Executive Series: Introduction to Cybersecurity

Objective

Our single-day cyber security awareness training event is designed specifically for company leadership to help them make more informed decisions and to better manage risk. The sessions strike a balance between providing insightful and useful information without overwhelming the audience with too much technical detail.

Value

The one-day event was developed for managers, senior managers, executives and board members to satisfy governance, risk, regulatory, or compliance requirements for security awareness training, however, anyone at any level of an organization will benefit from the seminar’s eight sessions.

The seminar includes eight topical sessions including foundational information security concepts, security awareness, social engineering, spear-phishing and ransomware, cybercriminal psychology, insider threats, external threat actors, and digital forensics and incident response.

The Executive Introduction to Cybersecurity Seminar was developed to ensure today's global leaders have the right level of cybersecurity knowledge to empower them to make more informed decisions and better manage risk.

SESSION 1: FOUNDATIONAL INFORMATION SECURITY CONCEPTS
•    Current global and local threat landscape including key statistics and the social activist, nation state and criminal threat actors
•    Core information security functions typically found within an organization and the unique personality traits of those working within the domain
•    A discussion on the pros and cons of CISO organizational alignment within information technology or risk management
•    Key information security terms and industry buzzwords
•    Information security risk management from risk identification to likelihood and impact
•    Common industry standards and frameworks (e.g. ISO, NIST, COBIT) for information technology and security management 
•    Asset and data considerations including cloud and bring your own device (BYOD)
•    Identity and access management differences and the role of access control
•    Communication and network security fundamentals such as open systems interconnect (OSI), network security architecture, common technologies (e.g. routers, firewalls, intrusion detection/prevention systems), and subnetting
•    Security engineering, security architecture and its threats, and an introduction to cryptography
•    The (secure) software development life cycles (SSDLC/SDLC), Software Assurance Maturity Model (SAMM), common development methods, DevOps and DevSecOps, testing, and database management systems
•    Security operations including the role of a security operations center (SOC) and managed/monitored security services provider (MSSP), the difference between events, alerts and incidents, incident response versus cyber crisis response, and digital forensics

SESSION 2: SECURITY AWARENESS
•    How the human element plays into security awareness and the unique requirements that must be met for security awareness to be effective
•    Available standards- and industry-based guidance for establishing an effective security awareness program
•    Key characteristics of the Security Awareness Maturity Model
•    Core activities to jump start a security awareness (security marketing) plan

SESSION 3: SOCIAL ENGINEERING
•    Define social engineering the bugs in the human hardware that makes us susceptible to exploit
•    Video reviews and related discussions on the topics of cognitive biases and the power of pretexting
•    Common social engineering threat vectors such as waterholes, phishing and spear-phishing, quid-pro-quo, tailgating, ‘round the corner, and baiting.
•    Common tactics, techniques and procedures used by threat actors including Google dorking, Maltego and Kali Linux

SESSION 4: SPEAR-PHISHING & RANSOMWARE
•    The difference between phishing and spear-phishing
•    A deep dive into the anatomy of a spear-phishing attack
•    Video review discussion on the topic of voice phishing (vishing)
•    The underground marketplace and the anonymity and commerce tools used by these merchants of mayhem
•    What ransomware is and a discussion on recent ransomware attacks
•    What to do if a victim or ransomware and a discussion on the organization’s decision to pay or not pay
•    How to minimize the risk of a ransomware attack

SESSION 5: CYBERCRIMINAL PSYCHOLOGY
•    Cybercrime defined and the role of forensic psychology and offender profiling
•    An exploration of offender profiling, its approaches, and its methods such as the consistency assumption and the homology assumption
•    Understanding criminal decision-making theories such as Rational Choice Theory, General Strain Theory and Routine Activity Theory and the possible relationship to cybercrime
•    The effectiveness of forensic psychology in cybercrime including case studies to better understand (possibly contributing) psychological disorders
•    The role of the Internet, social networking, on-line gaming, and mobile phone dependency in abnormal cyberpsychology
•    The role of national culture on cybercriminal behavior

SESSION 6: INSIDER THREATS
•    How insider threats happen
•    The three personas of compromised insiders: malicious actors, negligent actors, and compromised agents
•    The role of (structured and unstructured) data analytics in identifying and preventing insider threats
•    What to do when you believe an employee is compromised
•    The key features of an effective insider threat program
•    How to build your own insider threat program

SESSION 7: EXTERNAL THREAT ACTORS
•    A series of deep dives on the major global threat actors and the related open source intelligence available to help understand motivations
•    The face of a new external threat actor: cyber Jihadists
•    The complexities of vulnerabilities introduced by the internet-of-things (IoT) and bring-your-own-device (BYOD)
•    Managing the risk to industrial control systems (ICS) and critical infrastructure
•    China’s quantum network and the viability of threat mitigation across the actor landscape
•    An exploration into the possible role the blockchain could play in securing against external threats

SESSION 8: DIGITAL FORENSICS & INCIDENT RESPONSE
•    Security operations including the role of a security operations center (SOC) and managed/monitored security services provider (MSSP)
•    The difference between events, alerts and incidents
•    How incident response differs from cyber crisis response
•    Anatomy of a cyber attack (aka the cyber kill chain)
•    Anatomy of a cyber crisis response
•    Incident categories, priorities and threat vectors
•    Incident digital forensics activities and the chain-of-custody