Corporate Cybersecurity Roles and Responsibilities for the Rest of the Team— How to Ensure Your CIO and CISO Aren’t “Alone” as Your Company Effectively and Efficiently Addresses Cyber Risks
“Culture Eats Strategy for Breakfast” (attributed to Peter Drucker). Effectively addressing cybersecurity risk across a company has to be a “team sport” and everyone needs to know their roles. Increasingly, this involves disciplines that have in the past been able to steer clear of having a clear, accountable role for IT and information assurance. It is hard to imagine a line of business that won’t be relying more on data and networked technology to improve their outcomes. In order to effectively “see” the emerging risk factors, companies need to widen the scope of their cybersecurity programs to include Operational Technology and shared risk elements within their supply chain. Insider threats can come from a wide range of employees with access to technology that can greatly increase the impact of malicious actions. In order to efficiently address this reality, companies must be task organized not just around the technical challenges, but also around asset management, financial management, accounting, auditing, HR, training, legal, compliance, risk management, program management, field operations and many other work roles. NIST has identified 52 specific accountable work roles in a comprehensive cybersecurity program and even that does not cover the range of company leaders who have a responsible, consultative or informational role. The course will introduce participants to the Industry Best Practice structure for Cybersecurity Risk Management with an emphasis on the non-technical roles and responsibilities for Identify, Detect, Protect, Respond and Recover risk categories. It will introduce NIST developed Supply Chain Risk Management, Insider threat and Human Capital Strategy for long-term corporate risk reduction. It will examine cultural barriers for changes to corporate cyber-readiness and equip participants to lead change in their fields with access to best -practice resources. Corporations will benefit from senior managers who understand cybersecurity risk language and concepts who are better equipped to lead constructive support roles for effective and efficient cybersecurity programs.
Mix of interactive presentations, invited speakers, and case studies.
This course provides an opportunity to develop strategies for corporate cyber security workforce recruitment, retention, and training. Participants will learn how to conduct a basic cybersecurity SWOT assessment and learn to establish role-based privilege, cyber hygiene, and how to create a cybersecurity lifecycle.
Benefits of Attending
Participants will be introduced to the following:
- Corporate Cybersecurity Threat Landscape
- Cybersecurity Risk Factors
- Organizational strategy for Cybersecurity Risk Management
- Cyber Risk Environment and determining a companies “Cyber-risk Universe”
- Threat detection and protection program elements
- Supply Chain and 3rd Party Risk Exposure
- Cyber workforce definition and work roles
- How to assess current cyber-risk thresholds
- How to set objective cyber-risk thresholds
- How to conduct resource planning to close the gap between current and objective risk postures
Invited speakers will assist to deepen the learning experience giving participants examples where successful programs improved their company’s cyber-readiness by affirmatively addressing cultural barriers and bringing support roles into the cybersecurity risk reduction effort.
To be added to our listserv email Briana Blanchard at firstname.lastname@example.org
Virginia Tech Executive Briefing Center, Arlington, VA
Mid- to upper management
Fee per Participant
$1,750; Includes all instruction, course materials, lunch, parking, and a networking reception. Space is limited.
Group discounts are available for organizations sending three or more participants. Please contact Briana Blanchard, Continuing and Professional Education, for more information at email@example.com or 571-858-3304.
Participants will receive a Certificate of Completion and 1.4 Continuing Education Units (CEUs).