Navigating Cyber Security Risk for Directors

This Course is Now Fully Booked

Please note this Course is now booked out. However, a cancellation list is now in operation. If you wish to be put on the cancellation list, please contact the IoD Training Team

Details

Advance your expertise on our new course, ‘Navigating Cyber Security Risk for Directors.’ This new online course is designed to enable directors to enhance their knowledge and ability at assessing and resolving cyber security risks.  

As part of IoD Ireland’s remit to support our members in ensuring high standards of cyber security, we developed this course taking into consideration NCSC publications, such as the  ‘12 Steps to Cyber Security: Guidance on Cyber Security for Irish Business’.

The course will be led by Bill McCluggage, an expert with extensive Chief Information Officer, cyber security, and digital experience. It will include presentations from leading guest speakers and experts in the field, as well as the facilitation of peer-to-peer learning from the other attendees.

The course will be composed of the four below half day sessions, and include the following guest speakers:

1. Governance, Technology and Cyber Risk - Jacky Fox, Managing Director and European Security Lead, Accenture and Joe Stephens, Director of Resilience, National Cyber Security Centre (NCSC).
2. Regulatory, Legal and Compliance Matters for Boards - Colin Rooney, Partner, Arthur Cox LLP.
3. Capability and Cyber Culture - Martin Curley, Professor of Innovation, Maynooth University.
4. Planning and Incident Response - Board Actions - Tim Hynes, Non-Executive Director, HSE. 

Who is this Course for?

The course is designed for board level executives and directors.

What Will I Gain from Attending this Course?

• Clarity on where cyber security fits within their overall organisational strategy.
• An understanding of the challenges of cyber security to reputation, and overall business and operational performance.
• Gain an awareness of the emerging regulatory and legal landscape, and compliance requirements for their organisations.
• Develop a grasp of the cultural change that may be needed to deliver a secure organisation and understand the impact of cyber secure strategies on operations, processes, and their supply chains.
• Enable board-level attendees to see cyber risk as part of their overall business risk and the critical technology-based drivers in their business.
• Gain a sufficient understanding on cyber security to enable an informed and fluent conversation on the performance of their organisation’s cyber risk policies and procedures with their technical cyber security teams.
• Develop an action plan for their Board to prepare for, react to and withstand security compromises.

The four morning sessions of the online course will take place over four different dates from 9:00am to 12:30pm. The session topics, and dates, are:

1. Governance, Technology and Cyber Risk, being held from 9.00 am – 12.30 pm on Tuesday, 12th September 2023. This module will include a presentation by Jacky Fox, Managing Director and European Security Lead, Accenture and Joe Stephens, Director of Resilience, National Cyber Security Centre (NCSC).
2. Regulatory, Legal and Compliance Matters for Boards, being held from 9.00 am – 12.30 pm on Tuesday, 26th September 2023. This module will include a presentation by Colin Rooney, Partner, Arthur Cox LLP.
3. Capability and Cyber Culture, being held from 9.00 am – 12.30 pm on Tuesday, 17th October 2023. This module will include a presentation by Martin Curley, Professor of Innovation, Maynooth University.
4. Planning and Incident Response - Board Actions, being held from 9.00 am – 12.30 pm on Tuesday, 7th November 2023. This module will include a presentation by Tim Hynes, Non-Executive Director, HSE.

Session One: Governance, Technology and Cyber Risk

The first session looks at key business drivers and obtaining senior management support for a robust technology and cyber security programme. This is followed by establishing roles and responsibilities, agreeing your strategy, developing policies and standards, and enabling reporting.

In this session participants will cover:

• A Board’s responsibility to exercise appropriate oversight of cyber risk management.  
• Establishing a framework for managing technology and cyber risks.
• Ten Board-curious questions on cyber security.
• Identifying business critical assets and components.
• Defining your company’s/organisation’s Risk Appetite.
• Ensuring your Audit and Risk Committee is adequately addressing cyber risk.
• Embedding basic cyber hygiene into your business objectives.
• Reviewing your Information Security Management System.

Session Two: Regulatory, Legal & Compliance Matters for Boards

The second session focuses on the responsibility of Board-level executives to ensure their organizations comply with various regulatory, legal and compliance regimes. Having identified what matters most to your organisation and gained an understanding of the threat landscape, you will be able to ensure an effective risk assurance framework is in place and appropriate cyber security controls are operating effectively.

In this session participants will cover:

• Understanding the current and emerging regulatory, legal and compliance landscape.
• Building a cyber risk assurance framework.
• Understanding how cyber-attacks work.
• Development of a Board-level threat model.
• Balancing cyber security strategies and the impact on operational processes.
• Identifying and mitigating internal and external cyber risks.

Session Three: Capability and Cyber Culture

The third session looks at the Board’s role in building your organisation’s capability and growing a positive cyber security culture designed to defend your business. The majority of cyber attacks start by unauthorized access to systems using compromised credentials. System users are your first, and most critical line of defence. Building a risk-informed, layered defence of both technical and softer cultural defences will help develop a higher level of cyber maturity in your business and defend against cyberattacks.

In this session participants will cover:

• Putting people at the heart of security.
• Collaborating with your supply chain on cyber security.
• Layering your defences.
• Building your organization’s cyber security management plan.
• Reviewing and assessing the maturity of your cyber security defence measures.
• Developing workforce skills and capability.

Session Four: Planning and Incident Response - Board Actions

The final session enables directors to consider planning for a potential cyber security incident. Attacks will occur; therefore, directors need to understand how to respond and develop/exercise their business resilience plans in order to reduce the impact of a cyber security incident and recover from the disruption. Directors also need to understand the value of an effective cyber risk management lifecycle and the Board’s responsibility for its continuous evolution.

In this final session participants will cover:

• The Board’s role in incident management.
• The anatomy of a cyber attack.
• Developing and exercising a responsive incident management plan.
• Taking pre-emptive defence measures to mitigate further effects.
• Establishing recovery plans.
• Creating a cyber risk management lifecycle.

Bill McCluggage is a Chief Information Officer Expert. He is an experienced Managing Director, IT Director, Chief Information Officer (CIO), Chief Technology Officer (CTO), CISO, business and technology consultant, and company Chairman. He has worked for both the public and private sectors.

Bill is currently a Non-Executive Director for the following organisations: FCDO Services, Cocoon Data Technologies and Triangle Housing Association. He is also Chair of the Northern Ireland Fraud Forum and a CIO/CISO Advisor for Tanium. Bill is a former Head of Information Security at Open Banking, and former Irish Government CIO within the Department of Public Expenditure and Reform.

Online Course Cost

This online course is booked as a whole, and the individual sessions cannot be booked separately. The below costs cover the participation of attending the four sessions in the series.

• IoD members - €1,500 ex VAT
• Non-members - €1,950 ex VAT

Cancellation and Refund Policy

Places can only be confirmed on receipt of full payment. Cancellations and a full refund will be accepted if received in writing to training@iodireland.ie by Tuesday, 5th September 2023.  After Tuesday 5th September, no refund will be possible, and all fees will be forfeited in the event of a cancellation or non-attendance.  Please note this is a live series requiring attendance, recordings will not be available as part of post session materials.

Group Bookings

If you would like to make a group booking, please contact the IoD Training Team on training@iodireland.ie or phone +353 1 411 0010.

CPD

This IoD online course may be eligible for CPD, including Chartered Director CPD. Please check with your relevant professional body.

How to Join this Online Course tab

• Please note you will need an active microphone and camera to be able to interact in this workshop.
• To attend this online course, please book and pay via the ‘Book Now’ button.

Accessing the Link to Join the Online Course

• When you register to attend, you will receive a confirmation email to confirm your booking.
• All registered attendees will receive a joining instruction email closer to the date of each session in the online course. This email will contain your registration link to access the session. Please click on the link in this email and confirm your details, you will then receive the direct link to join the session.  Please save this link to your calendar for easy accessibility on the morning of the session.

Course Platform Information: Zoom

• This Course will take place via the online platform Zoom. Please download Zoom to your system before the session to ensure you can view the webinar.
• We would ask all registered attendees to do a test of the Zoom platform in advance to ensure it works for them. To do this, please click on the following Zoom Test page. If you need any further support, please visit the Zoom support page for more information.
• Please note, before you join the Course Zoom will prompt you for your email address before you can join, this is a required feature of the Zoom platform. For more information on this, please view: Zoom Video Communications GDPR Compliance.

Contact Information

For all queries relating to the IoD Training Programme, please contact training@iodireland.ie or phone +353 1 411 0010.