Cybersecurity Complexity

Malware & Types of Attacks

Governance Objectives

Governance for Cybersecurity

Effective Cybersecurity Programme Governance

Cybersecurity Governance: Effective Versus Ineffective

Cybersecurity Governance Activities

Cybersecurity Organizational Structure

Cybersecurity Risk oversight of the Board

Cybersecurity Risk management Principles

Cybersecurity Risk Policies & Procedures

Cybersecurity Risk Strategic Performance Management

Cybersecurity Standards & Frameworks

Cybersecurity Risks: Identify, Analyze and Evaluate

How to treat Cybersecurity Risk

Using Process Capabilities to Treat Cybersecurity Risks

Using Insurance and Finance to Treat Cybersecurity Risks

Build, Buy or Update: Embedding Cybersecurity Requirements and Establishing Best Practices

Governance & Planning

Development & Implementation

End of Useful Life and Disposal

Specific Considerations

Commercial Off-the-Shelf Applications

Cloud/SaaS Applications

Physical Security

Commit To a Plan

Physical Security Risk Landscape View and the Impact on Cybersecurity

Manage/Review the Cybersecurity Organization

Design/Review Integrated Security Measures

Data Center Scenario Reworked

Understanding Objectives for Security Measures

Understanding Controls for the Data Center Scenario

Calculate/Review Exposure to Adversarial Attacks

Simulating the Path of an Adversary

Calculate the Probability of Interrupting & Disrupting the Adversary

Optimize Return on Security Investment

Introduction

Cybersecurity Risk Treatment in Line with Organization’s Risk profile

Determine Cybersecurity Risk Profile

Cybersecurity Risk Treatment

Focus on the Crown Jewels

The Weakest Link: Humans

Preventive Measures Along Side Detective Measures

Ability of the Organization to Respond Must Remain the Focus

Cooperation Remains Essential

Alignment of Cybersecurity Risk Treatment

Cybersecurity Risk Treatment Practice

Business-As-Usual: Integrated into Enterprise Risk Management

Business-As-Usual: Integrated with the Regular Three Lines of Defense Applies for Model

Business-As -Usual: Managing Risk with Predefined Risk Appetite

Business-As-Usual: Using the Embedded Risk Management Processes

Business-As-usual: Treatment of Cybersecurity Risks

The Risk Landscape

The People Factor

Assessing & Managing Risk: A structured Approach

Cybersecurity Culture

Regulatory Compliance

Maturity Compliance

Protection Prioritised

Cybersecurity Incident Management

When to declare a Cybersecurity Event an Incident

How to qualify the two categories of Incident Sources

How to follow the Incident Management Policy and Processes

Incident Handling

Types of Incident

Incident handling Process Planning

Collect and Protect Incident Information

Identification

System and Network Logging Functions

Integrating Incident Reporting into Enterprise Risk Management (ERM)

Cybersecurity Crisis Management

From Incident Management to Crisis Management

Operating Principles of Crisis Management

Operationalising Cybersecurity Crisis Unit and its Structure

Tools & Techniques for Managing Cybersecurity Crisis

Cybersecurity Crisis Management Next steps

What is Business Continuity

ISO 22301 Overview

BCM Lifecycle

Understand/Analyze the organization and Integrate with Cybersecurity

Determine BCM Strategy & Integrate with Cybersecurity

Developing and Implementing BCM Responses, Integrate with Cybersecurity

Exercising/Validating BCM and integrate with Cybersecurity

BCM Policy & Programme Management

Embedding BCM in the organizational culture

Cybersecurity and The Internal Organizational Structure

Standards & Guidance Approaches

Cybersecurity within the Enterprise

Adapting Cybersecurity to address Enterprise Exposures

Designing own Cybersecurity Risk Function Operating Model

The Enterprise Function Roles most involved in Cybersecurity across the Enterprise

Aligning Cybersecurity within the Enterprise Functions

Governance & Risk Oversight Functions for Cybersecurity

Cybersecurity and Executive Management Functions

Cybersecurity Draws Support from Other Enterprise Management Functions

Organizations as Social Systems

Cybersecurity More Than a Technology Problem

Organizational Culture

Cybersecurity and Human Factors

Insider Threats

Social Engineering Threats

Training

Frameworks and Standards

ISO 27001: 2013

Business Model Information Security (BMIS)

MSIT Framework

Human Factors & Technology Trends

Measuring Human Behaviours for Cybersecurity

Cybersecurity Due to Human Errors Can Be Reduced

Application Development Security

Application Based Attacks

Web Based Attacks

Standardization of Application Security Features

Techniques to Enforce Application Security

Secure Code Design

Code Reviews

Secure Configuration

Testing for Loopholes

Constant Patching

Practical Cybersecurity Mitigants

Endpoint Security

Ransomware

Ransomware Mitigation

Spyware and Adware

Spyware and Adware Mitigation

Trojan Horses

Trojan Horses Mitigation

Viruses

Viruses Mitigation

Application Layer

Platform Layer

Compute Layer

Information Technology Layer

Site Facility Infrastructure Layer

Site

Topology

Controls Management

Security Controls

Asset Management

Change Management

The Importance of Managing Change

When should Changes be Made?

What are the Impact Changes bring?

The safeguard Effect of Internal Control in Change Management

Organizational Change Management

Access Control & A New Perspective

Organizations requirements for Access Control

User Access Management

User Registration and Deregistration

Access Provisioning for Users

Privileged Access Rights Management

Users Secret Authentication Information Management

User Access Under Review

User Rights: Removal & Adjustments

Responsibility of Users

Application & System Access Control

Access Restriction to Information

Procedures for Secure-Logins

Password Management System

Privileged Utility Programs Usage

Program Source Code & Controlled Access

Overview

Supply Chain Support Strategy

Planning How to Create Supply Relationships

How to Identify Competent External Suppliers

Relationship Management

Overview

Situational Awareness Plan

Situational Awareness Process

Overview

Purpose

Attributes

General Parts of SLA

SLA Service Performance

SLA Constraints & Service Management

SLAs Dos & Don’ts