Agenda

Agenda

Agenda: Cyber Risk Management, online course

This course will be delivered live remotely via an online platform

Agenda timing is in GMT
----------------------------------------------------
Session one - 2pm GMT / 9am EST
Session two - 3.15pm GMT / 10.15am EST
End - 4.15pm GMT / 11.15am EST
----------------------------------------------------

Day one: Monday, September 21, 2020

14:0015:00

Cyber risk in risk management and governance

14:00 - 15:00

  • How does cyber risk fit into risk management?
  • Is cyber an inherent risk or vector for other risks?
  • Connectivity with conduct risk, RRP, ERM
  • Establishing a leading cyber risk management capability
  • Financial stability board’s lexicon for cyber risk
  • Stricter EBA guidelines
  • How do you develop risk appetite limits for cyber security risk?
Kish Galappatti

Data Privacy Engineering

Privitar

Kish’s background is in distributed and high-performance computing in the financial services industry. He was then instrumental in the development of a pioneering cyber risk ratings and data and analytics platform for the cyber security market. Kish is currently focused on the cyber risk and data privacy space with specific focus on the financial services and healthcare verticals.

15:0015:15

Break

15:00 - 15:15

15:1516:15

Integrating cyber risk and IT

15:15 - 16:15

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
  • How to identify the latest threats and vulnerabilities
  • Working with technologists
  • Accommodating new technologies into your cyber risk strategy
  • Integrating IT risk as part of the GRC strategy
  • How do IT risks fit in the context of the business?
  • Data aggregation and intelligence gathering tools to address cyber security risks

16:1516:16

End of Day 1

16:15 - 16:16

Day two: Tuesday, September 22, 2020

14:0015:00

Relationship between cyber risk and human behaviour

14:00 - 15:00

  • Effectiveness of cyber security capabilities (people, process, technology)
  • Why the majority of data breaches are a result of human behaviour
  • How to invest in people controls to deliver the best ROI and most effective risk mitigation
  • Exploring people controls – UBA, human sensors, human risk profiling
  • Practical steps / techniques for affecting behavioural change and building a risk aware cyber security culture

15:0015:15

Break

15:00 - 15:15

15:1516:15

Cybercrime – lessons to be learned

15:15 - 16:15

  • AML and KYC
  • Creating a compliant culture
  • Notable attacks – case studies
  • The role technology plays
  • Areas for overlap and significant differences

16:1516:15

End of Day 2

16:15 - 16:16

Day three: Wednesday, September23, 2020

14:0015:00

Common gaps in cyber security programs that facilitate cyber attacks

14:00 - 15:00

  • Why do the criminals keep winning?
  • Poor internal coordination and shared responsibility
  • Incomplete enterprise security programs
  • Lack of asset inventories
  • Belief that the bad guy is always outside
  • Lack of effective controls and system monitoring to keep pace with threat environment
  • Stagnant security awareness training
Jody Westby

CEO

Global Cyber Risk LLC

Under Ms. Westby’s leadership, Global Cyber Risk LLC has developed an international reputation as a boutique firm that provides first-tier advisory and technical services to corporations and non-profit organizations, focusing on cyber risk assessments, incident response planning, cyber governance, and digital inventories and data mapping. She also serves as Adjunct Professor at Georgia Institute of Technology’s School of Computer Science. Ms. Westby chairs the American Bar Association’s Privacy & Computer Crime Committee, is co-chair of the ABA’s Cybercrime Committee, and is serving her fourth term on the ABA President’s Cybersecurity Legal Task Force. Ms. Westby speaks globally and is the author of several books and articles on cybersecurity, privacy, and cyber risk management. She is a professional blogger for Forbes and authors a regular column on cybersecurity issues for Leader’s Edge magazine. She graduated magna cum laude from Georgetown University Law School and is a member of the Order of the Coif, American Bar Foundation, and Cosmos Club.

15:0015:15

Break

15:00 - 15:15

15:1516:15

How to create cyber governance in your organization

15:15 - 16:15

  • Information security governance best practices and standards
  • D&O lawsuits following major cyber events
  • How to present to your C-Suite and board and get invited back
  • How to involve them in incident response
Jody Westby

CEO

Global Cyber Risk LLC

Under Ms. Westby’s leadership, Global Cyber Risk LLC has developed an international reputation as a boutique firm that provides first-tier advisory and technical services to corporations and non-profit organizations, focusing on cyber risk assessments, incident response planning, cyber governance, and digital inventories and data mapping. She also serves as Adjunct Professor at Georgia Institute of Technology’s School of Computer Science. Ms. Westby chairs the American Bar Association’s Privacy & Computer Crime Committee, is co-chair of the ABA’s Cybercrime Committee, and is serving her fourth term on the ABA President’s Cybersecurity Legal Task Force. Ms. Westby speaks globally and is the author of several books and articles on cybersecurity, privacy, and cyber risk management. She is a professional blogger for Forbes and authors a regular column on cybersecurity issues for Leader’s Edge magazine. She graduated magna cum laude from Georgetown University Law School and is a member of the Order of the Coif, American Bar Foundation, and Cosmos Club.

16:1516:15

End of Day 3

16:15 - 16:16

Day four: Thursday, September 24, 2020

14:0015:00

Creating an effective and sustainable cyber risk programme

14:00 - 15:00

  • Best place to start
  • Instilling security of culture and building cyber into core management processes
  • Creating a system that maintains daily usability 
  • Dealing with the increasing price of cyber security 
  • Potential for automation
Ben Goodman

Founder and CEO

4A Security & Compliance

Ben Goodman is the founder and CEO of 4A Security & Compliance, (4A) a firm that helps strengthen clients’ information security while managing cyber risk and meeting their compliance requirements. With over 25 years of experience in information technology, technology strategy and risk management, he is dedicated to strengthening the cyber defenses and resiliency of organizations, institutions and critical infrastructure around the world. He is the recipient of ISACA’s CRISC, Worldwide Achievement Award and his paper "The Cyber Risk Ecosystem" won the Best Paper Award for Practical Risk Management Applications in the joint Casualty Actuarial Society/Canadian Institute of Actuaries/Society of Actuaries, Risk Management Section.

15:0015:15

Break

15:00 - 15:15

15:1516:15

Third party vendor risk management

15:15 - 16:15

  • Overview of vendor partnerships and associated risks
  • Selecting a vendor partner
  • Designing business process interface with the vendor
  • Assimilating vendor's risk management procedures
  • Benefits of joint incident response exercises
  • Maintenance and the continual management of the risk profile
  • Vendor sub-contracting (fourth party risk)
  • Accommodating disruptive technologies into your cyber risk strategy
Ben Goodman

Founder and CEO

4A Security & Compliance

Ben Goodman is the founder and CEO of 4A Security & Compliance, (4A) a firm that helps strengthen clients’ information security while managing cyber risk and meeting their compliance requirements. With over 25 years of experience in information technology, technology strategy and risk management, he is dedicated to strengthening the cyber defenses and resiliency of organizations, institutions and critical infrastructure around the world. He is the recipient of ISACA’s CRISC, Worldwide Achievement Award and his paper "The Cyber Risk Ecosystem" won the Best Paper Award for Practical Risk Management Applications in the joint Casualty Actuarial Society/Canadian Institute of Actuaries/Society of Actuaries, Risk Management Section.

16:1516:15

End of course

16:15 - 16:16