Cyber Risk International Ltd - Unit 1 St Olaves Centre- Kinsealy - Co Dublin - Ireland
+353 -(0)1 905 3260
Enabling Organisations to Understand and Manage Cyber Risk

F-CAP (FinSec-Cyber Assessment Professional) Training

Leveraging RegTech for Cyber Compliance - David Dwyer

Cyber Risk International - CTS2017

CRI have developed a training syllabus specifically to meet the challenge of performing a cyber assessment on a FinSec entity.


The two day boot camp style course will train delegates on how to perform a cyber assessment on a financial service organisation of any size , complexity or type.




25th - 26th January 2018


Overview: This two day boot camp style course has been specifically developed in order to train delegates on how to perform a non technical cyber assessment on a financial institution inline with regulatory cyber compliance requirements.

Eventbrite - F-CAP FinSec Cyber Assessment Professional

Objective: This course is delivered by highly experienced financial service experts on cyber regulatory compliance. The objective of the course is to furnish the delegates with the knowledge they require so that they can perform a non technical cyber assessment upon their own organisations, gather the appropriate artefacts and produce the essential level of reporting and assurance for the regulator.
Delegates will also learn how to understand, assess and gain assurance from vendors and partners on third party cyber risk and compliance levels.
Typical Delegates Include:

  • Security Professionals
  • Compliance personnel
  • Risk Managers
  • Information Officers
  • IT professionals


For further information please contact us on details below.
Tel: 01 9053260

Day One

Why Perform a Cyber Assessment?

  • Assume Breach
  • Legislation
  • Assets and Impacts
  • Natural Threats
  • Cyber Adversarial Risk

Cyber Security Fundamental Requirements

  • Security v Risk Management v Compliance
  • Cyber Security Strategy and Framework
  • Governance
  • Risk and Control Assessment
  • Monitoring
  • Response
  • Recovery
  • Information Sharing
  • Continuous Learning
  • Additional Localised Cross Industry Requirements

Scoping and Planning The Assessment

  • Understanding Your Cyber DNA
  • Converged Security – Holistic Approach
  • Business Strategy
  • Identifying Assets
  • Key Stakeholders
  • Internal Audit
  • Third Parties
  • Key Business Processes
  • People, Processes, Technology
  • Jurisdictions
  • GRC Requirements
  • Industry Compliance Requirements
  • Evidence Required
  • Planning
  • Fieldwork and Documentation
  • Issue Discovery and Validation
  • Leveraging RegTech

Starting The Audit

  • Dealing with management, techies and users
  • Understanding culture and policy
  • Logical and physical
  • Assurance and validation

Day Two

Inherent Risk Assessment

  • Assessing Your Cyber DNA
  • Organisational Characteristics
  • Delivery Channels
  • Online/Mobile Technology Products and Services
  • External Threats
  • Technologies and Connection Types

Cyber Maturity Assessment

  • Relationship between Inherent Risk and Cyber Maturity
  • Cyber Risk Management and Oversight
  • Threat Intelligence and Collaboration
  • Cyber Security Controls
  • External Dependency Management
  • Cyber Incident Management and Resilience

Preparing a Cyber Assessment Report

  • Regulator Report Requirements
  • Board Level Briefings
  • Communicating Results
  • Executive Summary
  • Cyber Inherent Risk Status
  • Cyber Maturity Status
  • Roadmap to Maturity
  • Cross Map to International Standards and Framework
  • Evidence Collected

Developing a Framework and Strategy

  • Develop a Roadmap to Maturity
  • Collect Evidence
  • Collaborate and Leverage
  • Prove it
  • Continually Assessment
  • Measuring Improvement
  • Next Steps


Spencer Hotel Dublin City, Excise Walk, IFSC, Dublin 1



Paul C Dwyer

Paul C Dwyer is recognised as one of the world’s foremost experts on cyber security, risk and privacy. As CEO of Cyber Risk International he specialises in corporate and enterprise security, development of cyber defence programs, and business operations protection for CRI clients.
With responsibility for the protection of trillions of euros in global money movement and critical infrastructure technologies that protect hundreds of thousands of companies’ and governments’ interests in more than 100 countries.

He has been certified an industry professional by the International Information Security Certification Consortium (ISC2) and the Information System Audit and Control Association (ISACA) and selected for the IT Governance Expert Panel. Approved by the National Crime Faculty and the HTCN High Tech Crime Network.
Paul has worked extensively around the world and his diverse career spans more than 25 years working with military, law enforcement, and the commercial sector.

Cyber Risk International

International Cyber Threat Task Force

David Dwyer

David is Cyber Risk International’s Director of Client Services. He has worked as a security advisor for over 12 years specialising in the areas of data protection and ISO 27001. David joined the Cyber Risk International team having built up his own information security practice with an enviable client base over 5 years. He is responsible for achieving confidence and providing assurance of compliance to clients who have obligations under the Data Protection Act 1988, 2003, and financial regulation including the Credit Union and Co-Operation with Overseas Regulators Act 2012.

David’s expertise are fully demonstrated in his management of complex data protection and compliance programs including audit, risk assessment, awareness training, incident management, certification and standards (ISO 27001, PCI DSS, COBIT, ITIL) and business continuity and disaster recovery. A certified ISO 27001 Lead Auditor by the British Standards Institution, David has a wealth of experience working with and providing advice to clients in the financial, technology and pharmaceutical sectors. His record in assisting clients achieve International Security Certification (ISO 27001) is unsurpassed.

Client Services at Cyber Risk International