Course Agenda

Agenda

Day 1 - Wednesday 21th November 

08:30

Registration and refreshments

09:00

Cyber risk in risk management

  • Cybersecurity: 30 years of risky business
  • Governance and the importance of cyber risk assessment
  • Establishing a leading cyber risk management capability
  • Engaging the board – who is responsible for cyber?
  • Case study

Speaker: Nick Frost, Principal Consultant, Information Security Forum Ltd.

10:30

Morning break

11:00

Creating a sound cyber risk programme & preparing for the worst

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
  • Integrating risk & IT
  • Know your weaknesses
  • Implications/expectations for the three lines of defence
  • Instilling security of culture and building cyber into core management processes
  • Organisational challenges and governance structures
  • Crisis management

Speaker: Martin Overton, Founder, Owner & CEO, OMG Cyber Security

12:30

Lunch

13:30

Importance of offensive security in board room

  • Importance of offensive security in board room
  • What is the role of board in cyber risk
  • Tech/IT risks are NOT always the problem
  • Cyber fraud and threat model
  • Why business model / IT design fails
  • Lessons learned
  • Shaping the defense through offensive security

Speaker: Vijay Kumar Velu, Head of Offensive Security Services, BDO UK LLP

14:20

Afternoon break

15:00

Modelling cyber risk and scenario analysis

  • The nature of cyber risk scenarios and implications for firms
  • How to combine external and internal data and other relevant information to calibrate a cyber risk scenario for modelling
  • Modelling more than one cyber scenario including correlations
  • How to incorporate mitigation actions as well as insurance protection into the modelling approach
  • Modelling sensitivities and other assumptions in the Monte Carlo approach

Speaker: Dr. Mustafa Çavuş, Managing Director,.ılı. mc+ Monte Carlo Plus 

16:30

End of day one

Day 2 - Thursday 22nd November

08:30

Refreshments

09:00

Relationship between cyber risk & human behaviour

  • effectiveness of cyber security capabilities (people, process, technology)
  • the fact that 91% of data breaches are down to human behaviour vs. 9% hacking / highly technical attacks
  • the fact that investing in People controls delivers best ROI and most effective risk mitigation
  • exploring People controls – UBA, human sensors, human risk profiling
  • practical steps / techniques for affecting behavioural change and building a risk aware cyber security culture

Speaker: Flavius Plesu, Head of Information Security, Bank of Ireland

10:30

Morning break

11:00

Cyber resilience

  • Current focus and regulatory scope; PRA, BoE, FCA
  • What leads to operational incidents?
  • Incident recovery – “impact tolerance”
  • WAR footing (withstand; absorb; recover)
  • Focusing on business services
  • Responsibility from board and senior management
  • Ensuring consistent communication during disruptions

SpeakerYiannis Pavlosoglou, Head of CISO UK, UBS

12:30

Lunch

13:30

Third party vendor risk 

  • Overview of vendor partnerships and associated risks
  • Selecting a vendor partner
  • Designing the technical and business process interface with the vendor
  • Integrating vendor's risk management procedures and practices
  • Merits of conducting joint incident response exercises
  • Continuous management of the risk profile
  • Risk managing vendor sub-contracting (fourth party risk)

Speaker: Trevor Galloway, ex global head, Credit Suisse/RBS/JP Morgan

15:30

Monitoring future scope & business resilience

  • Regulatory scope; what is likely to change?
  • Vulnerabilities in IoT and vulnerability assessments
  • Pen testing and ethical hacking
  • Adapting infrastructure and systems to new technology
  • Embracing the digital ecosystem 
  • Institutionalizing resilience 
  • Lessons learnt from other industries
  • The changing threat scope 

Speaker: Martin Overton, Founder, Owner & CEO, OMG Cyber Security

17:00

End of Course