This course is taught in English.
What are the cyber risks that can/will more than likely affect your organization? Are you prepared for ransomware or CEO fraud? Do you have the right knowledge at your fingertips to deal with cyber incidents? In other words, are you resilient to cyber attacks?
This training was built on the basis of the handbook “Principles for Board Governance of Cyber Risk” published by the World Economic forum. The principles in this guidebook were translated into a training session that enables an organization to learn about the key cyber security requirements that an organization must meet. We translated the principles into 5 modules (see Figure 1).
Each module includes a number of learning objectives for directors and/or managers. These are summarised below:
Module 1 – the basics: This module ensures that directors and managers gain an understanding of the cyber security domain. We identify and explain the basic concepts. A knowledge test will follow to complete this module.
Module 2 – Governance: This module, which is mainly intended for directors (to be followed preferably together with management), addresses the topic of cyber resilience. Together, we determine the organization’s risk profile and how to monitor that profile in practice.
Module 3 – Management: This module concerns setting up a cyber security management structure. We cover a risk management system, but also zoom in on management organization and monitoring. The module is aimed at managers of the organization.
Module 4 – Response: During this module, we simulate a cyber incident and examine how managers and directors respond to it (together or separately). This half-day game will end with lessons learned and possible action plans for improvement.
Module 5 – Effectiveness: During this module, we introduce a fictitious innovative project and look at it from a cybersecurity perspective. How will the organization approach innovation and how will it manage any deviation in terms of risk management? This simulation (where the moderator/trainer observes) is intended for both the manager and the executive. We measure and assess the organization’s effectiveness and efficiency. Finally, we suggest next steps to further improve maturity in terms of cyber security.
Training pitch
Cyber risks are among the most important risks that organizations face. The ever-growing digital footprint of companies creates an increasing demand for resilience to cyber attacks.
Directors and management need a stronger foundation to effectively manage cyber risks. The “tone at the top” is crucial to successfully confront these threats. However, it is not at all obvious to effectively put this principle into practice.
In recent years, publications on how boards and management committees ought to deal with cybersecurity have been produced around the world. Although these tools provide good guidelines for both managers and directors, it remains difficult to actually understand and apply them in practice.
Building on existing and internationally recognized guidelines and principles, DPI built a training course for establishing and maintaining an organization-wide cybersecurity management framework. The objective of this training is to ensure that both managers and directors:
- possess the basic knowledge to lead a (recurring) discussion on the importance of cyber security for their organization;
- understand the impact of cyber risks so that it can become part of strategic and policy decisions;
- understand the interaction between business objectives, cyber risks and compliance requirements from laws and regulations, including the potential consequences for companies and their executives in failing to comply with legal obligations;
- understand cyber security management models, embed them at strategic and organizational levels, and monitor their effectiveness;
- be able to incorporate cyber security into future plans.
Based on these learning objectives, DPI developed learning paths consisting of materials to gather the necessary knowledge, tools to master specific skills and exercises to put the knowledge and skills into practice.
Why take this course?
As a director/manager, you want to:
- possess the basic knowledge to lead a (recurring) discussion on the importance of cyber security for your organization;
- understand the impact of cyber risks so that it can become part of strategic and policy decisions;
- understand the interaction between business objectives, cyber risks and compliance requirements from laws and regulations, including the potential consequences for companies and their executives in failing to comply with legal obligations;
- understand cyber security management models, embed them at strategic and organizational levels, and monitor their effectiveness;
- be able to incorporate cyber security into future plans.
Target group
Executives, managers and Board members.
Learning goals
- To possess the basic knowledge to lead a (recurring) discussion on the importance of cyber security for your organization;
- To understand the impact of cyber risk so that it can be part of strategic and policy decisions;
- To understand the interaction between business objectives, cyber risks and compliance requirements from laws and regulations, including the potential consequences for companies and their executives for failing to comply with legal obligations;
- To understand cyber security management models, embed them at strategic and organizational levels, and monitor their effectiveness;
- To be able to incorporate cyber security into future plans.
Educational approach of this course
Mixed.
End product
Cyber aware manager/board member.
How to prepare yourself
No specific preparations are required.