Management Best Practices in Cyber Security & Data Privacy

How do you Reduce Cyber Risk without Increasing the Budget?

We have trained over 100 organizations including:

GCHQ-Certified practitioner & trainer

Non-technical training workshop

FTSE 100 CISO with over 15 years' experience

Strategic and operational business focus

 

Programme Objective

How do you Reduce Cyber Risk without Increasing the Budget?

Criminals are leveraging the connectivity of the Internet to actively engage in corporate espionage and steal intellectual property, engineering designs, customer sensitive data as well as other business and financial confidential information.

When it comes to raising IT and cyber budgets, accounting and finance professionals are increasingly being asked to referee and opine on cyber security spending. There is a way to reduce the risk exposure but simply opening the purse strings and increasing the budget is not the solution. For example, a leading international bank, despite spending over $500 million dollars annually on cyber security, suffered a major data breach.

“Over-emphasis on technological (as opposed to management, behavioural and cultural) aspects weakens cyber defensive capabilities.”
Bank of England and FCA - 2015

Cyber Managements Alliance’s one-day immersive session will equip attendees with practical knowledge about cyber risk, attacks, their real world effect on brand reputation and the financial impact on business.

  • How to reduce business risk exposure and actually reduce costs while increasing overall security posture.
  • Increasing your security posture on budget with existing resources.
  • The benefits of aligning with international and UK standards including the UK Government’s Cyber Essentials Plus scheme.

 

Are you informed enough to be able to make strategic and operational decisions before and after a data breach?

This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of cyber security and the real threats to their organisation.

This is not a technical course therefore there are no prerequisites. This training is available as a one-day internal workshop.

Target Competencies

  • Information Risk Management, policies and standards.
  • Strategies to protect business reputation, brand image and bottom line.
  • Data Breach Response - strategy, planning and management.
  • Basic awareness on cyber and breach regulatory and legal issues.

 

This course is based on Cyber Management Alliance’s CSPE Course. The CSPE course, Amar Singh,  its trainer and Cyber Management Alliance have been awarded the UK Government’s GCHQ-Certified training  accreditation, or GCT. 

Furthermore, Cyber Management Alliance are approved by APMG, the only certification body licensed and approved by GHCQ to deliver this scheme.

Intended For

An awareness-level program intended for those who would like to gain a better understanding of information risk, cyber attacks and how to protect their businesses against cyber criminals.

Training Methodology

Interactive and immersive with discussion a highly skilled practitioner.  

Duration: 1 Day

Course Objectives

  • Identify, evaluate and treat cyber risk and improve their organisation’s security posture.  Undertake responsive measures to reduce business risk exposure to within risk appetite, with constrained resources and within budget.
  • Explain the key differences between the various types of attacks and discuss mitigating strategies.
  • Understand the business benefits of complying with international standards including the UK Government’s Cyber Essentials Scheme, NIST and ISO 27001:2013.

 New Call-to-action

  New Call-to-action

Modules

Information Risk Management
  • Understand the concepts of and establish an Information Risk Management program (risk identification, risk assessment and risk treatment, risk monitor)
  • Understand how to produce and implement an effective Cyber Information Governance Strategy
  • Understand the concepts of cyber resilience, business governance and cyber governance
Information Security Strategy
Information Security Policies
  • Understanding the role of policies in an effective strategy and creating an effective policy framework
  • The CIA principles and their relationship to the information security strategy model
  • Understanding the international standard in Information Security ISO 27001:2013
  • Building an Information Security Management System (ISMS)
  • IT security policies, procedures and IT security framework
  • Type of controls including procedural, technical and physical
  • Key elements of an effective ISMS
  • Interactive session - learn how to create your own ISMS
  • Understanding the UK Cyber Essentials and NIST frameworks, and how to use them in your business strategy
Understanding the Adversary
  • The five types of attackers
  • Understand cyber attack motives, opportunities and threats
  • How cyber criminals select and target businesses
  • Business case studies of recent cyber attacks and impact on the businesses
  • The business Cyber Kill Chain and how it can be used to stop most attacks
  • Practical demo of cyber attacks
Innovation in Information Security Strategy
  • Review and discuss the most current and innovative ways in cyber security
  • Encourage and adopt innovative methods to secure your business and its employees
Legal & Regulatory Issues Cyber Security & Data Privacy
  • Understand the impact of global regulations in data privacy and how it can impact your business
  • Discuss the relevant case studies in data breach and incident response
  • Discuss how to manage and engage media outlets during and after a breach
The Checklist
  • Creating/adopting the checklist
  • Incident management checklist
  • Using the checklist to beat the hackers!
Public Relations
  • Crisis Comms plans managemement
  • Social media and PR key steps
  • PR case study
  • Breach notification
Building the Team
  • Stakeholders - who are they?
  • Legal considerations, compliance and notifications
  • Building an effective and agile stakeholder
  • Third parties

Programme Facilitator

Amar Singh is a GCHQ Certifed Cyber Security Trainer. Amar has a long history and experience in data privacy and information security training. Amar Singh has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm and is chair of the ISACA UK Security Advisory Group. Amar also founded the not for profit cyber security service for charities, Give01Day and is an Executive to the Board of the National MBA in Cyber Security.

Amar_Singh_CISO.jpg

Amar has the highest integrity, has been trusted by FTSE100 companies with some of the most sensitive commercial information and has been involved with highly sensitive forensic investigations.

He has the ability to deal with both technically the astute, board-level executives and lead an organisations information security direction. Apart from experience and abilities, Amar holds holds a number of industry recognised certifications, such as the ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.

Amar is an industry acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.

Amar_Media_Logos.jpg

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Please complete the form below and one of our consutlants will be in touch to discuss your requirements.

Management Best Practise Training Enquiry Form

  • callOr call us on:
  • +44 (0) 203 189 1422