Cyber Security Fundamentals for Directors

Security. Risk. Culture. Regulatory and legal. Compliance. Planning.

Join Bill McCluggage and guest speakers as they examine the key questions directors should ask their executive teams and advisors. These questions are essential to gaining a deep understanding of cyber security risks and impacts on a business.

Bill will take you through:

1. Governance, Technology and Cyber Risk
2. Regulatory, Legal and Compliance Matters for Boards
3. Capability and Cyber Culture
4. Planning and Incident Response – Board Actions

What you’ll get:

• Clarity on where cyber security fits within their overall organisation strategy.
• An understanding of the challenges of cyber security to reputation, and overall business and operational performance.
• Gain an awareness of the emerging regulatory and legal landscape, and compliance requirements for their organisations.
• Develop a grasp of the cultural change that may be needed to deliver a secure organisation and understand the impact of cyber secure strategies on operations, processes, and their supply chains.
• Enable board-level attendees to see cyber risk as part of their overall business risk and the critical technology-based drivers in their business.
• Gain a sufficient understanding on cyber security to enable an informed and fluent conversation on the performance of their organisation’s cyber risk policies and procedures with their technical cyber security teams.
• Develop an action plan for their Board to prepare for, react to and withstand security compromises.

What people are saying  

“The IoD Ireland Cyber Security Fundamentals for Directors programme delivered on its intention. It took a four pronged approached covering all the key areas essential to a director, including governance, the regulatory and compliance side, capability, and culture, as well as the planning and incident response for when a cyber-attack may happen. It also followed best practice recommendations from the NCSC and Cyber Ireland. This Programme is an essential for all directors."

Karen Herbert, Head of Group Conduct, AIB

“I was drawn to the course as Cyber Security is now seen as a major challenge in our industry. The content was topical, relevant and at the right level for Directors. I completed with a far greater understanding of the many issues covered."

Aidan Coghlan, Group Managing Director, World Travel Centre

“The Cyber Security Fundamentals for Directors course was very effective. Even though I already had "insider" experience as a CIO, I wanted to develop my effectiveness as an INED and the course gave me useful "outside-in" perspective. Also, Bill is a great communicator and can bring participants from every background with him as he turns technical detail into understandable, actionable insight."

David Codd CDir

“I enjoyed the Cyber Security Fundamentals short programme. I obtained some very strong insights into this risk for our business and the learning interaction within the group was excellent. I will use some of the course learnings in my role as a Director and make changes which will help reduce this risk in our organisation."

Turlough Kinane CDir, Director, Thermodial Ltd

“The Cyber Security Fundamentals for Directors programme has given me the tools to help reduce the likelihood of a catastrophic cyber security attack and set a clear framework to react when one occurs. The group discussions and case studies helped put these learnings into practice deepening my understanding and confidence to deal with this challenging issue. I have used this knowledge to stimulate discussions at Board and senior management level about our organisation’s preparedness and the need to develop more detailed policies, especially, when dealing with an attack."

Dr Leonora Bishop, Independent Non-Executive Director

There are 4 morning sessions held from 9:00 am – 12:30 pm.

1. Governance, Technology and Cyber Risk.

Tuesday, 8th April 2025.

9:00 am to 12:30 pm.

Guest speaker to be announced.

2. Regulatory, Legal and Compliance Matters for Boards

Tuesday, 29th April 2025. 

9:00 am to 12:30 pm.

Guest speaker to be announced.

3. Capability and Cyber Culture.

Tuesday, 20th May 2025.

9:00 am to 12:30 pm.

Guest speaker to be announced.

4. Planning and Incident Response – Board Actions.

Tuesday, 3rd June 2025.  

9:00 am to 12:30 pm. 

Guest speaker to be announced.

Session one - Governance, Technology and Cyber Risk

Explore key business drivers and how to obtain senior management support for a robust technology and cyber security programme.

What we’ll cover:

• Board responsibility for exercising appropriate oversight of cyber security risk management.
• Technology and cyber risks management framework
• Board-curious cyber security questions
• Identifying business critical assets and components
• Organisation risk appetite
• Audit and risk committee responsibility for addressing cyber risk
• Embedding basic cyber hygiene into business objectives
• Information Security Management System review

Session two – Regulatory, Legal and Compliance Matters for Boards

Understand the responsibility of boards to ensure their organisations comply with various regulatory, legal and compliance regimes.

What we’ll cover:

• The current and emerging regulatory, legal and compliance landscape
• Building a cyber risk assurance framework
• Understanding the mechanics of a cyber attack
• Development of a board-level threat model
• Balancing cyber security strategies and the impact on operational processes
• Identifying and mitigating internal and external cyber risks

Session three - Capability and Cyber Culture

Discover the Board’s role in building organisational capability and growing a positive cyber security culture designed for business defence.

What we’ll cover:

• The importance of putting people at the heart of security
• Supply chain collaboration on cyber security
• Layering your defences
• Building an organisational cyber security management plan
• Assessing the maturity of cyber security defence measures
• Workforce skills and capability development

Session four - The Social Agenda: The Board’s Role

Equip yourself with the tools you’ll need to plan for a potential cyber security incident.

What we’ll cover:

• The Board’s role in incident management
• The anatomy of a cyber attack
• Responsive incident management plan development
• Recovery plan establishment
• Creating a cyber risk management lifecycle

Introducing Bill McCluggage

Bill is an experienced Managing Director, IT Director, Chief Information Officer (CIO), Chief Technology Officer (CTO), CISO, business and technology consultant, and company Chairman. He has worked for both the public and private sectors.

Bill is currently a Non-Executive Director for the following organisations: FCDO Services, Cocoon Data Technologies and Triangle Housing Association. He is also Chair of the Northern Ireland Fraud Forum and a CIO/CISO Advisor for Tanium. Bill is a former Head of Information Security at Open Banking, and former Irish Government CIO within the Department of Public Expenditure and Reform.

Is this eligible for CPD?

Dimension covered: Technical Skills and Knowledge

Eligible hours: 12 hours of Chartered Director CPD

This session may be eligible for other professional body CPD. Check with your relevant professional body.

Workshop participants will receive a Certificate of Attendance on completion of the session.

What is the cost?

IoD members - €1545 

Non-members - €2050 

It is not possible to book individual sessions, booking is paid for as a whole.

Cancellation and refund policy

Places are confirmed upon full payment. Cancellations with a full refund are accepted in writing to cpd@iodireland.ie until Wednesday, 2nd April 2025.  After this date, no refunds are possible, and all fees are forfeited for cancellations or non-attendance. Please note this virtual but live and interactive series requires live online attendance at each session. Unfortunately, recordings will not be available as part of post-session materials.

Group bookings

Contact the IoD Ireland Learning and Education team on cpd@iodireland.ie or phone +353 1 411 0010.

How do I attend? 

To reserve your space, book and pay through the “Book now” button.

Once registered, we’ll send an email to confirm your booking.

We'll also send a reminder email with a link to access the session closer to the date. You must click the link and confirm your details to receive the direct link to join the workshop.

The event will take place on Zoom. Download Zoom if you don’t have it already. Please ensure you have a working microphone and camera to take part in our interactive workshop.

Want to connect with fellow workshop participants?

All workshop attendees will receive a list of all other workshop participants in advance of the session. This will include name, job title and organisation. If you have any queries around this  please contact the Learning and Education team.

For GDPR reasons, we cannot provide contact details on the attendee list. 

Questions?

For any IoD Ireland Learning and Education Programme queries, email cpd@iodireland.ie or call +3531 411 0010.

As part of IoD Ireland’s remit to support our members in ensuring high standards of cyber security, we developed this programme course taking into consideration guidance from the NCSC and Cyber Ireland. This includes publications, such as the  ‘12 Steps to Cyber Security: Guidance on Cyber Security for Irish Business’.

NCSC

Read more

The National Cyber Security Centre (NCSC) was founded in 2011 and is an operational arm of the Department of the Environment, Climate and Communications (DECC). The main roles of the NCSC are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing.

Cyber Ireland

Read more

Cyber Ireland is the national cyber security cluster organisation that brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland. They aim to enhance the Innovation, Growth and Competitiveness of the companies and organisations which are part of the cluster.