Security Training

In this full-day and highly interactive workshop you will explore all of the elements that should make up your response to a cyber breach – triage, mobilising the response team, investigating the cause, containing the damage and – most importantly – communicating internally and externally.

You will learn how to prepare for these different stages and how, with the right planning, a cyber breach can turn from being a disaster to an opportunity for stronger customer engagement.

You will discover how to create realistic breach scenarios and rehearse the decisions you will need to make in order to respond to a breach. And once you have created your draft plan you will practise using it in a dry-run cyber breach simulation.

Key sections of this workshop are:

• Preparation and vital considerations prior to defining your plan
• Readiness assessment
• Risk management overview
• Scenario planning/playbook
• The incident response team (IRT) – roles & responsibilities
• Breach response workflow
• Building a plan
• Simulation of a scenario

Course Agenda:

Awareness

• Determine the effectiveness of awareness education provided to your users
• Enhance cyber awareness, readiness, and coordination
• Understand roles and responsibilities of staff within your organisation
• Incident Management
• Assess the effectiveness of your organisation’s incident reporting & analysis documentation & processes
• Assess the ability of your users to detect and properly react to events/incidents

Risk Management

• Assess your organisation’s capability to accurately determine operational impacts of cyber-attacks and implement proper recovery procedures
• Understand the implications of losing trust in IT systems and capture work-arounds for as much losses
• Expose and correct weaknesses in cyber security systems
• Expose and correct weaknesses in cyber operations policies and procedures
• Determine what enhancements or capabilities are needed to protect an information system

Planning

• Develop contingency plans for surviving the loss of some or all IT systems
• Develop a comprehensive scenario playbook of the most significant threats to your business

In this full-day and highly interactive workshop you will gain a practical understanding of how internal threats can impact on your organisation, and what you can do about them.

At the end of the course you will be able to create a Cyber Security Awareness Plan and will be provided with templates that can be tailored for your own use.

Internal threats are the threats caused by employees, especially but not only employees with access to your IT systems, and anyone else connected to your organisation who has access to your IT systems.

Internal cyber threats – the way that the people you work with can represent a cyber risk to your organisation

• Who are the people who put you at risk
• How they behave in unsafe ways
• Why they behave in unsafe ways
• What sorts of things can go wrong
• What you can do to reduce the likelihood and impact of these risks

Course Agenda:

1. People and cyber security – Technology, people & risk
2. Writing policies – Why do you need one? What they should contain & How to enforce them?
3. Training – Is not the same as awareness
4. Usable systems – Trade-off between convenience and security
5. Persuasion and motivation
6. Managing culture part 1 – Measuring cyber security culture
7. Managing culture part 2 – Importance of leadership
8. Planning an awareness campaign

In this full-day and highly interactive workshop you will gain a practical understanding of how external threats can impact on your organisation, and what you can do about them in terms of the:

• technology you use,
• processes you can put in place, and
• management of your colleagues.

External Cyber Security Threats are:

• A strategic threat – to competitive positioning
• A compliance risk – through the leaking of personal data
• A reputational threat – to brands, corporate brand and reputation of Directors
• A financial risk – through the stealing of money and through loss consequent on
  breaches such as fines and legal suits
• An operational risk – to efficient working, employee morale, the functioning of equipment

Course Agenda:

• External threats olverview – It’s a global problem
• The link between internal and external threats
• How hackers work and some of the techniques involved
• Auditing your organisation – A 4-step audit process
• Defending against hackers – A variety of defences
• Testing the defences – Physical & IT
• Beyond the internet – IoT & shadow IT

This course will build upon the Awareness course and provide a more detailed insight and understanding of data protection and the GDPR, including aspects of the new British Data Protection Bill.

It will be linked to several IISP skills groups, notably the Legislative Environment, Governance, Risk Management, Capability (people, process and technology) and the practical aspects of preparation and ongoing compliance.

The course will include self-study and provide a number of practical and hands-on scenarios to apply knowledge and skills to. There will also be a formal examination to achieve the certification and to support other professional accreditations and CPD.

Who Should Attend

This course is aimed at Data Protection Officers (DPOs) and those requiring a more detailed knowledge to support organisational change and ongoing compliance. It will develop knowledge and skills required, by focusing upon experiential learning through the use of interactive scenarios that a DPO is likely to encounter.

Course Materials

PDF of slides and practitioner guidance notes (over 80 pages) forms the basis of self-study of evening work along with scenario exercise and group work.

Accreditation

Mapped to Institute of Information Security Professionals (IISP) subject modules at Practitioner level only. Level 1: F2 Incident Management, Incident Investigation and Response / Level 2: A1 – Governance; A3 – Information Security Strategy; A5 – Innovation and Business Improvement; A6 – Legal & Regulatory Environment and Compliance; B2 – Risk Assessment; B3 – Information Risk Management.

Course Duration:

The GDPR Data Protection Practitioner Course will be covered over 4 days. Click here or call to find out available course dates and locations.

This course will provide an introduction, awareness and overview of data protection and GDPR, including aspects of the new British Data Protection Bill which will incorporate GDPR into British Law.

It will be linked to several IISP skills groups, notably Legislative Environment, Governance, Risk Management and the practical aspects of preparation and ongoing compliance.

The course does not have any training, professional or academic prerequisites and does not include any self-study. However, it will include some practical application aspects and a short assessment of learning achieved. The course will provide evidence that may support professional accreditations and continuous professional development (CPD).

Who Should Attend

This course is aimed at those who must execute governance (boards and executive management); provide risk management and functional advice to boards, executive and senior managers. Plus, those who wish to enhance their knowledge of data protection and GDPR as part of continuous professional development (CPD) or for a potential career move.

Course Materials

PDF of slides and short aide-memoire.

Accreditation

Mapped to Institute of Information Security Professionals (IISP) subject modules at Awareness level. Level 1: A1 – Governance; A6 – Legal & Regulatory Environment and Compliance; B2 – Risk Assessment; B3 – Information Risk Management.

Course Duration:

The GDPR Data Protection Awareness Course will be covered throughout the course of 1 day. Click here or call to find out available course dates and locations.