Course Agenda

Agenda

Cyber Risk Management - London

Course agenda

Day 1 - Wednesday 12th June 2019 

08:30

Registration and refreshments

09:00

Cyber Risk in Risk Management and Governance

  • How does cyber risk fit into risk management?
  • Governance and the importance of cyber risk assessment
  • Connectivity with conduct risk, RRP, ERM
  • Establishing a leading cyber risk management capability
  • Engaging the board – who is responsible for cyber?
  • Implications and expectations in 3LoD model
  • How do you develop risk appetite limits for cyber security risk?

Speaker: Courtenay Brammar, Director of Risk Analysis and Insights, CyberSecurityCaseStudies.com

10:30

Morning break

11:00

Integrating Cyber Risk and IT 

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
  • How to identify the latest threats and vulnerabilities
  • Integrating IT risk as part of the GRC strategy
  • How do IT risks fit in the context of the business?
  • Data aggregation and intelligence gathering tools to address cyber security risks 

Speaker: Ameet Jugnauth, Head of IT Risk and Governance, Lloyds Banking Group

12:30

Lunch

13:30

Creating a Sound Cyber Risk Programme & Preparing for the Worst

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
  • Integrating risk & IT
  • Building an incident response plan – and testing it
  • Creating a cyber risk programme & frameworks;
    • NIST
    • ISO 27001
  • Organisational challenges and governance structures

Speaker: Martin Overton, Founder, OMG Cyber Security

15:00

Afternoon break

15:30

Risk Analytics 

  • Concepts
  • Were here to make things better
  • Our journey
  • Quantitative risk analysis methodology
  • Bringing it together
  • 1st application
  • 2nd application

Speaker: Paul De Luca, Risk Architecture Director, Enterprise Risk Management, AIG

17:00

End of day one

Day 2 - Thursday 13th June 2019

08:30

Refreshments

09:00

Modelling Cyber Risk 

  • The nature of cyber risk scenarios and implications for firms
  • Obtaining usable data for model calculation
  • How to combine external and internal data and other relevant information to calibrate a cyber risk scenario for modelling
  • Should you redo the same cyber scenarios every year?
  • Can risk models accurately capture cyber risk? 

Speaker: Steve Greenham, Independent Cyber Security & Risk Management Consultant

10:30

Morning break

11:00

Group Exercise - Estimating Confidence Limits

  • Setting limits correctly an estimating the impact of risks
  • Group quizzes

Speaker: Steve Greenham, Independent Cyber Security & Risk Management Consultant

12:30

Lunch

13:30

Relationship between Cyber Risk and Human Behaviour

  • Effectiveness of cyber security capabilities (people, process, technology)
  • The fact that 91% of data breaches are down to human behaviour vs. 9% hacking / highly technical attacks
  • The fact that investing in people controls delivers best ROI and most effective risk mitigation
  • Exploring people controls – UBA, human sensors, human risk profiling 
  • Practical steps / techniques for affecting behavioural change and building a risk aware cyber security culture

Speaker:
Flavius Plesu, Former Head of Information Security, Bank of Ireland, Founder, OutThink, Security Behaviour Practitioner, Research Institute in Science of Cyber Security (RISCS)

14:30

Afternoon Break

15:00

Incident Management and Business Continuity Planning – Insurance Perspective

  • What leads to operational incidents?
  • Incident recovery – “impact tolerance”
  • The importance of not the absence of incidents, but how well incidents are managed 
  • Responsibility from board and senior management
  • How can you identify vulnerabilities and secure sensitive information
  • Understanding the response and recovery plans of third parties 

Group activity:
How Resilient is your Environment? Disaster Recovery and Business Continuity in Operational and Cyber Risk

  • What immediate actions would you advise your firm to do in the scenario? 
  • Hierarchy of response- who are the 1st and 2nd responders? 
  • Incident management- how do you assess the impact on your firm? 
  • What’s your crisis management protocols? What do they look like? 
  • How equipped is your organisation to respond to high stress situations? 
  • Business continuity planning from employees to infrastructure 

Speaker: Maarten van Wieren Ph.D, Managing Director Cyber Risk, Aon Netherlands

17:00

End of Course

 

View detailed agenda