CCRO

Certified Cyber Security Officer (CCSO)

Online Course

About This Course

Duration: 8 Weeks: Plus 1 Week Initial Orientation
Time required: 8-10 Hours Per Week: Self Paced Entirely Online
Online Academy: Delivered Entirely Online
35 CPE/CPD Points: Approved by Various Bodies
Commences June 4th 2020: New Modules Every Thursday
Contact: Dr. Contantine ‘Dino’ Kiritsis at kiritsis.c@studysmart.gr

The Cyber Risk Officer course equips students with a comprehensive understanding of cyber risk management. The syllabus assumes a non-technical student and covers a range of topics from identification of cyber risks through to risk management options. The course has been designed to equip students with the knowledge, skills and confidence they require in order to protect the digital assets of their organisation and support the efforts of or lead the implementation of a cyber risk framework.

The Course is For

The course syllabus has been specifically designed to be collaborative and bring together business leaders of various disciplines within an organisation. They are the key stakeholders in designing, implementing or supporting the cyber risk management program of an organisation. Key cyber risk management stakeholders include:

· C-Suite

· CISO/CSO/CIO or CRO

· Head of IT/Security

· CCO Chief Compliance Officer

· Cyber Security/Risk/Compliance Teams

· Legal

· Procurement

· Head of Business Units

· Technology Leaders / Project Managers

· Management Professionals / Team Leaders

· Digital Consultants

IDEAL TRAINING COURSE FOR

Cyber Risk Leader: Develop and Implement Strategy
Cyber Security and Risk Teams: Collaborate and Support Enterprise
Gaining Recognition: Cyber Risk Management Specialist

The Course Covers

This course brings you on a journey and commences with how to analyse the inherent cyber risk of your organisation. That includes areas such as:

· Organisational Characteristics

· Governance Structure

· Technology Structure and Systems

· Product / Service Delivery Channels

· External Cyber Threats

We then gain an understanding of the current cyber risk status of the organisation holistically by exploring key control areas such as:

· Cyber Risk Management and Oversight

· Cyber Incident Management and Resilience

· Cybersecurity Controls

· Threat Intelligence and Collaboration

· External Dependency – Vendor / Partner Risk

There is a focus on CRQ (Cyber Risk Quantification), meangingful metrics and how to support and develop a cyber strategy that supports your ERM (Enterprise Risk Management) program and business strategy. Security standards, legal and compliance requirements are addressed throughout the material. By the end of the course you will have gained the appropriate knowledge to build, implement or support a risk management framework for your organisation.

How do you learn?

CYBER RISK ACADEMY – ONLINE CAMPUS PORTAL

The course is delivered over 8 weeks and preceded with an orientation module. Every Thursday a new module is added to the course. During the orientation module you will be introduced to your online teaching and technical support network and gain an understanding of the interface and tools. During the orientation phase you complete your student profile and gain an understanding of key milestones and how your assessments are calculated. Training material comprises of rich interactive media such as videos, infographics, activities and course notes. There are many opportunities for collaborative learning via the discussion forums and you can leverage the portal to connect to other students around the world. During the course you can reference the case study example outlined in Module 1 or reference your own organisation. During the course students will develop a cyber strategy as part of their assessment, this can be based on their own organisation, the case study or a fictitious entity

Your Support

HIGH LEVEL OF SUPPORT – KEY TO SUCCESS

Head Tutor: Subject Expert
Course Manager: One to One Student Support
Technical Support: Available to Solve Tech Issues
Social Learning: Student Network Collaboration
Extended Network of Material: Recommended External Material

Modules:

MODULE 1

UNDERSTANDING CYBER RISKS AND A LITTLE TECHNOLOGY

We explore the cyber threat landscape and gain an understanding of the key threat actors, their motivations and techniques. We review a number of high profile cyber attacks with a view to understanding why they were attacked and what could have been done to prevent the breach. We outline a key “Case Study” example that is referenced through the rest of the course.

MODULE 2

CYBER STRATEGY – THE BUSINESS CASE

We outline the importance and the anatomy of a cyber strategy. How a cyber risk framework operates and how it integrates with the organisation. Understand the differences between standards, policies, procedures, legal and regulatory controls. We outline how to identify the business value chain of an organisation and the importance of business systems, assets and entities that support that channel.

MODULE 3

CRQ – CYBER RISK QUANTIFICATION AND METRICS

We explore the traditional cyber metrics organisations leverage in relation to cyber security and risk and discuss “Meaningful Metrics” that empower the business. Calculating inherent cyber risk, residual cyber risk and aligning those metrics with business objectives. Informing and supporting the business with KPI’s (Key Performance Indicators) and KRI’s (Key Risk Indicators). Leveraging those metrics to develop appropriate maturity roadmaps and report and alert the business.

MODULE 4

CYBER LEADERSHIP AND CULTURE

The role of leadership, the governance structure and supporting processes are outlined. The challenge of resourcing, attracting new and developing in-house talent. Establishing a culture of loyalty and business protection. Identifying gaps in leadership and supporting a meritocracy based on talent and ability. Converging the physical security efforts with cyber to deliver a holistic program of protection for your organisation.

MODULE 5

CYBER RISK AND THE LAW

Understanding the complex myriad of cyber related laws, regulations and business requirements is a challenge. In this module, we outline International landscape of key laws and regulations including GDPR and the NIS Directive. Developing an approach to understanding how to identify what is relevant and may impact your current or future business model. We outline key approaches to identifying the nexus of control requirements and driving efficiency by aligning business, legal and regulatory drivers with business drivers.

MODULE 6

CYBER RESILIENCE AND INCIDENT MANAGEMENT

We outline the minimum expectations of regulators when it comes to establishing cyber resilience. Understanding preventative, detective and responsive controls. Best practices in aligning business continuity, disaster recovery and incident response with a program of cyber resilience. We outline the appropriate response to a breach. We focus on key aspects such as detection, communication and containment. We leverage the case study to outline the key aspects and learning points such as proactive strategies to detect an incident and containment strategies to mitigate the impact.

MODULE 7

THIRD PARTY CYBER RISK – VENDORS AND REMOTE WORKERS

Every business is comprised of a business value chain. That is the various “links” or parts of the business that support the delivery of a particular service or channel. These links are often provided by third party partners, vendors or remote workers. We explore, how to identify, analyse, manage and report the associated risk to the business. The impact of the paradigm shift in the legal landscape including GDPR and how that factors into your approach.

MODULE 8

PUTTING IT TOGETHER – DEVELOP A CYBER RISK STRATEGY

In this module, we outline how to put everything you have learned together. Students leverage the case study or their own organisations to develop a complete cyber risk strategy. Dissecting the Cyber DNA of the business, establishing key metrics and a maturity roadmap. Aligning with the business strategy and establishing a board level reporting process. Developing processes to measure and manage the implementation of the cyber risk strategy and report the RoI to the business.

HEAD TUTOR

Paul C Dwyer – President of the ICTTF International Cyber Threat Task Force

Paul has been certified an industry professional by the International Information Security Certification Consortium (ISC2) and the Information System Audit and Control Association (ISACA) and selected for the IT Governance Expert Panel.

Paul is an honorary fellow of the ICS Irish Computer Society, approved by the National Crime Faculty and the HTCN High Tech Crime Network.

Paul has worked extensively around the world and his diverse career spans more than 25 years working with military, law enforcement, and the commercial sector. His roles have included:

· President of the ICTTF International Cyber Threat Task Force

· Co Chairman of the UK NCA National Crime Agency Industry Group

· Advisor to NaCTSO (National Counter Terrorism Security Office)

· Advisor to NATO on Countering Hybrid Cyber Threats

· Advisor to UK Defence Committee DEFCOM in Parliament

· Deputy Chair – Organised Crime Task Force Industry Group – NI

· Interim Global CISO for numerous multi national organisations

· Advisor to numerous governments and intelligence agencies

A prolific contributor to the industry and media, Paul is a professional public speaker and industry evangelist. He has also authored a number of industry works including a book aimed at boards of director entitled – “The Art of Cyber Risk Oversight”.

As an industry networker Paul is a member of a number of distinct groups including the IoD (Institute of Directors), IIEA (Institute of International and European Affairs) and the IRM (Institute of Risk Management).

As an accomplished serial entrepreneur he has successfully built a number of security practices in the UK & Ireland and in 2016 was identified by Business and Finance as one of Ireland’s Top 100 CEOs.

Paul started his career as a technical networking specialist, he then specialised, trained and qualified in a number of disciplines including but not limited to ethical hacking, forensics, international management systems, risk management, business continuity, international governance frameworks, financial service regulations, cyber laws and project management.

Paul is a native of Dublin, Ireland, lives there with his wife, daughter and Bernese mountain dog children

About The ICTTF

The ICTTF – International Cyber Threat Task Force was established in 2010 as a not for profit initiative promoting the ecosystem of an International independent non-partisan cyber security community. We have been committed to fostering collaboration, networking and knowledge sharing for almost ten years now.

Over that decade, we have constantly innovated on how best to achieve our mission. From online community portals, apps, local membership chapters and International events we have strived to work with our thousands of members from around the world.

Our mantra is “It Takes a Network to Defeat a Network” and our primary objective to foster collaboration and networking has been immensely successful, with our events culminating every year with our annual EU Cyber Summit.

The “bad guys” are strong, highly organised and well trained. Knowledge is power and power is strength. The ICTTF was born in Ireland and when launched used the slogan “Ní neart go cur le chéile” which in English translates to “There is no Strength Without Unity”. To be strong we all need knowledge and that is why we have developed this online training academy, so organisations can get their staff cyber strong and unified.

We will continue to work with our cadre of global cyber security, risk and privacy experts to develop the worlds best cyber academy. Our first offering is our “Certified Cyber Risk Officer” course and is designed as a non-technical syllabus for business leaders.

How to apply

To apply and/or require further information please contact Dr. Constantine ‘Dino’ Kiritsis at +30 211 411 3235 or via email kiritsis.c@studysmart.gr