Duration: 2 hours

Format: Workshop

Resources: Structured presentation and discussion points

Objectives

  • Understand basic principles of cybersecurity at a non-technical level
  • Achieve common viewpoint between business and technical cybersecurity
  • Achieve clear communication via shared understanding of cyber risk
  • Create appetite for controls which balance risk with opportunity

Outline

  • Introduction
    • Whiteboard session - participant objectives and requirements
  • Basic Principles of Security
    • The CIA Triad
    • Fundamental Concepts of Security Management
  • How Cyber Risk Arises
    • Differences with other forms of risk (strategic, project, operational, etc.)
    • Threats and Threat Actors, Vulnerabilities, Impacts and Controls
    • Risk communication and balancing risk with opportunity
  • Threats and Threat Actors
    • Cybercriminals - Ransomware, Business Email Compromise, etc.
    • Nation-State Actors, Professional Hackers, Script Kiddies and Hacktivists
  • Vulnerabilities
    • Software Vulnerabilities, Procedural Vulnerabilities, Physical Vulnerabilities
  • Impacts
    • Information Assets, Asset Ownership, Valuation and Classification
    • Business Process Interruption and Cyber Resilience
    • Examples of Impact - high-profile breaches
  • Controls and Safeguards, with Examples
    • Directive, deterrent, preventive, detective, corrective and recovery controls
    • Administrative controls - policies, standards and procedures, security culture
    • Technical controls - authentication and access control, cryptographic controls, network controls
    • Physical controls
  • Discussion
  • Resources
Contact us for further details.

Last modified: Monday, 6 November 2023, 2:15 PM