Session 1:   What is Cybersecurity?

•  How is it defined?
• What are the key issues?
• The current guidance
• Historic threats and cases
• The purpose of a cyber security program
• Tools and techniques

Case Study:  What are the key lessons from historic incidents? 

Session 2:  Cybersecurity Standards

•  PAS 555
• Minimum cybersecurity standards
• ISO/IEC 27001:2013
• ISO/IEC 27032
• NIST CSF
• BIS and cybersecurity
• FFEIC cybersecurity assessment tool
• EU and cybersecurity

 Case Study:  Which are the rules that matter most to you?  What actions should be taken?

 Session 3:  Recent cases – Case Study Session

 In this session we will look at a series of the most recent cases of cyberbreaches that have been identified.  What could have been done to have prevented the loss?

 Session 4:  Information Security

•  What is key data?
• How is this impacted by cybersecurity?
• Data requiring protection
• Information security program
• Security policies, standards and guidelines
• Impact of cybersecurity on information security

Case Study:  Identification of critical information

 Session 5:  Threat Analysis

•  Current cybersecurity threats
• Heightened risk – Joint guidance
• Risks of Denial of Service (DDoS) – FDIC guidance
• Security risks of VOIP  – FDIC guidance
• Pharming attacks and phishing
• Keeping ahead of the malicious agents
• Wireless technology risks
• Risks in the cloud
• Vulnerability assessment
• Collection of data
• Risk appetite, risk acceptance and cybersecurity
• Mitigation and anticipation

Case Study:  Which are the risks that most concern your Board?  How are these reported?

Session 6:  The Impact of Changing Work Patterns on Cybersecurity

•  How are work patterns changing as a consequence of the crisis?
• Are these changes likely to be permanent?
• What does this mean for cybersecurity?
• How does this change the risk assessment?
• Impact on data security
• Impact on business continuity planning
• Impact on productivity

 Case Study:  What are the actions that are needed to reduce cyber risk due to remote working?

 Session 7:  Cyber Risk Assessment

• The assessment process
• Threat metrics
• Threat models
• Threat matrix
• Denial of service attacks (DOS)
• Attack vendors
• Attack trees

Case Study:  Populate a cyber risk assessment

Session 8:  The Cybersecurity Program

• The key elements
  • Framework
  • Charter
  • Policies
  • Process
  • Measurement
• Corporate governance
• Identity and access management
• The 3 lines model and cybersecurity
• Due care considerations
• Due diligence
• Developing forward looking identifiers
• Benchmarking
• Incident management plan
• Enterprise security architecture
• Ethical hacking
• Data mining and modelling

 Case Study:  Creating forward looking identifiers – what matters?

 Session 9:  Investigating Cybersecurity Incidents

•  Regulatory guidance
• Actions to be taken
• Governance and management
• Identifying information
• Tracking activity
• Efficient approaches
• Data mining
• Reporting and tracking

 Case Study:  Investigating an incident

Delegates will gain specialist technical knowledge,  techniques and skills, experience ‘on-the-job-style’ training in group discussion and working hands-on through case studies and exercises to apply learned concepts in order to

• Appreciate the current threats
• Understand the nature of current guidance
• See the actions being taken by regulators
• Consider the contents of the cyber deterrence framework
• Review recent and historic cases and see lessons to be learnt
• Create forward looking identifiers
• Manage incidents effectively

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes. (An invitation via email with access link is included for all participants.)