how to create your own ISMS
Understand the UK Cyber Essentials and NIST frameworks, and how to use them in your business strategy

Understanding the Adversary

The five types of attackers
Understand cyber attack motives, opportunities and threats
How cyber criminals select and target businesses
Business case studies of recent cyber-attacks and their impact on the businesses
The business Cyber Kill Chain and how it can be used to stop most attacks
Practical demo of cyber-attacks

Innovation in Information Security Strategy

Review and discuss the most current and innovative approaches in cyber security
Encourage and adopt innovative methods to secure your business and its employees

Legal & Regulatory Issues Cyber Security & Data Privacy

Understand the impact of global regulations in data privacy and how it can impact your business
Discuss the relevant case studies in data breach and incident response
Discuss how to manage and engage media outlets during and after a breach