SE107: Cybersecurity for Senior Managers
Completion requirements
Duration: 2 hours
Format: Workshop
Resources: Structured presentation and discussion points
Objectives
- Understand basic principles of cybersecurity at a non-technical level
- Achieve common viewpoint between business and technical cybersecurity
- Achieve clear communication via shared understanding of cyber risk
- Create appetite for controls which balance risk with opportunity
Outline
- Introduction
- Whiteboard session - participant objectives and requirements
- Basic Principles of Security
- The CIA Triad
- Fundamental Concepts of Security Management
- How Cyber Risk Arises
- Differences with other forms of risk (strategic, project, operational, etc.)
- Threats and Threat Actors, Vulnerabilities, Impacts and Controls
- Risk communication and balancing risk with opportunity
- Threats and Threat Actors
- Cybercriminals - Ransomware, Business Email Compromise, etc.
- Nation-State Actors, Professional Hackers, Script Kiddies and Hacktivists
- Vulnerabilities
- Software Vulnerabilities, Procedural Vulnerabilities, Physical Vulnerabilities
- Impacts
- Information Assets, Asset Ownership, Valuation and Classification
- Business Process Interruption and Cyber Resilience
- Examples of Impact - high-profile breaches
- Controls and Safeguards, with Examples
- Directive, deterrent, preventive, detective, corrective and recovery controls
- Administrative controls - policies, standards and procedures, security culture
- Technical controls - authentication and access control, cryptographic controls, network controls
- Physical controls
- Discussion
- Resources
Last modified: Monday, 6 November 2023, 2:15 PM