
Programme Objective
How do you reduce cyber risk without increasing the budget?
Criminals are leveraging the connectivity of the Internet to actively engage in corporate espionage and steal intellectual property, engineering designs, customer sensitive data as well as other confidential business and financial information.
When it comes to raising IT and cyber budgets, accounting and finance professionals are increasingly being asked to referee and opine on cybersecurity spending. There is a way to reduce the risk exposure but simply opening the purse strings and increasing the budget is not the solution. For example, a leading international bank, despite spending over $500 million annually on cybersecurity, suffered a major data breach.
Are you informed enough to be able to make strategic and operational decisions before and after a data breach?
This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of cybersecurity and the real threats to their organisation.
This is not a technical course, therefore, there are no prerequisites. This training is available as a one-day, internal workshop.
Target Competencies
- Information Risk Management, Policies and Standards.
- Strategies to protect business reputation, brand image and bottom line.
- Data Breach Response – Strategy, planning and management.
- Basic awareness on cyber and breach regulatory and legal issues.
Course Objectives:
- Identify, evaluate and treat cyber risk to improve the organisation’s security posture. Undertake responsive measures to reduce business risk exposure to within risk appetite, with constrained resources and within budget.
- Explain the key differences between the various types of attacks and discuss mitigating strategies.
- Understand the business benefits of complying with international standards including the UK Government’s Cyber Essentials Scheme, NIST and ISO 27001:2013.
Modules
Information Risk Management
- Understand the concepts of and establish an Information Risk Management programme (risk identification, risk assessment and risk treatment, risk monitoring)
- Understand how to produce and implement an effective Cyber Information Governance Strategy
- Understand the concepts of cyber resilience, business governance and cyber governance
Information Security Strategy
Information Security Policies
- Understand the role of policies in an effective strategy and create an effective policy framework
- The CIA principles and their relationship to the information security strategy model
- Understand the international standard in Information Security ISO 27001:2013
- Build an Information Security Management System (ISMS)
- IT security policies, procedures and IT security framework
- Type of controls including procedural, technical and physical
- Key elements of an effective ISMS
- Interactive session – Learn how to create your own ISMS
- Understand the UK Cyber Essentials and NIST frameworks, and how to use them in your business strategy
Understanding the Adversary
- The five types of attackers
- Understand cyber attack motives, opportunities and threats
- How cyber criminals select and target businesses
- Business case studies of recent cyber-attacks and their impact on the businesses
- The business Cyber Kill Chain and how it can be used to stop most attacks
- Practical demo of cyber-attacks
Innovation in Information Security Strategy
- Review and discuss the most current and innovative approaches in cyber security
- Encourage and adopt innovative methods to secure your business and its employees
Legal & Regulatory Issues Cyber Security & Data Privacy
- Understand the impact of global regulations in data privacy and how it can impact your business
- Discuss the relevant case studies in data breach and incident response
- Discuss how to manage and engage media outlets during and after a breach
The Checklist
- Creating/adopting the checklist
- Incident management checklist
- Using the checklist to beat the hackers!
Public Relations
- Crisis Comms Plans Management
- Social media and PR key steps
- PR case study
- Breach notification
Building the Team
- Stakeholders – Who are they?
- Legal considerations, compliance and notifications
- Building an effective and agile stakeholder
- Third parties