Cyber Risk Management

Cyber Risk Management

Cyber Risk Management - Virtual Workshop

Day 1 – Thursday October 15, 2020

08:3009:00

Registration

08:30 - 09:00

09:0010:30

The connections between cyber risk, risk management and governance

09:00 - 10:30

  • How does cyber risk fit into risk management?
  • Is cyber an inherent risk or vector for other risks?
  • Connectivity with conduct risk, RRP, ERM
  • Establishing a leading cyber risk management capability
  • Financial stability board’s lexicon for cyber risk
  • Stricture EBA guidelines
  • How do you develop risk appetite limits for cyber security risk?
Greg Adamson

Principal

Digital Risk Innovation

Dr Greg Adamson is Principal at Digital Risk Innovation, specialising in the management of risk in the digital environment. He has worked in cyber security for more than 25 years and in 2009 established the first-line operational risk practice in ANZ’s Transaction Banking. His current focus includes cyber risk in health, critical infrastructure, and financial services. He is an honorary Associate Professor at the University of Melbourne, Graduate member of AICD, and has just completed a Master of Commercial Law at Melbourne Law School including research into an insured’s duty of care in cyber liability insurance.

10:3011:00

Morning Break

10:30 - 11:00

11:0012:30

Integrating cyber risk and IT

11:00 - 12:30

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
  • How to identify the latest threats and vulnerabilities
  • Working with technologists
  • Accommodating new technologies into your cyber risk strategy
  • Integrating IT risk as part of the GRC strategy
  • How do IT risks fit in the context of the business?
  • Data aggregation and intelligence gathering tools to address cyber security risks

12:3013:30

Lunch

12:30 - 13:30

13:3015:00

Relationship between cyber risk and human behaviour

13:30 - 15:00

  • Effectiveness of cyber security capabilities (people, process, technology)
  • Why the majority of data breaches are a result of human behaviour
  • How to invest in people controls to deliver the best ROI and most effective risk mitigation
  • Exploring people controls – UBA, human sensors, human risk profiling
  • Practical steps / techniques for affecting behavioural change and building a risk aware cyber security culture
Prof. Helge Janicke

Research Director

Edith Cowan University

15:0015:30

Afternoon Break

15:00 - 15:30

15:3017:00

Cybercrime – lessons to be learned

15:30 - 17:00

  • AML and KYC
  • Creating a compliant culture
  • Notable attacks – case studies
  • The role technology plays
  • Areas for overlap and significant differences

17:0017:00

End of Day One

17:00 - 17:01

Day 2 – Friday October 16, 2020

08:3009:00

Refreshments

08:30 - 09:00

09:0010:30

Group activity: Incident management

09:00 - 10:30

  • Group interactive activity based around a cyber incident
  • Industry expert devised examples
  • Great networking opportunity

10:3011:00

Morning Break

10:30 - 11:00

11:0012:30

Group Activity: Post incident analysis

11:00 - 12:30

  • Discuss and reflect on the previous session
  • Forensic analysis
  • Learn from other groups

12:3013:30

Lunch

12:30 - 13:30

13:3015:00

Creating an efficient and usable cyber risk programme

13:30 - 15:00

  • Best place to start
  • Instilling security of culture and building cyber into core management processes
  • Creating a system that maintains daily usability
  • Dealing with the increasing price of cyber security
  • Potential for automation

15:0015:30

Third party vendor risk

15:30 - 17:00

  • Overview of vendor partnerships and associated risks
  • Selecting a vendor partner
  • Designing business process interface with the vendor
  • Assimilating vendor’s risk management procedures
  • Benefits of joint incident response exercises
  • Maintenance and the continual management of the risk profile
  • Vendor sub-contracting (fourth party risk)
  • Accommodating disruptive technologies into your cyber risk strategy

17:0017:00

End of Training Course

17:00 - 17:02