Leveraging RegTech for Cyber Compliance - David Dwyer
Cyber Risk International - CTS2017
CRI have developed a training syllabus specifically to meet the challenge of performing a cyber assessment on a FinSec entity.
The two day boot camp style course will train delegates on how to perform a cyber assessment on a financial service organisation of any size , complexity or type.
FCAP - FINSEC CYBER ASSESSMENT PROFESSIONAL
25th - 26th January 2018
Overview: This two day boot camp style course has been specifically developed in order to train delegates on how to perform a non technical cyber assessment on a financial institution inline with regulatory cyber compliance requirements.
Objective: This course is delivered by highly experienced financial service experts on cyber regulatory compliance. The objective of the course is to furnish the delegates with the knowledge they require so that they can perform a non technical cyber assessment upon their own organisations, gather the appropriate artefacts and produce the essential level of reporting and assurance for the regulator.
Delegates will also learn how to understand, assess and gain assurance from vendors and partners on third party cyber risk and compliance levels.
Typical Delegates Include:
- Security Professionals
- Compliance personnel
- Risk Managers
- Information Officers
- IT professionals
For further information please contact us on details below.
Tel: 01 9053260
Why Perform a Cyber Assessment?
- Assume Breach
- Assets and Impacts
- Natural Threats
- Cyber Adversarial Risk
Cyber Security Fundamental Requirements
- Security v Risk Management v Compliance
- Cyber Security Strategy and Framework
- Risk and Control Assessment
- Information Sharing
- Continuous Learning
- Additional Localised Cross Industry Requirements
Scoping and Planning The Assessment
- Understanding Your Cyber DNA
- Converged Security – Holistic Approach
- Business Strategy
- Identifying Assets
- Key Stakeholders
- Internal Audit
- Third Parties
- Key Business Processes
- People, Processes, Technology
- GRC Requirements
- Industry Compliance Requirements
- Evidence Required
- Fieldwork and Documentation
- Issue Discovery and Validation
- Leveraging RegTech
Starting The Audit
- Dealing with management, techies and users
- Understanding culture and policy
- Logical and physical
- Assurance and validation
Inherent Risk Assessment
- Assessing Your Cyber DNA
- Organisational Characteristics
- Delivery Channels
- Online/Mobile Technology Products and Services
- External Threats
- Technologies and Connection Types
Cyber Maturity Assessment
- Relationship between Inherent Risk and Cyber Maturity
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cyber Security Controls
- External Dependency Management
- Cyber Incident Management and Resilience
Preparing a Cyber Assessment Report
- Regulator Report Requirements
- Board Level Briefings
- Communicating Results
- Executive Summary
- Cyber Inherent Risk Status
- Cyber Maturity Status
- Roadmap to Maturity
- Cross Map to International Standards and Framework
- Evidence Collected
Developing a Framework and Strategy
- Develop a Roadmap to Maturity
- Collect Evidence
- Collaborate and Leverage
- Prove it
- Continually Assessment
- Measuring Improvement
- Next Steps
Spencer Hotel Dublin City, Excise Walk, IFSC, Dublin 1
Paul C Dwyer
Paul C Dwyer is recognised as one of the world’s foremost experts on cyber security, risk and privacy. As CEO of Cyber Risk International he specialises in corporate and enterprise security, development of cyber defence programs, and business operations protection for CRI clients.
With responsibility for the protection of trillions of euros in global money movement and critical infrastructure technologies that protect hundreds of thousands of companies’ and governments’ interests in more than 100 countries.
He has been certified an industry professional by the International Information Security Certification Consortium (ISC2) and the Information System Audit and Control Association (ISACA) and selected for the IT Governance Expert Panel. Approved by the National Crime Faculty and the HTCN High Tech Crime Network.
Paul has worked extensively around the world and his diverse career spans more than 25 years working with military, law enforcement, and the commercial sector.
Cyber Risk International
International Cyber Threat Task Force
David is Cyber Risk International’s Director of Client Services. He has worked as a security advisor for over 12 years specialising in the areas of data protection and ISO 27001. David joined the Cyber Risk International team having built up his own information security practice with an enviable client base over 5 years. He is responsible for achieving confidence and providing assurance of compliance to clients who have obligations under the Data Protection Act 1988, 2003, and financial regulation including the Credit Union and Co-Operation with Overseas Regulators Act 2012.
David’s expertise are fully demonstrated in his management of complex data protection and compliance programs including audit, risk assessment, awareness training, incident management, certification and standards (ISO 27001, PCI DSS, COBIT, ITIL) and business continuity and disaster recovery. A certified ISO 27001 Lead Auditor by the British Standards Institution, David has a wealth of experience working with and providing advice to clients in the financial, technology and pharmaceutical sectors. His record in assisting clients achieve International Security Certification (ISO 27001) is unsurpassed.