ISO in the Sun: Managing Cyber Security Risk and Resilience

This five day course provides an overview to cyber security strategies based on a wide range of available best practice approaches, applicable in the context of supporting organisations in setting up cyber security resilience capabilities.

Overview

The five day course builds on knowledge of information security management practices to equip participants with the know-how to manage cyber security risk and resilience to meet compliance objectives in organisations of any size.

Information security risk management and a resilient approach to cyber security focus the organization on managing risk to critical assets by optimizing both protection and continuity strategies. Although a daunting challenge, improving an organization's capabilities does not always require significant additional financial investment.

The course consists of a mix of presentation, discussion and drawing on real live case studies.

Outline

Part One: Cyber Security Risk

• The current landscape of cyber security standards, best practice and guidance documents
  • NCSC (UK) 10 Steps to Cyber Security and Cyber Essentials
  • CIS Top 20 Critical Controls for effective Cyber Defence
  • NIST Cyber Security Framework
  • TCCYBER
  • HITRUST CSF
  • Standards of Good Practice for Information Security
  • The IT Capability Maturity Framework
  • Payment Card Industry Standard (PCI – DSS)
  • The Cyber Risk Framework of the World Economic Forum, and the European Union Agency for Network and Information Security (ENISA)
• Information security risk management as the core competence of cyber security management
• Key requirements (outcomes) of an effective cyber security risk management strategy
• The role and the importance of people, processes and technology in cyber security
• Using Cyber security and IT governance best practice frameworks such as COBIT 5

Part Two: Cyber Resilience

• Essentials of Cyber Resilience (The Cyber Resilience Lifecycle)
• Essentials of building a Cyber-Resilient Organisation
• How ISO22301 is essential to achieving cyber resilience in the event of a cyber security attack

Objectives

Completion of this course will enable students to

• Provide advice and guidance on cyber security and resilience issues to help protect an organisation against cyber security threats
• Explain the relationship of cyber security and resilience to other forms of security, and draw together these domains for the organisation's maximum benefit
• Define stakeholders and provide a description of their roles with regards to cyber security
• Understand the framework for resolving cyber security issues through collaboration

Audience

This course is aimed at students with (future) roles like

• Project managers, consultants and team members implementing cyber security resilience measures
• (Security) Risk managers
• CxO and senior managers
• Auditors requiring more cyber security insight

Prerequisites

General understanding of common business processes.

Some past exposure to cyber, information or IT security helpful, but not required.

Examination and Certification

The course ends with a three hour written essay-style exam in English on the last day.

This course has been designed by SoftQualM and partners, who also mark the exam and issue the Cyber Security Professional certification in accordance with ISO/IEC 17024:2012.

Exam and first year certification fees are included in the course fees.