This is a ONE-DAY seminar for Managers, Senior Managers, Executives and Board of Directors across all industries.
Lunch, refreshments and snacks are included. Please contact us with special meal requirements.
Our 8-part Executive Introduction to Cybersecurity series are shorter courses designed to introduce managers, senior managers and executives to the most relevant cybersecurity topics to ensure they have the knowledge to make more informed decisions and better manage business risk.
Executive Education Introduction to Cybersecurity – Foundational Information Security Concepts
• Current global and local threat landscape including key statistics and the social activist, nation state and criminal threat actors
• Core information security functions typically found within an organization and the unique personality traits of those working within the domain
• A discussion on the pros and cons of CISO organizational alignment within information technology or risk management
• Key information security terms and industry buzzwords
• Information security risk management from risk identification to likelihood and impact
• Common industry standards and frameworks (e.g. ISO, NIST, COBIT) for information technology and security management
• Asset and data considerations including cloud and bring your own device (BYOD)
• Identity and access management differences and the role of access control
• Communication and network security fundamentals such as open systems interconnect (OSI), network security architecture, common technologies (e.g. routers, firewalls, intrusion detection/prevention systems), and subnetting
• Security engineering, security architecture and its threats, and an introduction to cryptography
• The (secure) software development life cycles (SSDLC/SDLC), Software Assurance Maturity Model (SAMM), common development methods, DevOps and DevSecOps, testing, and database management systems
• Security operations including the role of a security operations center (SOC) and managed/monitored security services provider (MSSP), the difference between events, alerts and incidents, incident response versus cyber crisis response, and digital forensics
Executive Education Introduction to Cybersecurity – Security Awareness
• How the human element plays into security awareness and the unique requirements that must be met in order for security awareness to be effective
• Available standards- and industry-based guidance for establishing an effective security awareness program
• Key characteristics of the Security Awareness Maturity Model
• Core activities to jump start a security awareness (security marketing) plan
Executive Education Introduction to Cybersecurity – Social Engineering
• Define social engineering the bugs in the human hardware that makes us susceptible to exploit
• Video reviews and related discussions on the topics of cognitive biases and the power of pretexting
• Common social engineering threat vectors such as waterholes, phishing and spear-phishing, quid-pro-quo, tailgating, ‘round the corner, and baiting.
• Common tactics, techniques and procedures used by threat actors including Google dorking, Maltego and Kali Linux
Executive Education Introduction to Cybersecurity – Spear-Phishing & Ransomware
• The difference between phishing and spear-phishing
• A deep dive into the anatomy of a spear-phishing attack
• Video review discussion on the topic of voice phishing (vishing)
• The underground marketplace and the anonymity and commerce tools used by these merchants of mayhem
• What ransomware is and a discussion on recent ransomware attacks
• What to do if a victim or ransomware and a discussion on the organization’s decision to pay or not pay
• How to minimize the risk of a ransomware attack
Executive Education Introduction to Cybersecurity – Cybercriminal Psychology
• Cybercrime defined and the role of forensic psychology and offender profiling
• An exploration of offender profiling, its approaches, and its methods such as the consistency assumption and the homology assumption
• Understanding criminal decision-making theories such as Rational Choice Theory, General Strain Theory and Routine Activity Theory and the possible relationship to cybercrime
• The effectiveness of forensic psychology in cybercrime including case studies to better understand (possibly contributing) psychological disorders
• The role of the Internet, social networking, on-line gaming, and mobile phone dependency in abnormal cyberpsychology
• The role of national culture on cybercriminal behavior
Executive Education Introduction to Cybersecurity – Insider Threats
• How insider threats happen
• The three personas of compromised insiders: malicious actors, negligent actors, and compromised agents
• The role of (structured and unstructured) data analytics in identifying and preventing insider threats
• What to do when you believe an employee is compromised
• The key features of an effective insider threat program
• How to build your own insider threat program
Executive Education Introduction to Cybersecurity – External Threat Actors
• A series of deep dives on the major global threat actors and the related open source intelligence available to help understand motivations
• The face of a new external threat actor: cyber Jihadists
• The complexities of vulnerabilities introduced by the internet-of-things (IoT) and bring-your-own-device (BYOD)
• Managing the risk to industrial control systems (ICS) and critical infrastructure
• China’s quantum network and the viability of threat mitigation across the actor landscape
• An exploration into the possible role the blockchain could play in securing against external threats
Executive Education Introduction to Cybersecurity – Digital Forensics & Incident Response
• Security operations including the role of a security operations center (SOC) and managed/monitored security services provider (MSSP)
• The difference between events, alerts and incidents
• How incident response differs from cyber crisis response
• Anatomy of a cyber attack (aka the cyber kill chain)
• Anatomy of a cyber crisis response
• Incident categories, priorities and threat vectors
• Incident digital forensics activities and the chain-of-custody