Cyber Security For Executives

With the cyber security threat landscape constantly evolving, Executives and Directors are increasingly aware that they have a critical role in ensuring the resilience of their organisation at this time of unprecedented risk.

The need for appropriate cyber security frameworks, policies and approaches has never been greater and the lead has to come from the top. Ultimately it is the C-Suite and the Board that is responsible for effective enterprise risk management.

ALC has developed a range of fully-customisable presentations – one hour to one day – designed to give C-Suite executives, management, and even the Board, the information they need to better understand the nature and magnitude of the cyber risks they face, their own role in addressing these risks, and the range of actions available to maximise their organisation’s cyber resilience.
All sessions are conducted by a select group of senior practitioners well versed in presenting to top management. Presentations are available in person or in Live Virtual format.

Outcomes

Presentations are based on the following structure:

• Introduction

• Key topics

  • Defining Cyber Security

  • Threats to Your Assets

  • Physical Security

  • Privacy

  • Cyber Risk Management

  • Cyber Security Strategy

  • Cyber Security Resilience

• Action Plan

• Questions & Answers

• Close

Who Should Attend

This short course has been designed for:

• Business Executives

• Directors

• Senior Managers

• Risk Practitioners

• Chief Risk officers (CROs), CIOs, CISO

• Information Security Managers

• IT Audit and Assurance professionals

• IT Risk Management professionals

Contents

Presentations for Cyber Security for Executives will draw from the topics below. The precise content and the amount of time spent one any topic can be readily adapted according to the audience and to emphasise different areas of concern. Customised content can be added as required.

Threats

• Evolution of the Threat Landscape

• Common Types of Malicious Software (Malware)

• Advanced Persistent Threat (APT)

• Ransomware Types

• Ransomware Marketplace

• Ransomware Payments

• Ransomware Example

• Ransomware Advice

• Passwords

• Passphrases

• Phishing (Social Engineering Attack)

• Phishing – Red Flags

• Vishing (Voice Solicitation)

• Spear Phishing

• Whaling

• Social Media

• Cloud

• Bring Your Own Device (BYOD)

• The Deep Web versus The Dark Web

• Identity Theft and Identity Fraud

• Family Fraud

• ACSC Top 4 and Essential 8

• Patch Management

Physical Security

• Building Security

• Building Access (Cloning Cards)

• Lock Picking

• Tailgating

• Restricted Work Areas

• Clear Desk Policy

• Clear Screen Policy

• Dumpster Diving

• Asset Disposal

• Reporting Security Incidents

Privacy

• Privacy Act Australia & New Zealand

• Office of the Australian Information Commissioner (OAIC)

• Data Breaches

Cyber Risk Management

• Cyber security as a risk to business objectives

• The systemic nature of cyber risks

• Risk distribution and risk aggregation

• Relevant laws, regulations and standards

• Management of cyber risk

• Integrating cyber risk into the organisation’s governance and management processes

• Awareness of gap analysis and the use of a road map to increase the reliability of risk cyber management

• Assessing the quality of cyber risk information via metric

Cyber Security Strategy

• There are many cyber security strategies

• Knowing which strategy to apply is daunting

• Organisations need a starting point

• No single strategy can prevent cyber incidents

• The ACSC baseline – the Essential 8

Cyber Security Resiliences

• Incident management

• Detect

• Respond

• Recover

General Security Awareness

The human factor – what your staff do or don’t do – is the single biggest vulnerability in the cyber world. Each day we are bombarded by increasingly sophisticated threats that play on people’s susceptibilities. Addressing the human factor is now a key part of any cyber resilience strategy. It is much more than having a set of policies and procedures. It’s a mindset