Understanding cybersecurity isn’t only about tackling the negative. While you may worry about the cybersecurity risks partners and vendors pose to your organization, your customers are worried about the risk you could introduce to them. Cyberattacks are no longer just a fight for your IT security team — they represent a risk to your entire business. You need to understand the liability and exposure to risk your business has and this cannot be achieved without accurate measurement. Traditionally, the focus has been on chasing threats and vulnerabilities as they occur, using methodologies such as penetration testing and vulnerability assessments. For those focused on identification of real-time threats, this is a necessary approach, but it tells you little about the overall risk to which your organization is exposed. Stakeholders in your business will increasingly want to know how at risk you are: • Customers will request information about your cybersecurity posture when you tender for work. • Shareholders will want to know how safe their investment in your stock is. • Vendors and partners will want to know the risk you pose to their cybersecurity posture, due to the business you conduct together. • Insurers want to know how risky it is to insure the business and how to set premiums for cyber breach insurance. When you can easily demonstrate your good practice, and benchmark your cybersecurity posture with those of your competitors, you have an advantage. Cyber-readiness is increasingly a necessity for organizations.
A basic understanding of information security and information security management topics is helpful for students attending this class. However, a strong background in any of these skills is not a pre-requisite for the class. In the class students will be taught a step by step approach for understanding a risk assessment regardless of their technical information security or management background
Course Learning Objectives
In this course students will learn the value of having a proactive risk assessment strategy and understand customer’s perspective of ensuring business continuity. Every organization, whether they do so in an organized manner or not, will make priority decision on how best to defend their valuable data assets. Risk management should be the foundational tool used to facilitate thoughtful and purposeful defense strategies. You Will Be Able to: • Understand Risk assessment and management fundamentals • Understand customer’s perspective of ensuring business continuity • Be able to address both the “C” suite and the IT care about and concerns • Articulate the expected outcome and value of a risk assessment strategy • Assign relative value to critical information assets • Prioritize risk remediation efforts as a result of performing a risk assessment. • Evaluate risk management models for use in their own organization. • Presenting Risk to Business Owners
Course System Requirement
PC, Wifi, Webex
• Board Cyber Risk Oversight. • What Are Boards Expected to Do Now? • What Barriers to Action Will Well-Intending Boards Face? •What Practical Steps Should Boards Take Now to Respond? • Principles behind Cyber Risk Management • Cyber Risk Management Principles Guide Actions • Meeting Stakeholder Needs • Applying a Single, Integrated Framework • Cyber Strategic Performance Management • Pitfalls in Measuring Cybersecurity Performance • Cybersecurity Strategy Required to Measure Cybersecurity Performance • Creating an Effective Cybersecurity Performance Management System • Identifying, Analyzing, and Evaluating Cyber Risks • The Landscape of Risk • A Structured Approach to Assessing and Managing Risk • Treating Cyber Risks • Determining the Cyber Risk Profile • Alignment of Cyber Risk Treatment • Practicing Cyber Risk Treatment • Using Insurance to manage Cyber Risk • Planning for Cyber Risk Insurance • Cyber Insurance Market Constraints • Monitoring and Review Using Key Risk Indicators (KRIs) • KRI Design for Cyber Risk Management