About Course
Presenting cyber security to the board can be challenging as often board members do not have a good understanding of cyber security. This masterclass will enable attendees to present at board level and gain support for cyber security initiatives and programs.
Agendas
Session 1 |
Get the Basics RightHow to get investment in basic cyber hygiene. The vast majority of breaches take advantage of these fundamental controls. Directors should be taught to aks questions about policies and controls related to passwords (including multi-factor authentication and privileged access), updates and patches from software vendors, employee education on phishing,and penetration testing and red team exercises. |
Session 2 |
Make sure your Board has a Clear Risk AppetiteCyber risk represents a clear and present danger. A policy with general guidelines is inadequate. An effective policy must have clear definitions for cyber risk exposures and risk tolerance levels. Directors need management to clearly define its cybersecurity strategy, plan, and policy, including quantitative definitions of risk appetite. |
Session 3 |
Delvier an effective risk report with qualitative assessments and quantitative analyticsCyber risk represents a clear and present danger. A policy with general guidelines is inadequate. An effective policy must have clear definitions for cyber risk exposures and risk tolerance levels. Directors need management to clearly define its cybersecurity strategy, plan, and policy, including quantitative definitions of risk appetite. |
Session 4 |
Provide oversight of the cybersecurity program.Management makes business decisions about how much cyber risk the company is willing to accept in pursuit of its strategy and objectives. The role of the board is to provide governance and oversight, including credible challenge on key policies and decisions. To fulfil this critical role, the board should have adequate access to cyber expertise and obtain assurance on their own security and the security of their key vendors. This assurance may include a third-party assessment. |
Session 5 |
Focus on People and CultureCyber preparedness is all about people. Employee behavior could be more important than the cybersecurity policies, processes, and systems combined. Directors should pay more attention to the training, communication, and testing programs, as well as employee and contractor behavior. This will help the board monitor the company’s overall risk culture. |