Management Best Practices in Cybersecurity & Data Privacy

How do you reduce cyber risk without increasing the budget?

We have trained over 750 organizations including:

GCHQ-Certified practitioner & trainer

Non-technical training workshop

FTSE 100 CISO with over 15 years' experience

Strategic and operational business focus


Programme Objective

How do you reduce cyber risk without increasing the budget?

Criminals are leveraging the connectivity of the Internet to actively engage in corporate espionage and steal intellectual property, engineering designs, customer sensitive data as well as other confidential business and financial information.

When it comes to raising IT and cyber budgets, accounting and finance professionals are increasingly being asked to referee and opine on cybersecurity spending. There is a way to reduce the risk exposure but simply opening the purse strings and increasing the budget is not the solution. For example, a leading international bank, despite spending over $500 million annually on cybersecurity, suffered a major data breach.

“Over-emphasis on technological (as opposed to management, behavioural and cultural) aspects weakens cyber defensive capabilities.”
Bank of England and FCA - 2015

Cyber Managements Alliance’s one-day, immersive session will equip attendees with practical knowledge about cyber risk, attacks, and their real-world effect on brand reputation and the financial impact on business.

In this session, attendees will understand: 

  • How to reduce business risk exposure and actually reduce costs while enhancing the overall security posture.
  • Bolstering the security posture on budget with existing resources.
  • The benefits of aligning with international and UK standards, including the UK Government’s Cyber Essentials Plus scheme.

Are you informed enough to be able to make strategic and operational decisions before and after a data breach?

This course will enable you to prepare a defined and managed approach when responding to a data breach or attack of an information asset. The content is intended for senior management and business executives who wish to gain a better understanding of cybersecurity and the real threats to their organisation.

This is not a technical course, therefore, there are no prerequisites. This training is available as a one-day, internal workshop.

Target Competencies

  • Information Risk Management, Policies and Standards.
  • Strategies to protect business reputation, brand image and bottom line.
  • Data Breach Response - Strategy, planning and management.
  • Basic awareness on cyber and breach regulatory and legal issues.


This course is based on Cyber Management Alliance’s CSPE Course. The CSPE course, Amar Singh - its trainer and Cyber Management Alliance have been awarded the UK Government’s GCHQ-Certified training accreditation, or GCT. 

Furthermore, Cyber Management Alliance is approved by APMG, the only certification body licensed and approved by GHCQ to deliver this scheme.

Intended For:

This is an awareness-level programme intended for those who would like to gain a better understanding of information risk, cyber-attacks and how to protect their businesses against cyber criminals.

Training Methodology:

Interactive and immersive discussion with a highly-skilled practitioner.  

Duration: One Day

Course Objectives:

  • Identify, evaluate and treat cyber risk to improve the organisation’s security posture.  Undertake responsive measures to reduce business risk exposure to within risk appetite, with constrained resources and within budget.
  • Explain the key differences between the various types of attacks and discuss mitigating strategies.
  • Understand the business benefits of complying with international standards including the UK Government’s Cyber Essentials Scheme, NIST and ISO 27001:2013.

 New Call-to-action

  New Call-to-action


Information Risk Management
  • Understand the concepts of and establish an Information Risk Management programme (risk identification, risk assessment and risk treatment, risk monitoring)
  • Understand how to produce and implement an effective Cyber Information Governance Strategy
  • Understand the concepts of cyber resilience, business governance and cyber governance
Information Security Strategy
Information Security Policies
  • Understand the role of policies in an effective strategy and create an effective policy framework
  • The CIA principles and their relationship to the information security strategy model
  • Understand the international standard in Information Security ISO 27001:2013
  • Build an Information Security Management System (ISMS)
  • IT security policies, procedures and IT security framework
  • Type of controls including procedural, technical and physical
  • Key elements of an effective ISMS
  • Interactive session - Learn how to create your own ISMS
  • Understand the UK Cyber Essentials and NIST frameworks, and how to use them in your business strategy
Understanding the Adversary
  • The five types of attackers
  • Understand cyber attack motives, opportunities and threats
  • How cyber criminals select and target businesses
  • Business case studies of recent cyber-attacks and their impact on the businesses
  • The business Cyber Kill Chain and how it can be used to stop most attacks
  • Practical demo of cyber-attacks
Innovation in Information Security Strategy
  • Review and discuss the most current and innovative approaches in cyber security
  • Encourage and adopt innovative methods to secure your business and its employees
Legal & Regulatory Issues Cyber Security & Data Privacy
  • Understand the impact of global regulations in data privacy and how it can impact your business
  • Discuss the relevant case studies in data breach and incident response
  • Discuss how to manage and engage media outlets during and after a breach
The Checklist
  • Creating/adopting the checklist
  • Incident management checklist
  • Using the checklist to beat the hackers!
Public Relations
  • Crisis Comms Plans Management
  • Social media and PR key steps
  • PR case study
  • Breach notification
Building the Team
  • Stakeholders - Who are they?
  • Legal considerations, compliance and notifications
  • Building an effective and agile stakeholder
  • Third parties

Programme Facilitator

Amar Singh is a GCHQ-Certifed Cybersecurity Trainer. Amar has a long history and experience in data privacy and information security training. He has served as CISO for various companies, including News International (now News UK), SABMiller, Gala Coral, Euromoney and Elsevier. Amongst various other activities, Amar is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE100 firm, and is chair of the ISACA UK Security Advisory Group. He also founded the not-for-profit cybersecurity service for charities, Give01Day and is an Executive to the Board of the National MBA in Cyber Security.


Amar has the highest integrity, has been trusted by FTSE100 companies with some of the most sensitive commercial information and has been involved with highly sensitive forensic investigations.

He has the ability to deal with both technically-astute, board-level executives and lead an organisation's information security direction. Apart from his experience and abilities, Amar holds a number of industry-recognised certifications, such as the ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC and CISSP certification.

Amar is an industry-acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel.


All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Please complete the form below and one of our consutlants will be in touch to discuss your requirements.

Management Best Practise Training Enquiry Form

  • callOr call us on:
  • +44 (0) 203 189 1422