Latest reports show that over two thirds of business leaders in the FTSE 350 say they haven’t received any training to deal with a cyber incident, while only 6 percent describe their business as “completely prepared” to meet the requirements of GDPR.
This could mean a real headache for your company should your data be exposed to a cyberattack, which is why EveryCloud has curated a series of workshops to ensure that you and your team are prepared for any eventuality.
EveryCloud Security has teamed up with cyber security expert, Phil Cracknell FBCS, CISSP, MIRM to deliver a series of practical workshops and training sessions to help plan for and respond to a cyber security incident as well as a series of practical workshops on how to manage both internal and external cyber security risks.
In this series of 3 interactive one day workshops, we will show you how to plan and manage your response to a cyber security incident, explore all of the elements that should make up your response to an incident including developing your own response and action plan as well discussing real life practical examples and policies that can be implemented in your organisation.
These sessions can be tailored for your individual business needs, and are aimed at Technology and Risk Leaders, CIOs, CEOs and board members with a responsibility for data security and compliance with forthcoming GDPR regulations.
Due to popular demand we will also be holding a series of public workshops for each of the courses throughout January, February and March. Please email firstname.lastname@example.org to find out more about course availability.
Cyber Breach Response Workshop – ECS-CBR01
In this full-day and highly interactive workshop you will explore all of the elements that should make up your response to a cyber breach – triage, mobilising the response team, investigating the cause, containing the damage and – most importantly – communicating internally and externally.
You will learn how to prepare for these different stages and how, with the right planning, a cyber breach can turn from being a disaster to an opportunity for stronger customer engagement.
You will discover how to create realistic breach scenarios and rehearse the decisions you will need to make in order to respond to a breach. And once you have created your draft plan you will practise using it in a dry-run cyber breach simulation.
Key sections of this workshop are:
- Preparation and vital considerations prior to defining your plan
- Readiness assessment
- Risk management overview
- Scenario planning/playbook
- The incident response team (IRT) – roles & responsibilities
- Breach response workflow
- Building a plan
- Simulation of a scenario
- Determine the effectiveness of awareness education provided to your users
- Enhance cyber awareness, readiness, and coordination
- Understand roles and responsibilities of staff within your organisation
- Incident Management
- Assess the effectiveness of your organisation’s incident reporting & analysis documentation & processes
- Assess the ability of your users to detect and properly react to events/incidents
- Assess your organisation’s capability to accurately determine operational impacts of cyber-attacks and implement proper recovery procedures
- Understand the implications of losing trust in IT systems and capture work-arounds for as much losses
- Expose and correct weaknesses in cyber security systems
- Expose and correct weaknesses in cyber operations policies and procedures
- Determine what enhancements or capabilities are needed to protect an information system
- Develop contingency plans for surviving the loss of some or all IT systems
- Develop a comprehensive scenario playbook of the most significant threats to your business
Managing Internal Cyber Security Risks – ECS-MICSR01
In this full-day and highly interactive workshop you will gain a practical understanding of how internal threats can impact on your organisation, and what you can do about them.
At the end of the course you will be able to create a Cyber Security Awareness Plan and will be provided with templates that can be tailored for your own use.
Internal threats are the threats caused by employees, especially but not only employees with access to your IT systems, and anyone else connected to your organisation who has access to your IT systems.
Internal cyber threats – the way that the people you work with can represent a cyber risk to your organisation
- Who are the people who put you at risk
- How they behave in unsafe ways
- Why they behave in unsafe ways
- What sorts of things can go wrong
- What you can do to reduce the likelihood and impact of these risks
- People and cyber security – Technology, people & risk
- Writing policies – Why do you need one? What they should contain & How to enforce them?
- Training – Is not the same as awareness
- Usable systems – Trade-off between convenience and security
- Persuasion and motivation
- Managing culture part 1 – Measuring cyber security culture
- Managing culture part 2 – Importance of leadership
- Planning an awareness campaign
Managing External Cyber Threats – ECS-MICSR01
In this full-day and highly interactive workshop you will gain a practical understanding of how external threats can impact on your organisation, and what you can do about them in terms of the:
- technology you use,
- processes you can put in place, and
- management of your colleagues.
External Cyber Security Threats are:
- A strategic threat – to competitive positioning
- A compliance risk – through the leaking of personal data
- A reputational threat – to brands, corporate brand and reputation of Directors
- A financial risk – through the stealing of money and through loss consequent on
breaches such as fines and legal suits
- An operational risk – to efficient working, employee morale, the functioning of equipment
- External threats olverview – It’s a global problem
- The link between internal and external threats
- How hackers work and some of the techniques involved
- Auditing your organisation – A 4-step audit process
- Defending against hackers – A variety of defences
- Testing the defences – Physical & IT
- Beyond the internet – IoT & shadow IT
EU GDPR Practitioner Course – In partnership with OSP Cyber Academy
This course will build upon the Awareness course and provide a more detailed insight and understanding of data protection and the GDPR, including aspects of the new British Data Protection Bill.
It will be linked to several IISP skills groups, notably the Legislative Environment, Governance, Risk Management, Capability (people, process and technology) and the practical aspects of preparation and ongoing compliance.
The course will include self-study and provide a number of practical and hands-on scenarios to apply knowledge and skills to. There will also be a formal examination to achieve the certification and to support other professional accreditations and CPD.
Who Should Attend
This course is aimed at Data Protection Officers (DPOs) and those requiring a more detailed knowledge to support organisational change and ongoing compliance. It will develop knowledge and skills required, by focusing upon experiential learning through the use of interactive scenarios that a DPO is likely to encounter.
PDF of slides and practitioner guidance notes (over 80 pages) forms the basis of self-study of evening work along with scenario exercise and group work.
Mapped to Institute of Information Security Professionals (IISP) subject modules at Practitioner level only. Level 1: F2 Incident Management, Incident Investigation and Response / Level 2: A1 – Governance; A3 – Information Security Strategy; A5 – Innovation and Business Improvement; A6 – Legal & Regulatory Environment and Compliance; B2 – Risk Assessment; B3 – Information Risk Management.
The GDPR Data Protection Practitioner Course will be covered over 4 days. Click here or call to find out available course dates and locations.
EU GDPR Data Protection Awareness Course – In partnership with OSP Cyber Academy
This course will provide an introduction, awareness and overview of data protection and GDPR, including aspects of the new British Data Protection Bill which will incorporate GDPR into British Law.
It will be linked to several IISP skills groups, notably Legislative Environment, Governance, Risk Management and the practical aspects of preparation and ongoing compliance.
The course does not have any training, professional or academic prerequisites and does not include any self-study. However, it will include some practical application aspects and a short assessment of learning achieved. The course will provide evidence that may support professional accreditations and continuous professional development (CPD).
Who Should Attend
This course is aimed at those who must execute governance (boards and executive management); provide risk management and functional advice to boards, executive and senior managers. Plus, those who wish to enhance their knowledge of data protection and GDPR as part of continuous professional development (CPD) or for a potential career move.
PDF of slides and short aide-memoire.
Mapped to Institute of Information Security Professionals (IISP) subject modules at Awareness level. Level 1: A1 – Governance; A6 – Legal & Regulatory Environment and Compliance; B2 – Risk Assessment; B3 – Information Risk Management.
The GDPR Data Protection Awareness Course will be covered throughout the course of 1 day. Click here or call to find out available course dates and locations.