Cyber Security Fundamentals for Directors

Security. Risk. Culture. Regulatory and legal. Compliance. Planning.

Join Bill McCluggage and guest speakers as they examine the key questions directors should ask their executive teams and advisors. These questions are essential to gaining a deep understanding of cyber security risks and impacts on a business.

Bill will take you through:

Governance, Technology and Cyber Risk
Regulatory, Legal and Compliance Matters for Boards
Capability and Cyber Culture
Planning and Incident Response – Board Actions

What you’ll get:

Clarity on where cyber security fits within their overall organisation strategy.
An understanding of the challenges of cyber security to reputation, and overall business and operational performance.
Gain an awareness of the emerging regulatory and legal landscape, and compliance requirements for their organisations.
Develop a grasp of the cultural change that may be needed to deliver a secure organisation and understand the impact of cyber secure strategies on operations, processes, and their supply chains.
Enable board-level attendees to see cyber risk as part of their overall business risk and the critical technology-based drivers in their business.
Gain a sufficient understanding on cyber security to enable an informed and fluent conversation on the performance of their organisation’s cyber risk policies and procedures with their technical cyber security teams.
Develop an action plan for their Board to prepare for, react to and withstand security compromises.

Cyber Security Fundamentals for Directors Information Session

Join us on Thursday, February 27th 2025 at 1:00 pm for an information session with programme lead, Bill McCluggage. In this session, Bill will be guiding you through the learning outcomes for the programme, the modules that will be covered and answering any questions you may have.

The information session will be hosted via a Zoom webinar and will last no longer than an hour. You can register using the button below.

Register Now

What people are saying

“The IoD Ireland Cyber Security Fundamentals for Directors programme delivered on its intention. It took a four pronged approached covering all the key areas essential to a director, including governance, the regulatory and compliance side, capability, and culture, as well as the planning and incident response for when a cyber-attack may happen. It also followed best practice recommendations from the NCSC and Cyber Ireland. This Programme is an essential for all directors."

Karen Herbert, Head of Group Conduct, AIB

“I was drawn to the course as Cyber Security is now seen as a major challenge in our industry. The content was topical, relevant and at the right level for Directors. I completed with a far greater understanding of the many issues covered."

Aidan Coghlan, Group Managing Director, World Travel Centre

“The Cyber Security Fundamentals for Directors course was very effective. Even though I already had "insider" experience as a CIO, I wanted to develop my effectiveness as an INED and the course gave me useful "outside-in" perspective. Also, Bill is a great communicator and can bring participants from every background with him as he turns technical detail into understandable, actionable insight."

David Codd CDir

“I enjoyed the Cyber Security Fundamentals short programme. I obtained some very strong insights into this risk for our business and the learning interaction within the group was excellent. I will use some of the course learnings in my role as a Director and make changes which will help reduce this risk in our organisation."

Turlough Kinane CDir, Director, Thermodial Ltd

“The Cyber Security Fundamentals for Directors programme has given me the tools to help reduce the likelihood of a catastrophic cyber security attack and set a clear framework to react when one occurs. The group discussions and case studies helped put these learnings into practice deepening my understanding and confidence to deal with this challenging issue. I have used this knowledge to stimulate discussions at Board and senior management level about our organisation’s preparedness and the need to develop more detailed policies, especially, when dealing with an attack."

Dr Leonora Bishop, Independent Non-Executive Director

There are 4 morning sessions held from 9:00 am – 12:30 pm.

1. Governance, Technology and Cyber Risk.

Tuesday, 8th April 2025.

9:00 am to 12:30 pm.

Guest speaker to be confirmed.

2. Regulatory, Legal and Compliance Matters for Boards

Tuesday, 29th April 2025.

9:00 am to 12:30 pm.

Guest speaker for this session will be Colin Rooney, Partner, Arthur Cox LLP.

3. Capability and Cyber Culture.

Tuesday, 20th May 2025.

9:00 am to 12:30 pm.

Guest speaker for this session will be Dr Valerie Lyons, Director and Chief Operating Officer, BH Consulting.

4. Planning and Incident Response – Board Actions.

Tuesday, 3rd June 2025.

9:00 am to 12:30 pm.

Guest speaker for this session will Elaine Hanley, Partner, IBM Consulting.

Session one - Governance, Technology and Cyber Risk

Explore key business drivers and how to obtain senior management support for a robust technology and cyber security programme.

What we’ll cover:

Board responsibility for exercising appropriate oversight of cyber security risk management.
Technology and cyber risks management framework
Board-curious cyber security questions
Identifying business critical assets and components
Organisation risk appetite
Audit and risk committee responsibility for addressing cyber risk
Embedding basic cyber hygiene into business objectives
Information Security Management System review

Session two – Regulatory, Legal and Compliance Matters for Boards

Understand the responsibility of boards to ensure their organisations comply with various regulatory, legal and compliance regimes.

What we’ll cover:

The current and emerging regulatory, legal and compliance landscape
Building a cyber risk assurance framework
Understanding the mechanics of a cyber attack
Development of a board-level threat model
Balancing cyber security strategies and the impact on operational processes
Identifying and mitigating internal and external cyber risks

Session three - Capability and Cyber Culture

Discover the Board’s role in building organisational capability and growing a positive cyber security culture designed for business defence.

What we’ll cover:

The importance of putting people at the heart of security
Supply chain collaboration on cyber security
Layering your defences
Building an organisational cyber security management plan
Assessing the maturity of cyber security defence measures
Workforce skills and capability development

Session four - The Social Agenda: The Board’s Role

Equip yourself with the tools you’ll need to plan for a potential cyber security incident.

What we’ll cover:

The Board’s role in incident management
The anatomy of a cyber attack
Responsive incident management plan development
Recovery plan establishment
Creating a cyber risk management lifecycle

Bill McCluggage Programme Lead and Chief Information Officer Expert

Bill is an experienced Managing Director, IT Director, Chief Information Officer (CIO), Chief Technology Officer (CTO), CISO, business and technology consultant, and company Chairman. He has worked for both the public and private sectors. Bill is currently a Non-Executive Director for the following organisations: FCDO Services, Cocoon Data Technologies and Triangle Housing Association. He is also Chair of the Northern Ireland Fraud Forum and a CIO/CISO Advisor for Tanium. Bill is a former Head of Information Security at Open Banking, and former Irish Government CIO within the Department of Public Expenditure and Reform.

Colin Rooney Programme guest contributor and Partner, Arthur Cox LLP

Colin is a partner in the Technology and Innovation Group of Arthur Cox LLP. Colin’s practice has a strong emphasis on information management issues. In this context, Colin advises on a wide variety of data issues, from day-to-day data protection advice to cross-jurisdictional data sharing projects and online data/information regulation. Colin has particular expertise advising clients on data related regulatory and enforcement actions, notably involving the Irish Data Protection Commission. Colin also advises on information technology, online trading matters, and has extensive experience advising both international and domestic clients on commercial IT agreements. He is recommended in the most recent editions of each of Chambers Europe and The Legal 500.

Dr. Valerie Lyons Company Director, and Chief Operating Officer, BH Consulting

Dr. Valerie Lyons Company Director, and Chief Operating Officer, BH Consulting. Author of the best-seller ‘The Privacy Leader Compass’ and included in the ‘Top 100 Women in Cybersecurity in Europe’. Dr. Lyons is an accomplished and driven cybersecurity and privacy leadership expert. Her career spans over 30 years - working in both cybersecurity and privacy teams. She has worked for several global organisations, such as IBM, KPMG, and ABB, and was former Head of Information Security Risk in KBC Bank for almost 15 years. Dr. Lyons is the Chief Operations Officer in BH Consulting since 2015. She has an in-depth knowledge of European data protection law and practices, and frequently presents at renowned international security and privacy conferences (such as RSA, COSAC, ISACA and CPDP). She has also lectured in Dublin City University on Privacy, Cybersecurity and Digital Ethics. In 2022, Dr Lyons was awarded a PhD in Information Privacy for her research into privacy in the ESG suite. She also holds a Masters in Business Leadership, along with a post-grad in Executive Coaching, and a postgrad in Cloud Computing Strategy. She is a certified CISSP for almost 25 years, and is also qualified as a CDPSE and CIPP/E. She is an honorary fellow of The Irish Information Security Forum (IISF) since 2004 and a member of the European Data Protection Board’s pool of experts.

Is this eligible for CPD?

Dimension covered: Technical Skills and Knowledge

Eligible hours: 12 hours of Chartered Director CPD

This session may be eligible for other professional body CPD. Check with your relevant professional body.

Workshop participants will receive a Certificate of Attendance on completion of the session.

What is the cost?

IoD members - €1545

Non-members - €2050

It is not possible to book individual sessions, booking is paid for as a whole.

Cancellation and refund policy

Places are confirmed upon full payment. Cancellations with a full refund are accepted in writing to cpd@iodireland.ie until Wednesday, 2nd April 2025. After this date, no refunds are possible, and all fees are forfeited for cancellations or non-attendance. Please note this virtual but live and interactive series requires live online attendance at each session. Unfortunately, recordings will not be available as part of post-session materials.

Group bookings

Contact the IoD Ireland Learning and Education team on cpd@iodireland.ie or phone +353 1 411 0010.

How do I attend?

To reserve your space, book and pay through the “Book now” button.

Once registered, we’ll send an email to confirm your booking.

We'll also send a reminder email with a link to access the session closer to the date. You must click the link and confirm your details to receive the direct link to join the workshop.

The event will take place on Zoom. Download Zoom if you don’t have it already. Please ensure you have a working microphone and camera to take part in our interactive workshop.

Want to connect with fellow workshop participants?

All workshop attendees will receive a list of all other workshop participants in advance of the session. This will include name, job title and organisation. If you have any queries around this please contact the Learning and Education team.

For GDPR reasons, we cannot provide contact details on the attendee list.

Questions?

Reach out to Gillian, our Learning and Education Manager, if you would like more information about our upcoming workshops by emailing cpd@iodireland.ie or calling +353 1 411 0010.

As part of IoD Ireland’s remit to support our members in ensuring high standards of cyber security, we developed this programme course taking into consideration guidance from the NCSC and Cyber Ireland. This includes publications, such as the ‘12 Steps to Cyber Security: Guidance on Cyber Security for Irish Business’.

NCSC

The National Cyber Security Centre (NCSC) was founded in 2011 and is an operational arm of the Department of the Environment, Climate and Communications (DECC). The main roles of the NCSC are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing.

Cyber Ireland

Cyber Ireland is the national cyber security cluster organisation that brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland. They aim to enhance the Innovation, Growth and Competitiveness of the companies and organisations which are part of the cluster.