This course is for…
Board members including Non-Executive Directors and Executive Managers who need to provide governance and implement strategy for cyber risk, including data protection and resilience.
The course objectives are to provide better:
- Understanding of the business issue and context of cyber risk & resilience;
- Understanding of how to structure cyber risk & resilience strategy, governance, risk management and capability;
- Understanding of cyber risk & resilience governance, risk management paradoxes, decision-making and questions to ask
One day workshop agenda
Part 1 The Business Issue “What is going on here?” Addressing the core strategy question of not just deciding what to do, but the more fundamental issue of comprehending the situation; and why resilience is an imperative. This will include hard trends (will happen) of opportunities and dangers and the associated paradoxes, VUCA (volatile, uncertain, complex and ambiguous) regulatory, legal and geo-political environment in the UK, USA and internationally.
Part 2 The Value of Information A short exercise to consider the value of information for business, therefore what needs to be enabled and protected by resilience.
Part 3 “Making it Real” A simple scenario exercise, to consider a technology based business investment for a new business service, to consider the risk and return on
investment, before stepping through a a simple breach of that service and whether that changes delegates understanding of the risk?
Part 4 Strategy and Capability Development An approach based upon UK NCSC Capability Assessment Framework (CAF) and US NIST Cyber Security Framework (CSF),
including the use of scenario testing to understand and manage risk.
Part 5 Next Steps Discussion and a simple set of leading questions for boards to ask of themselves and their organisations.
About your trainer – Richard Preece
- A co-opted core panel member of the British Standard (BS) 31111 Cyber Risk and Resilience Guidance for Boards and Executive Management.
- A chapter author for Managing Cybersecurity Risk – Case studies and Solutions.
- A chapter author for Managing Cybersecurity Risk – How Directors and Corporate Officers can protect their businesses.