Session 1:   What is Cybersecurity? 

• How is it defined?
• What are the key issues?
• Who are we seeking to avoid?
• The current guidance
• Internal v external
• Historic threats and cases
• The purpose of a cyber security program
• Tools and techniques

Session 2:  The Cyber Framework

• Alignment to the Risk Appetite Framework
• Applying risk appetite
• The key elements of the framework
• Tone from the top
• Governance and control
• Alignment with operational resilience

Session 3:  Assessing Cyber Exposure 

• Where do we have exposure?
• What can happen?
• Cases and examples of failure
• Assessing cyber exposure
• Mitigating cyber risk
• Insurance and other mitigation

Session 4:  Information Security 

• What is key data?
• How is this impacted by cybersecurity?
• Data requiring protection
• Information security program
• Security policies, standards and guidelines
• Impact of cybersecurity on information security

Session 5:  Threat Analysis 

• Current cybersecurity threats
• Heightened risk – Joint guidance
• Risks of Denial of Service (DDoS) – FDIC guidance
• Security risks of VOIP  – FDIC guidance
• Pharming attacks and phishing
• Keeping ahead of the malicious agents
• Wireless technology risks
• Risks in the cloud
• Vulnerability assessment
• Collection of data
• Risk appetite, risk acceptance and cybersecurity
• Mitigation and anticipation

Session 6:  The Impact of Changing Work Patterns on Cybersecurity

•  How are work patterns changing as a consequence of the crisis?
• Are these changes likely to be permanent?
• What does this mean for cybersecurity?
• How does this change the risk assessment?
• Impact on data security
• Impact on business continuity planning
• Impact on productivity

Session 7:  Cyber Risk Assessment

• The assessment process
• Threat metrics
• Threat models
• Threat matrix
• Denial of service attacks (DOS)
• Attack vendors
• Attack trees

Session 8:  The Cybersecurity Program

• The key elements
  • Framework
  • Charter
  • Policies
  • Process
  • Measurement
• Corporate governance
• Identity and access management
• The 3 lines model and cybersecurity
• Due care considerations
• Due diligence
• Forward looking identifiers
• Benchmarking
• Incident management plan
• Enterprise security architecture
• Ethical hacking
• Other matters 

Case Study:  Creating forward looking identifiers – what matters?

Session 9:  Investigating Cybersecurity Incidents 

• Regulatory guidance
• Actions to be taken
• Governance and management
• Operational resilience requirements
• Identifying information
• Tracking activity
• Data mining
• Reporting and tracking

Delegates will gain specialist technical and behavioural knowledge,  techniques and skills, experience ‘on-the-job-style’ training in group discussion and developing audit programs in the classroom for immediate application in the workplace in practise with a focus on:

• The nature of cyber security and who conducts it
• Assessing cyber security and alignment to risk management
• Threat and vulnerability assessment
• The role of insurance
• The cyber security program
• Incident management

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred software to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)