Managing Technology Security & Cyber Risk
With the ever-increasing number of cyber threats and the sophistication of the attacks, businesses and their IT teams are struggling to keep up to protect their intellectual property, financial information and customer data. If firms do not act, it is a matter of when they are going to be hacked and not, if they are going to be hacked.
During this 2-day immersive course, our SME will discuss how firms can create highly efficient and robust IT infrastructure that can protect itself from cyber-attacks against your business. With the increasing number of cyber-attacks, businesses face many security threats and daily challenges in keeping their information and IT safe, this course is designed to discuss the regulatory requirements and how firms can design and build a smarter, intelligent and cost effective infrastructure.
All firms should ask themselves,
- "Do I regularly assess my business’ IT risks and vulnerabilities?"
- "Have I done enough to protect my business from hackers?"
- "Do I know if my systems are secure?"
Suitability - Who should attend?
- Head of IT
- Chief Risk Officer
- Chief Executive Officer
- Chief Information Officer
- Senior Information Risk Managers
- Heads of Information Security
- Heads of IT Security
- Heads of Cyber Security
- Heads of Treat Intelligence
- Heads of Information Vulnerability
- Chief Privacy Officer
Training Course Content
Penetration testing also known as pen testing is a security practice that simulates an attack by a real cybercriminal to bypass the security controls of computer systems, networks or applications. It helps to discover different types of vulnerabilities and risks to the business that can measure an organisations resistance to an attack.
- We will discuss the following areas of testing and apply them in practice
- Black box testing
- White box testing
- Grey box testing
Vulnerability scanning is a process that defines, identifies and classifies a wide range of vulnerabilities in an environment. This can be a combination of both manual and automated processes conducted by a technical engineer with an information security background. Vulnerability scanning can be used as the first step to improving the security posture of an organisation.
- We will also discuss and apply SSL and Cipher Suite Testing
Post penetrating testing and remediation
In order to eliminate the threats highlighted in the penetration report, we will discuss what firms should be doing in terms of remediation and the challenges they face. We will apply a solution framework to a case study and also discuss how this can be implemented.
Web Application Firewall (WAF)
A WAF is a device that acts like a more advanced and intelligent firewall that filters out the malformed data of malicious attacks to your environment, checks for valid input before forwarding on to your environment. Some of these attacks include;
- Distributed Denial of Service DDOS
- SQL Injection
- Cross-Site scripting
- After completing a vulnerability scan or a penetration test, you will receive a report that typically details vulnerabilities and threats discovered on your infrastructure, graded according to severity. These Vulnerability assessments by itself solves nothing, you need to act on its advice by implementing some sort of remediation plan to improve your business security before the cyber criminals get to them
- We will discuss how we can apply your vulnerability assessments
- GDPR Readiness Review. This is the first step to achieving GDPR readiness for your organisation. The review helps board level management to identify how prepared an organisation is, and what they need to prioritise.
- Data Protection Impact Assessments (DPIA’s). Data protection impact assessments is a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. Many organisations will be mandated to conduct a DPIA and they may find it very useful to identify the risks associated to personal data they process and the effectiveness of the existing personal Information Management System (PIMS). An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur. The ICO has promoted the use of DPIA's as an integral part of taking a privacy by design approach. A DPIA can address more than one project.
- A minimum of the below information is contained in a DPIA;
- A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller.
- An assessment of the necessity and proportionality of the processing in relation to the purpose.
- An assessment of the risks to individuals.
- The measures in place to address risk, including security and to demonstrate that you comply.
- ISMS Gap Analysis.
- ISO 27001 Implementation and Audits. Discuss and implement your Information
- Security Management System (ISMS) aligned with ISO 27001 Standard
- IASME + GDPR Information Security Certification and Audits
- IT Infrastructure
- Virtualisation Solutions
- End User Computing
- Server Consolidations & Migrations
- Business Continuity and Disaster Recovery