Cybersecurity Risk Management Framework

Course Title	: Cybersecurity Risk Management Framework
Course Duration	: 2 Day Face-to-Face Classroom and 2 Day Online Instructor Led Workshop : Online workshop is delivered in two days, two units each day between 10:30 am to 1 pm and 3 pm to 5:30 pm
Course Fee	: Available upon request (Write to us at info@tlcpak.com)
Course Location	: TLC Office, Customer Onsite, and Online
Course Code	: TN227
Deliverables	: Comprehensive Student Guide and Workshop Certificate

This on-site couse can also be conducted for customers in Lahore, and Islamabad

ABOUT THIS WORKSHOP:

The risks that come with cybersecurity can be overwhelming to many organizations. Building a robust cybersecurity program is often complicated to conceptualize for any organization, regardless of size. Yet, the cyber security benefits of baselining to an industry-standard guide are worth the restructuring that might be involved. Frameworks are not a new concept to cybersecurity professionals, and the benefits are immense – nor do they need to be complicated to be effective. In this two-day workshop, we will dive into the benefits of the NIST Cybersecurity Framework (CSF) and why it should be a cornerstone for your cybersecurity solution.

This workshop is designed based on the purpose to provide the insight into the importance of developing Cybersecurity Risk Management Framework mapping ISO 27001, NIST 1.1 CRF and COBIT frameworks followed by understanding the key role of ISO 27032:2012, a guidelines for Cybersecurity.

The training course flow will be a mix of lectures & classroom discussions so that participants can have a detailed understanding of various components of cybersecurity technologies.

After completing this workshop, you will be able to:

Understand Generalize Security Framework – Traditional to Enterprise Security in a View.
Understand basic cybersecurity concepts and learn how to develop a Threat Management strategy covering internal and external threats.
Understand Threat Modeling and learn how to perform a exercise based on Threat Modeling.
Distinguish system and application security threats and vulnerabilities.
Know your risks and the role of Enterprise Risk Management.
Demystifying Storage, Data Classification and subsequent Categories and develop Information Security Lifecycle Management strategy.
ISO/IEC 27032:2012 – Guidelines for Cybersecurity.
Learn how to perform Qualitative Assessments using Simple and DREAD techniques.
Understand how to develop and integrate using ISO 27001, NIST 1.1 and COBIT frameworks.
Know what Risk Management tool will work best for you.

TARGETED AUDIENCE:

CISO, CIO, CTO, IT Directors, VP/IT Directors, IT and Senior IT Managers, Business leaders, CSOC Managers and Threat Hunters, Application Testers, Risk and Compliance, Cybersecurity and Information Security professionals, SOC Teams, Project Managers, Network Security Engineers, Enterprise Architects, and Technical Writers.
This workshop is equally recommended for IT Consultants, Systems Integrator s, Technology Consultants, Sales and Technical Sales resources who want to up-skill their present set of knowledge field of Cybersecurity.
Fresh university graduates who want to embark their career in the field of cybersecurity and information security.

ABOUT THE INSTRUCTOR

Training will be delivered by an experienced trainer with 25+ years of career experience imparting education and training services both locally and internationally and have served international enterprise technology vendors including IBM, Fujitsu, and ICL.

Our instructor holds various industry professional certifications in the space of enterprise servers and storage technologies, Information Security, Enterprise Architecture, Blockchain, ITIL, Cloud, Virtualization, Green IT, and a co-author of 10 IBM Redbooks and have designed and developed 70 plus courses based on storage, information security, cybersecurity, enterprise architecture, Blockchain, Open Banking Framework and digital technologies stacks.

Workshop Summary
In a nutshell, this workshop shall increase the focus on cybersecurity to protect sensitive data and systems. No organization, regardless of size or industry, is immune to cyber-attacks, and just one breach could cause significant financial, reputational or regulatory consequences. However, an effective control environment can reduce the likelihood of a breach, enhance incident detection and response, and accelerate recovery efforts to limit damage.

Moreover, two criteria can help determine the effectiveness of a data security methodology. First, the cost of implementing the system should be a small fraction of the value of the protected data. Second, it should cost a potential hacker more, in terms of money and/or time, to compromise the system than the protected data is worth.

PREREQUISITES:
Participants attending this workshop should be familiar with basic Information Technology (IT) and Security concepts, business challenges and the role of general system wide infrastructure technologies and their applications.

COURSE OUTLINE

Unit 1 – Cybersecurity and Unified Threat Management Principles

A world without cybersecurity.

Cybersecurity and Cyberspace Defined.

Differentiate between Information Security and Cybersecurity.

Multiple layers of protection offered by Cybersecurity.

Defining Strategy and Strategic Planning.

Understand and implement system up-time recovery strategies.

Threats and security challenges faced today.

Why do we need to make cybersecurity a priority?

Types of cybersecurity threats.

Threat Categories – Network, Host, and Application.

Seven Steps to protect your data against Insider Threats.

Changing Attacker Profiles – Resources and Sophistication.

Threat Hunting and Threat Management defined.

Threat hunting – Understand and differentiate between “IoA’s ) and (IoC’s).

Understand Threat Management, security threats and their channels.

Attack Progression Model used by Cyber-criminals.

Attack Vector, Attack Surface, Malicious Actors and Risk Categories.

Understand Threat Modeling and how to perform threat modeling exercise.

Mandatory requirement for having an effective Threat Hunting program.

Describe Threat Hunting Maturity Model.

Understand Unified Threat Management and understand how UTM works?

Unified Threat Management vs. Next-Generation Firewalls – A smart comparison.

How to avoid the catch – Unified Threat Management or Next Generation Firewall?

Advantages & Disadvantages of UTM and Threat Management Strategy.

Exploring UTM Managed Cloud Services – Key Features.

Agent-based Generic InfoSec Threat Management Framework.

Threat Protection Landscape – The bigger picture.

Unit 1 Assessment.

Unit 2 – Understanding the Role of Enterprise Risk Management

Understand difference between Fault Tolerance and Fault Resilience Systems.

Why data protection is important & examining the Cost of a Data Breach.

To address security threats, leaders must avoid common myths.

Understand Incidents, Breaches, Risk & Vulnerability.

Differentiate between incident, breach, risk and vulnerability.

Identify and describe types of risk categories.

Risk Management: Know your risks and the role of Enterprise Risk Management.

Essential practices required to effectively manage risks.

Defense Planning – Risk Analysis and Assessments.

Risk Management Approach, key objectives and benefits.

10 essential practices required to effectively manage risk.

Risk Management Approach and Key Objectives.

About ISO 27001 and Key changes in the ISO 27001 2022 revision.

Updated attribute categories for security controls.

Risk Treatment Plan – An essential part of Risk Assessment Program.

Ten Steps to an Effective Risk Assessment using ISO 27001.

Automating the Enterprise Risk Management Process.

General issues that need attention from Storage Security POV.

Criteria can help determine the effectiveness of a storage security.

Risks that turn your IT landscape into a hacker’s gold mine.

Vulnerability Assessment and vulnerabilities that organizations cannot ignore.

Performing Qualitative Risk Assessment using Simple and DREAD techniques.

Elements of Risks – The Big Picture.

Top 10 recommendations for closing the security gap.

What Risk Management tool will work best for you?

Top Enterprise Risk Management tools.

Unit 2 Assessment.

Unit 3 – Information Security Lifecycle Management Strategy

Generalize Security Framework.

Traditional and Enterprise Security in a View.

Removing the storage silos – The Bigger Challenge.

Why do we build Operational Security Controls & Capabilities?

The Data-driven Enterprise and its Challenges.

Questions that you should ask as a part of Data Collection & Analysis exercise.

Knowing the types of Data Sources in your Data Center.

Five ways to Optimize Data Strategy.

14 important tasks about Data Storage Management.

Understand Life Cycle Management and Information Security?

The Information Security Lifecycle Management Program.

The Information Security Management Lifecycle and Strategy.

Recommended security measures for organizations.

IT Security Lifecycle Model and Information Security and Dependability.

Understanding Data Lifecycle Management – DLM.

Demystifying Storage, Data Classification and subsequent Categories.

Understand Information Lifecycle Management – ILM.

Exploiting three types of ILM Data Storage Strategies.

Understanding key difference between ILM and DLM and Use-Cases.

Consequences for not following security management lifecycle.

Unit Assessment 3.

Unit 4 – Principal Guidelines for Developing Cybersecurity Framework

The 9 Principles of Cybersecurity Laws.

Six basic Cybersecurity Principles.

What is Strategy and Strategic Planning?

Steps of creating a Cybersecurity Risk Management Strategy.

Goals and Principles of Cybersecurity.

Cybersecurity Reference Model –Five Components.

The Cybersecurity Framework and top four security frameworks.

Development of the Framework and Framework Components.

Cybersecurity Framework implementation approach.

Key properties of Cyber Risk Management.

Framework Implementation Tiers.

Cybersecurity Framework Component –Core & Profile.

Framework 7-Step Process.

Implementing the NIST Cybersecurity Framework using COBIT.

Implementation Alignment of NIST and COBIT.

Framework key attributes & Examples of Framework Industry Resources.

ISO/IEC 27032:2012 – Guidelines for Cybersecurity.

Unit 4 Assessment

Following are the customers who have attended this workshop.

mib_logo

Group Photographs of students attended our Cybersecurity Risk Management Framework Workshops

State Bank of Pakistan, AFMCO and House Building Finance Company Ltd
has attended a one day workshop on "Cybersecurity Risk
Management Framework" on February 26, 2020.

EFU Life, Expand Research (England), EETS, Interloop Ltd, and Soneri
Bank Ltd has attended a two day online workshop on "Cybersecurity Risk Management Framework" on August 18 - 19, 2020.

MCB Bank Ltd, Getz Pharma (Pvt) Ltd, IBM (Canada), Byco Petroleum and
Mobilink Microfinance Bank Ltd has attended a two day online workshop on
"Cybersecurity Risk Management Framework" on September 29 - 30, 2020.

MCB Islamic Bank, Emirates NBD Bank, Askari Bank, Acuity Technologies,
and Daiwa Capital Markets (England) has attended a two day online
workshop on “Cybersecurity Risk Management Framework” on
November 3 - 4, 2020.

State Bank of Pakistan, Telenor Microfinance Bank, Emirates NBD Bank,
and EETS has attended a two day online workshop on "Cybersecurity Risk Management Framework" on March 18 - 19, 2021.

Bank AL-Habib Ltd, U Microfinance Bank, Interloop Ltd, SNGPL, Agriauto Industries Ltd, and Gul Ahmed has attended a two-day online workshop on "Cybersecurity Risk Management Framework" on November 10 - 11, 2021.