Date: 25 May 2021
Cyber Incident Planning & Response has become a top priority for banking and financial institutions across the world as they transition into the realm of digitization. With this view, top cybersecurity executives of Philippine National Bank, one of the largest banks in the archipelagic country, attended Cyber Management Alliance’s flagship, NCSC-Certified Cyber Incident Planning & Response Course.
The Bank’s CISO - Rolan Oscuro, the CSOC Head - Pat Pio Fondevilla and its Cyber Security Operations Center Department Head - Gerald Emmanuel Cenir were amongst those who attended the highly recommended training.
The course, certified by the UK Government's National Cyber Security Centre, provides senior management and incident response teams with the vital knowledge and skills to plan, lead and manage a cyber crisis. It equips learners with competence so that they can rapidly detect, rapidly respond to and rapidly recover from a cyber-crisis.
Further, the Cyber Incident Planning & Response course also enables participants to gain a deep understanding of NIST's Computer Security Incident Handling Guide: NIST SP 800-61 Revision 2 and understand how to implement NIST's Cyber Incident Response Framework throughout the organisation.
A resounding theme in the feedback of the participants was that the course helped them realise what the current gaps in their breach readiness are and how much more they need to do.
Speaking on his experience, Ronald Oscuro, CISO, Philippine National Bank said, “The content of the course and the expertise of the trainer was very good. Personally I learned a lot and my team and I picked up a lot. We also figured that there’s a lot more that needs to be done and we’ve been given ways to justify things that we need to have as part of our defence. Part of your material has also shown us how to convince our partners in other units, like infrastructure, to maximise existing tools and better use the tools to further protect the bank.”
Corroborating this view, the Bank’s CSOC Head, Pat Pio Fondevilla said, “It was very educational. It was just in time for our team. We learnt a lot in today’s session. I think we need to do more - threat actor risk assessment and breach assessment. Rapid detection is another good point that we need to achieve. It’s not real-time, it’s rapid detection so that you can equal the infection rate. I think that’s a good item that we need to consider in our documentation. One more item is the cyber resilience plan for which the document you will share can help.”
Understanding how important the preparation and planning stages of an Incident Response Plan are, was also one of the key highlights for the participants.
Gerald Emmanuel Cenir, the Cyber Security Operations Center Department Head, summed this up as he said: “My key takeaway is how important the preparation phase is in the Incident Response Plan. It is a normal challenge for everyone to be fast enough in detecting and responding to alerts and have less time to develop and enhance the preparation because of the fire fighting. With the information that you have provided, we can focus more and start developing this preparation.”
“Thank you for the assignment that you have given us. Actually we still have a lot of work to do. Your insights have helped, especially in the preparation stage for our defence for our network,” Joseph Anthony Torres, Cyber Security Officer, added.
Cyber Management Alliance has consistently been working towards bridging the gaps in organisational cyber resilience globally. With the overall objective of reducing the risk exposure of the global business community and mitigating the business impact of cyber-attacks and events, CM-Alliance has trained some of the largest and most prominent organisations in the world in cyber incident response, crisis management and incident response playbooks.
Cyber Management Alliance has recently added some of the world's most prestigious organisations including Google, Formula One, Sony, BAE Systems, Citibank, AstraZeneca, Unilever, Walkers, Capgemini, Invesco, First Citizens Bank Ltd, GE Healthcare, Bharti Airtel, the NHS, Dubai Health Authority, Brentwood Council and the Essex County Council to its client portfolio.
