CYBER RISK, RESILIENCE, AND SECURITY
t
The Life and Times of Cybersecurity Professionals 2017 Enterprise Strategy Group (ESG) & Information Systems Security Association (ISSA) Research Report.
CYBER RISK FINDINGS
Report based on a survey of 343 Cybersecurity professionals and ISSA members (85% respondents resident in North America; 7% resident in Europe; 3% resident in Central/South America; 3% resident in Asia; 1% resident in Africa).
"Cyber attacks cost British industry 34 BILLION A YEAR"
• 39% of firms say that increasing Cybersecurity protection is one of their highest business initiatives driving Information Technology (IT) spending in 2017. • 62%% Cybersecurity surveyed not their was an level training them keep with business and IT risks, a gap which should be concerning to business, IT, and Cybersecurity executives. • 32% of firms say that strengthening Cyberscurity tools and processes is one of their most important IT initiatives in 2017. CROWD RESEARCH PARTNERS INSIDER THREAT 2018 REPORT FINDINGS • 53% confirmed attacks their in previous 12 months. • 50% of firms are focused on developing an insider threat programme. • 27% of firms confirmed insider attacks have become more frequent. NATIONAL CYBERSECURITY CENTRE • Since 201the has to than incidents, 470 Category Three Incidents and 30 Category Two Incidents. • A Category One Incident, the most serious possible, will happen “sometime in the next few years”, a director of the NCC has warned.
1
2
ABOUT THE TRAINING COURSE
n This beginner to intermediate one day ‘Cyber Risk, Resilience, and Security’ training course has been specifically designed to provide attendees with highly effective and comprehensive training in a broad range of areas covering Cyber Risk, Cyber Securities Strategies and Cyber Security Risk Management approaches. The training course is directed specifically at those professionals that need to obtain a better and more comprehensive grasp on the key elements of Cyber Risk frameworks, as well as obtaining insights on the latest Cyber Security Trends. At the end of the training course attendees will have a highly thorough understanding of how Cyber Risk can affect firms, as well as how to build and effective Cyber Security Architecture and implement effective Cyber Security Strategy. In light of the highly significant financial impact of Cyber Attacks on firms today, it is vital that firms equip themselves with a better and current understanding of Cyber Security frameworks, in order to implement effective and proportional Cyber Risk Architectures. It is essential for firms to invest in protecting themselves from a broad range of future Cyber Threats and Attacks.
3
4
PROGRAMME MODULE 3: Cyber Security Strategies and Risk Management
MODULE 1: An Overview of Cyber Security · Cyber Security Definitions; Cyber Security Trends; Cyber Incidents, Attacks (Attacks on Confidentiality; Attacks on Integrity; Attacks on Availability; Script Kiddies; Hackers; Advanced Persistent Threats); Damage, and Unauthorised Access. · Challenges of Cyber Security (Traditional Perimeter-Based Model v. Real Time Continuous Assessments) and Cyber Attack Sophistication (Socially Engineered Malware; Data-Encrypting Ransomware; Password Phishing Attacks; Unpatched Software; Social Media Threats). · Managing Cyber Security Operational Frameworks (Network Security; Cloud Security; Application Security), Data Loss Prevention (DLP), Intrusion Detection and Prevention Solutions (IDPS), log management; Security Information and Event Management (SIEM) platforms.
· Developing a Common Language (NIST Cybersecurity Frame work); Two Factor Authentication (2FA) (App-Generated Codes; Physical Security Keys; Weaknesses in SMS-based Methods); Smartcards; Biometrics; Domain-based Message Authentication, Reporting and Conformance (DMARC). · Common Vulnerabilities and Exposures (CVE) and CVE Identifiers, Cyber Security Skills Shortage (Security Investigations/Analysis, Application Security; Cloud Security). · Firm Operational Governance of Cyber Security Risk, Cyber Risk Management Services (A New Security and Risk Mindset – Continuous Adaptive Risk Assessment (CARTA).
MODULE 4: Cyber Security Algorithms and Solutions
MODULE 2: How to Build Effective Cyber Security Architecture and Strategy
· The Theory of Cyber Security Algorithms, Symmetric-Key Block Ciphers, Cryptographic Hash Functions, Honey Encryption, Quantum Key Distribution. · A Review of Cyber Security Algorithms (Advanced Encryption Standard (AES); Twofish; Blowfish (cipher); Rivest-shamir-adleman (RSA) Algorithm; Triple des (3des); Hash Based Message Authentication Code (HMAC); the MD5 Algorithm (Md5); Secure Hash Algorithm (SHA)). · A Review of Cyber Security Solutions (AXELOS; Cyber Ark Software; Amazon Web Services; FireEye; Check Point Software).
· Cyber Security Architecture; Top-Down Approach to Cyber Risk Assessment (Identification of a Firm’s Key Information Assets; Identification of the Threats and Risks facing KIAs; Outlining the damage a Firm would incur if data is lost or wrongfully exposed); Bottom-Up Approach to Cyber Risk Assessment (Device-Level; Nodes). · Analysing Cyber Security Threats (US Office of Personnel Management, 2015; Bangladesh Central Bank 2016; NHS Cyber Attack, 2017; Equifax Cyber Attack, 2017; Bithumb $31 Million Crypto Exchange Attack) and Costs. · Cyber Security Trends and Capabilities and General Data Protection Regulation (GDPR) Requirements and Regulatory Fines.
5
6
TRAINING COURSE EXPERT TRAINER Key Benefits
Rodrigo Zepeda is Co-Founder and Managing Director of Storm-7 Consulting. He is an expert consultant who specialises in derivatives and banking and financial services law, regulation, and compliance. He is an expert in a very broad range of regulatory compliance frameworks such as FATCA, the OECD CRS, MiFID II, MAD 2 MAR, PSD2, CRD IV, Solvency II, OTC Derivatives, CCP Clearing, PRIIPs, BRRD, AML4, and the GDPR. He holds a LLB degree, a LLM Masters degree in International and Comparative Business Law, and has passed the New York Bar Examination.
· Attendees will be able to comprehensively understand the broad range of Cyber Risks and Cyber Threats that may affect firms today.
He was an Associate (ACSI) of the Chartered Institute for Securities & Investment from 2004 to 2014 and is now a Chartered Member (MCSI). He has created and delivered numerous conferences and training courses around the world such as ‘FATCA for Latin American Firms’ (Santo Domingo, Dominican Republic, Panama City, Panama), ‘MiFID II: Regulatory, Risk, and Compliance (London, United Kingdom (UK)), ‘Market Abuse: Operational Compliance’ (London, UK), and AEOI (FATCA & CRS) Compliance and Technology (Manama, Bahrain). He has also delivered numerous in-house training Courses around the world to major international financial institutions such as The Abu Dhabi Investment Authority (MiFID II: Operational Compliance, Abu Dhabi, the United Arab Emirates), the United Nations Principles of Responsible Investment (MiFID II: Final Review, London, UK), CAF, the Development Bank of Latin America (Swaps and Over-the-counter Derivatives, Lima, Peru), and Rothschild Investment Management (UK) Limited (AEOI (FATCA & CRS) Operational Compliance, London).
· Attendees will learn how to effectively control and manage Cyber Risk services. · Attendees will be effectively guided through a range of Cyber Security strategies. · Attendees will receive a highly comprehensive training course manual, training course materials manual, and four PowerPoint presentations.
He is a Reviewer for the Journal of Financial Regulation and Compliance and has also published widely in leading industry journals such as the Capco Institute’s Journal of Financial Transformation, the Journal of International Banking Law and Regulation, as well as e-books on derivatives law. Noted publications include “Optimizing Risk Allocation for CCPs under the European Market Infrastructure Regulation”; “The ISDA Master Agreement 2012: A Missed Opportunity”; “The ISDA Master Agreement: The Derivatives Risk Management Tool of the 21st Century?”; “To EU, or not to EU: that is the AIFMD question”; and “The Industrialization Blueprint: Re-Engineering the Future of Banking and Financial Services?”.
V 7
8
Storm-7 Consulting is an international consulting company that provides premier intelligence, insight and support to global financial institutions. We provide cutting-edge conferences, events, public training courses, and in-house training courses to leading firms globally. We provide expert regulatory compliance training covering areas such as GDPR, MiFID II, AEOI (FATCA & CRS), MAD 2 MAR (Market Abuse), CRD IV, PRIIPs, Solvency II, PSD 2, CCP Clearing, AML/CFT, Stress Testing, and the Senior Managers and Certification Regime. We provide unique and highly innovative marketing services to firms operating in the banking, financial services, Regulatory Technology (RegTech), and Financial Technology (FinTech) sectors.
ABOUT US
We have received enquiries and bookings from leading firms around the world, such as the Abu Dhabi Investment Authority, Rothschild Investment Management (UK) Limited, Dubai Financial Market, CAF the Development Bank of Latin America, the Central Bank of Ireland, the Central Bank of Russia, APG Asset Management, Royal London Asset Management, Brandes Investment Partners, Eversheds, Erste Group, Millenium Information Technologies, Deutsche Bank, Bethmann Bank AG, ICBC Standard Bank, Gulf International Bank, Raiffeisen Bank International AG, and BGC Partners. We have collaborated with firms around the world, such as the United Kingdom Financial Conduct Authority, Thomson Reuters, Sopra Steria, Sungard, Capco, OTC Partners New York, IHS Markit, Eze Castle Integration, ICMA Centre, Sybenetix, Heriot Watt University, JP Morgan Asset Management, Custom House Global Fund Services, Cass Business School, Rixtrema, Solum Financial, D2 Legal Technology, Eurekahedge, Financial IT, HedgeConnection, Alpha Journal, ATMonitor, HF Alert, and CrowdReviews.
9
10
For Bookings and Enquiries: Email: Telephone: Online:
client.services@storm-7.com UK +44(0)20 7846 0076 www.storm-7.com
t
Level 24/25 The Shard, 32 London Bridge Road, London SE1 9SG Š Copyright 2019 | Storm-7 Consulting | All Rights Reserved