Agenda

Agenda

Agenda: Cyber Risk Management, online course

This course will be delivered live remotely via an online platform

Agenda timing is in GMT
----------------------------------------------------
Session one - 2pm GMT / 9am EST
Session two - 3.15pm GMT / 10.15am EST
End - 4.15pm GMT / 11.15am EST
----------------------------------------------------

Day one: Tuesday, June 2, 2020

14:0015:00

Cyber risk in risk management and governance

14:00 - 15:00

  • How does cyber risk fit into risk management?

  • Is cyber an inherent risk or vector for other risks?

  • Connectivity with conduct risk, RRP, ERM

  • Establishing a leading cyber risk management capability

  • Financial stability board’s lexicon for cyber risk

  • Stricter EBA guidelines 

  • How do you develop risk appetite limits for cyber security risk?

15:0015:15

Break

15:00 - 15:15

15:1516:15

Integrating cyber risk and IT

15:15 - 16:15

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance

  • How to identify the latest threats and vulnerabilities

  • Working with technologists

  • Accommodating new technologies into your cyber risk strategy

  • Integrating IT risk as part of the GRC strategy

  • How do IT risks fit in the context of the business?

  • Data aggregation and intelligence gathering tools to address cyber security risks 

16:1516:16

End of day one

16:15 - 16:16

Day two: Wednesday, June 3, 2020

14:0015:00

Relationship between cyber risk and human behaviour

14:00 - 15:00

  • Effectiveness of cyber security capabilities (people, process, technology)

  • Why the majority of data breaches are a result of human behaviour 

  • How to invest in people controls to deliver the best ROI and most effective risk mitigation

  • Exploring people controls – UBA, human sensors, human risk profiling 

  • Practical steps / techniques for affecting behavioural change and building a risk aware cyber security culture

Flavius Plesu

Former head of information security, Bank of Ireland

Founder, OutThink

•   Former Head of Information Security, Bank of Ireland
•   Founder, OutThink
•   Security Behaviour Practitioner, Research Institute in Science of Cyber Security (RISCS)

As Head of Information Security of Bank of Ireland, Flavius was responsible for all aspects of information security risk and compliance as well as managing the information security improvement programme. Having successfully built security culture and behavioural change programmes from the ground up Flavius brings an often opinionated and forward thinking view of assessing and managing human risk, but is able to do so with humour and pragmatism (mostly). An international public speaker Flavius contributes to a number of industry forums and events, openly sharing knowledge and best practice. 

Flavius is also the Founder of OutThink and Research Institute in Science of Cyber Security (RISCS) Practitioner. The primary objective of the Institute is to develop novel, innovative social-science and socio-cultural techniques for cyber security.
 

15:0015:15

Break

15:00 - 15:15

15:1516:15

Cybercrime – lessons to be learned

15:15 - 16:15

  • AML and KYC 

  • Creating a compliant culture

  • Notable attacks – case studies

  • The role technology plays 

  • Areas for overlap and significant differences

16:1516:15

End of day two

16:15 - 16:16

Day three: Thursday, June 4, 2020

14:0015:00

Group Activity: Incident management

14:00 - 15:00

  • Group interactive activity based around a cyber incident

  • Industry expert devised examples

  • Great networking opportunity

Jelena Zelenovic Matone

Senior unit head op. risk & CISO

REG & EIB Group Risk Department

Jelena has 15 years of professional experience in information security, governance, audit, risk mitigation, and implementation of best practices for large multilateral private and public sectors with global presence. Her active contributions to public and private sectors in policies, best practices, internal IT security controls, awareness programs, risk analysis and metrics have been recognized for her TA (technical assistance) on numerous occasions by IMF, EBRD, UN, etc. Quoted in the ESM history book of her Institution as one of the technology pioneers  of the ESM, she currently holds a Senior Head of Operational Risk and Cybersecurity Risk position for European Investment Bank

Vuk Sajinovic

Information Security Officer

European Investment Bank

15:0015:15

Break

15:00 - 15:15

15:1516:15

Group Activity: Post incident analysis

15:15 - 16:15

  • Discuss and reflect on the previous session

  • Forensic analysis

  • Learn from other groups

Vuk Sajinovic

Information Security Officer

European Investment Bank

Jelena Zelenovic Matone

Senior unit head op. risk & CISO

REG & EIB Group Risk Department

Jelena has 15 years of professional experience in information security, governance, audit, risk mitigation, and implementation of best practices for large multilateral private and public sectors with global presence. Her active contributions to public and private sectors in policies, best practices, internal IT security controls, awareness programs, risk analysis and metrics have been recognized for her TA (technical assistance) on numerous occasions by IMF, EBRD, UN, etc. Quoted in the ESM history book of her Institution as one of the technology pioneers  of the ESM, she currently holds a Senior Head of Operational Risk and Cybersecurity Risk position for European Investment Bank

16:1516:15

End of day three

16:15 - 16:16

Day four: Friday, June 5, 2020

14:0015:00

Creating an efficient and usable cyber risk programme

14:00 - 15:00

  • Best place to start

  • Instilling security of culture and building cyber into core management processes

  • Creating a system that maintains daily usability 

  • Dealing with the increasing price of cyber security 

  • Potential for automation

Jelena Zelenovic Matone

Senior unit head op. risk & CISO

REG & EIB Group Risk Department

Jelena has 15 years of professional experience in information security, governance, audit, risk mitigation, and implementation of best practices for large multilateral private and public sectors with global presence. Her active contributions to public and private sectors in policies, best practices, internal IT security controls, awareness programs, risk analysis and metrics have been recognized for her TA (technical assistance) on numerous occasions by IMF, EBRD, UN, etc. Quoted in the ESM history book of her Institution as one of the technology pioneers  of the ESM, she currently holds a Senior Head of Operational Risk and Cybersecurity Risk position for European Investment Bank

Vuk Sajinovic

Information Security Officer

European Investment Bank

15:0015:15

Break

15:00 - 15:15

15:1516:15

Third party vendor risk

15:15 - 16:15

  • Overview of vendor partnerships and associated risks

  • Selecting a vendor partner

  • Designing business process interface with the vendor

  • Assimilating vendor's risk management procedures

  • Benefits of joint incident response exercises

  • Maintenance and the continual management of the risk profile

  • Vendor sub-contracting (fourth party risk)

  • Accommodating disruptive technologies into your cyber risk strategy

Jelena Zelenovic Matone

Senior unit head op. risk & CISO

REG & EIB Group Risk Department

Jelena has 15 years of professional experience in information security, governance, audit, risk mitigation, and implementation of best practices for large multilateral private and public sectors with global presence. Her active contributions to public and private sectors in policies, best practices, internal IT security controls, awareness programs, risk analysis and metrics have been recognized for her TA (technical assistance) on numerous occasions by IMF, EBRD, UN, etc. Quoted in the ESM history book of her Institution as one of the technology pioneers  of the ESM, she currently holds a Senior Head of Operational Risk and Cybersecurity Risk position for European Investment Bank

Vuk Sajinovic

Information Security Officer

European Investment Bank

16:1516:15

End of course

16:15 - 16:16