This one-day foundational course will teach you how to approach cyber security so your organisation isn’t yet another victim of a ransomware attack or data breach. You will understand the concepts and be better prepared to work with your board, internal teams and external partners to secure your organisation now and in the future.
What will you gain?
Cyber threats are a constant and increasing threat to all businesses, which must be managed in order to protect you, your staff and your clients.
You will learn how to address immediate cyber security risks and understand the long-term strategy needed to manage these in the future.
By the end of the course you will:
- Understand the difference between tactics to stop you getting hacked now and the strategy you need for the future.
- Learn what criminals are doing to carry out cyber-attacks and the gaps in security they use in 99 percent of successful hacks.
- Recognise why your IT company may not be an expert in cyber security, and why your auditor definitely is not.
- Learn to challenge the hype from cyber companies about “constantly evolving attacks” and the need to buy their latest product and service.
- Create a short-term remediation plan that balances usability and security.
- Identify whether your security measures are actually working.
- Understand your overall cyber security risks and their business impacts for inclusion in your organisation’s risk register, as well as your risk tolerance.
- Choose which risk framework is the best for your organisation.
- Appreciate the need for a continual focus on cyber security, equal to Health and Safety requirements.
Course structure
The one-day course is structured in two main sessions.
The morning session will focus on the immediate cyber risks your business is facing and how to address them. The afternoon will look at the long-term strategy your business should implement to plot your cyber security risk management course and make sure you stay on track.
As well as learning the theory, attendees will work in groups to apply the knowledge that has been taught so that it’s understood and actionable, in one of the following areas:
- Rating your security maturity against a framework
- Including privacy and data governance
- Creating a cyber security strategy that fits your organisation (based on your risks and target maturity)
- Creating a three year roadmap
- Creating a culture of security and privacy
- Tracking progress – updating your strategy and roadmap
We will also look at case studies of organisations with high standards of information security such as ISO27001 or SOC2, that were still able to be hacked, and apply lessons learned.
Questions are encouraged throughout the day.
