RESILIENCE AND SECURITY
22ND OCTOBER 2018
25TH OCTOBER 2018
TO THE GLOBAL ECONOMY
WILL EXCEED $6 TRILLION
THE TRAINING COURSE
This beginner to intermediate one day 'Cyber Risk, Resilience, and Security' training course has been specifically designed to provide attendees with highly effective and comprehensive training in a broad range of areas covering Cyber Risk, Cyber Securities Strategies and Cyber Security Risk Management approaches.
The training course is directed specifically at those professionals that need to obtain a better and more comprehensive grasp on the key elements of Cyber Risk frameworks, as well as obtaining insights on the latest Cyber Security Trends. At the end of the training course attendees will have a highly thorough understanding of how Cyber Risk can affect firms, as well as how to build and effective Cyber Security Architecture and implement effective Cyber Security Strategy.
In light of the highly significant financial impact of Cyber Attacks on firms today, it is vital that firms equip themselves with a better and current understanding of Cyber Security frameworks, in order to implement effective and proportional Cyber Risk Architectures. It is essential for firms to invest in protecting themselves from a broad range of future Cyber Threats and Attacks.
MODULE 1: An Overview of Cyber Security
· Cyber Security Definitions; Cyber Security Trends; Cyber Incidents, Attacks (Attacks on Confidentiality; Attacks on Integrity; Attacks on Availability; Script Kiddies; Hackers; Advanced Persistent Threats); Damage, and Unauthorised Access.
· Challenges of Cyber Security (Traditional Perimeter-Based Model v. Real Time Continuous Assessments) and Cyber Attack Sophistication (Socially Engineered Malware; Data-Encrypting Ransomware; Password Phishing Attacks; Unpatched Software; Social Media Threats).
· Managing Cyber Security Operational Frameworks (Network Security; Cloud Security; Application Security), Data Loss Prevention (DLP), Intrusion Detection and Prevention Solutions (IDPS), log management; Security Information and Event Management (SIEM) platforms.
MODULE 2: How to Build Effective Cyber Security Architecture and Strategy
· Cyber Security Architecture; Top-Down Approach to Cyber Risk Assessment (Identification of a Firm's Key Information Assets; Identification of the Threats and Risks facing KIAs; Outlining the damage a Firm would incur if data is lost or wrongfully exposed); Bottom-Up Approach to Cyber Risk Assessment (Device-Level; Nodes).
· Analysing Cyber Security Threats (US Office of Personnel Management, 2015; Bangladesh Central Bank 2016; NHS Cyber Attack, 2017; Equifax Cyber Attack, 2017; Bithumb $31 Million Crypto Exchange Attack) and Costs.
· Cyber Security Trends and Capabilities and General Data Protection Regulation (GDPR) Requirements and Regulatory Fines.
MODULE 3: Cyber Security Strategies and Risk Management
· Developing a Common Language (NIST Cybersecurity Framework); Two Factor Authentication (2FA) (App-Generated Codes; Physical Security Keys; Weaknesses in SMS-based Methods); Smartcards; Biometrics; Domain-based Message Authentication, Reporting and Conformance (DMARC).
· Common Vulnerabilities and Exposures (CVE) and CVE Identifiers, Cyber Security Skills Shortage (Security Investigations/Analysis, Application Security; Cloud Security).
· Firm Operational Governance of Cyber Security Risk, Cyber Risk Management Services (A New Security and Risk Mindset – Continuous Adaptive Risk Assessment (CARTA).
MODULE 4: Cyber Security Algorithms and Solutions
· The Theory of Cyber Security Algorithms, Symmetric-Key Block Ciphers, Cryptographic Hash Functions, Honey Encryption, Quantum Key Distribution.
· A Review of Cyber Security Algorithms (Advanced Encryption Standard (AES); Twofish; Blowfish (cipher); Rivest-shamir-adleman (RSA) Algorithm; Triple des (3des); Hash Based Message Authentication Code (HMAC); the MD5 Algorithm (Md5); Secure Hash Algorithm (SHA)).
· A Review of Cyber Security Solutions (AXELOS; Cyber Ark Software; Amazon Web Services; FireEye; Check Point Software).
· Attendees will be able to comprehensively understand the broad range of Cyber Risks and Cyber Threats that may affect firms today.
· Attendees will learn how to effectively control and manage Cyber Risk services.
· Attendees will be effectively guided through a range of Cyber Security strategies.
· Attendees will receive a highly comprehensive training course manual, training course materials manual, and four PowerPoint presentations.
TRAINING COURSE EXPERT TRAINER
Rodrigo Zepeda is Co-Founder and Managing Director of Storm-7 Consulting. He is an expert consultant who specialises in derivatives and banking and financial services law, regulation, and compliance. He is an expert in a very broad range of regulatory compliance frameworks such as FATCA, the OECD CRS, MiFID II, MAD 2 MAR, PSD2, CRD IV, Solvency II, OTC Derivatives, CCP Clearing, PRIIPs, BRRD, AML4, and the GDPR. He holds a LLB degree, a LLM Masters degree in International and Comparative Business Law, and has passed the New York Bar Examination. He was an Associate (ACSI) of the Chartered Institute for Securities & Investment from 2004 to 2014 and is now a Chartered Member (MCSI). He has created and delivered numerous conferences and training courses around the world such as 'FATCA for Latin American Firms' (Santo Domingo, Dominican Republic, Panama City, Panama), 'MiFID II: Regulatory, Risk, and Compliance (London, United Kingdom (UK)), 'Market Abuse: Operational Compliance' (London, UK), and AEOI (FATCA & CRS) Compliance and Technology (Manama, Bahrain). He has also delivered numerous in-house training Courses around the world to major international financial institutions such as The Abu Dhabi Investment Authority (MiFID II: Operational Compliance, Abu Dhabi, the United Arab Emirates), the United Nations Principles of Responsible Investment (MiFID II: Final Review, London, UK), CAF, the Development Bank of Latin America (Swaps and Over-the-counter Derivatives, Lima, Peru), and Rothschild Investment Management (UK) Limited (AEOI (FATCA & CRS) Operational Compliance, London). He is a Reviewer for the Journal of Financial Regulation and Compliance and has also published widely in leading industry journals such as the Capco Institute's Journal of Financial Transformation, the Journal of International Banking Law and Regulation, as well as e-books on derivatives law. Noted publications include "Optimizing Risk Allocation for CCPs under the European Market Infrastructure Regulation"; "The ISDA Master Agreement 2012: A Missed Opportunity"; "The ISDA Master Agreement: The Derivatives Risk Management Tool of the 21st Century?"; "To EU, or not to EU: that is the AIFMD question"; and "The Industrialization Blueprint: Re-Engineering the Future of Banking and Financial Services?".
ISDA® is a registered trademark of the International Swaps and Derivatives Association, Inc., and Storm-7 Consulting Limited is neither sponsored by nor affiliated with the International Swaps and Derivatives Association, Inc. (ISDA), and the public is hereby informed that Storm-7 Consulting Limited holds no commercial, private, or other relationship with ISDA.