Cyber Security and the Board

Introduction

Across the UK and globally, the majority of organisations have become increasingly reliant on digital technology to function.  Good cyber security protects that ability to function.  Cyber security is therefore central to an organisation's health and resilience, and this makes it the responsibility of the Board.

As illustrated by several recent, high profile incidents, cyber-attacks can have serious consequences for any organisation irrespective of size or sector.  In addition to the significant disruption caused to business operations and the financial (and human resource) cost of dealing with the breach, there is also the risk of long term damage to the organisation’s reputation.

It is therefore essential that organisations - and Board Members especially – have a good handle on cyber security.

 

Course content

The course is spread over two half days and covers the following:

What is cyber security?

Definition

Dispelling the myths

Common types of cyber-attacks (with real examples)

Group exercise:  Getting the basics right

Preventing an incident

Understanding what is mission critical

Controls to counteract and prevent a threat from materialising (including Ten Steps to Cyber Security)

Building up expertise and awareness within your organisation

Engaging with suppliers

Emerging threats – real time intelligence

Exercise:  What questions should a Board (Member) ask to get assurance that the organisation has taken all necessary steps to prevent an incident?

Cyber-security and risk management

What does ‘good’ look like?

Implementing effective cyber-security measures to mitigate risk

Responding to an incident

How would you spot a breach?

Incident Response Plan

Testing your plans and preparedness

Going through the playbooks

Learning, awareness and testing

Promoting a positive culture

Learning lessons from an incident

Sources of intelligence on threats

Training, induction and awareness

Testing if the message(s) has got through

 

Approach to delivery of the training

The training is interactive with some PowerPoint Presentation supported by real life examples of good and bad practice, scenarios for attendees to consider in groups, group discussions on the questions that Board Members (and senior executives) should be asking and opportunities for questions at the end of each session.  The trainers will focus on making the learning practical so that participants can apply the learning back in their own organisations.

 

Who is this training for?

This training is not for cyber security experts but for those who want to gain an understanding of the risks posed by cyber-attacks and the role of the Board in ensuring that the organisation has the controls in place to counteract and prevent the threat from materialising. 

The training is primarily aimed at Board Members (including the Chair) but it is also highly relevant to senior managers in the organisation.