A cyberliteracy & strategy program for your Board...
Learn to Govern Cyber Security
Safeguard your most critical data assets & be prepared to withstand a cyber attack.
Let's meet the cyber security challenge
The open ecosystem of the Internet has given enormous power to cyber criminals. The accountability (and expectations) of Board members must grow to meet this security challenge. Simply understanding that threats exist but choosing to ‘wait and watch’ is no longer an acceptable strategy. Board oversight and leadership on this issue has never been more important. “How to Govern Cyber Security” will show you how to develop a Board-level cyber security strategy and embed it into your governance framework.
The cyber threat is real and on our doorstep...
The emergence of cloud technology, mobile, analytics and global interconnectivity have emboldened a new class of sophisticated attacker capable of deploying devastating, multi-staged cyber attacks. System breaches great and small have more than doubled in the past five years.
In 2017, a Report produced by IT security company, Symantec, paints a picture of an evolving cyber risk. It found:
460,000+
ransomware detections with an average amount of $1077
375 MM
new malware variants were discovered in 2016 (by Symantex alone)
2 minutes
is all it takes for an Internet of Things device to be attacked (across all sectors like energy, transport, etc.)
1.1 B
identities were exposed in 2016
Meet Monica Schlesinger
Monica is an experienced I.T. architect and systems integrator, and has managed large implementations across education, transport, telecommunications and banking industries. The list of projects includes one of the first Check Point firewall implementations in Australia back in 1995, the management of the Perimeter security project for one of the top four banks, the firewall project for a tier one university and the creation of a medical records aggregation tool, currently used by the majority of Primary Health Networks in Australia.
But she is not just a technologist either…
Monica is herself an experienced director and currently sits on the Boards of Australian Pharmacy Council, Medical Software Industry Association, Sydney City Institute, Foundation for Australian Agricultural Women and Espace P/L and Advisory Boards Group International.
Now, Monica has partnered with Conscious Governance to spearhead “How to Govern Cyber Security”. She looks at cyber security from the perspective of a seasoned Board member who is also a trained expert and understands how to implement and manage risk at the enterprise and board level.
It’s easy to feel overwhelmed by the IT jargon and the complexity of global information technology. This confusion has allowed cyber security myths to take hold in the Boardroom...
3 potentially damaging cyber security myths that need fast re-evaluation
1. ‘We won’t be targeted as we have nothing worth stealing.'
You may think your organization is an unlikely target for a hacker. The reality is, regardless of its size or the nature of its cause, even the smallest organization has valuable data that is often poorly secured. Why? Because many attacks simply scan the Internet for vulnerabilities in routers or computers that are not patched or up to date. Not to mention the so-called 'zeroday' vulnerabilities (for which the originating vendor has no solution or patch).
Ask yourself, which of the following sensitive information does your organization collect?
Client, donor or trustee data, client email addresses, physical addresses, passwords, bank information or financial records, healthcare information, perhaps even confidential email threads.
Any of this data could be a lucrative target for a ‘career cybercriminal’. That is, of course, if the hacker knows you exist to begin with. The vast majority of cyber attacks are carried out through scanning the Internet. Always consider yourself a target and remain on high alert.
2. ‘Cyber security is a technical process for the IT department to handle.'
Cyber security is no longer an IT issue; it’s a governance issue that requires coordination from the CEO and management with support by participation from many departments. Why is this the case? The answer is simple: cyber security is not just a technical problem, or extreme risk – it’s also a people problem. It’s people that pose the biggest threat to secure information.
A 2015 HM Government Information Security Breaches Survey found that 81 per cent of large organizations reported some staff involvement in the breaches they suffered. If an employee misuses their access to restricted material, either to cause harm or simply through negligent behavior, the results could be damaging. Cyber security calls for more holistic, business-focused approach and strategic thinking beyond the IT department.
3. ‘The cyber challenge is too new, too vast and too difficult for us to do anything about.'
In the words of FBI director Robert Mueller, "There are only two types of companies: Those that have been hacked and those that will be hacked."
Those who choose to do nothing more than ‘wait and watch’ are putting themselves at risk of significant financial, competitive, and reputational damages when a data breach finally occurs.
With a tide of new regulation, Directors face significant repercussions if they are found negligent in their duties. High profile attacks have seen additional derivative law-suits in the US against the directors. New regulation in Australia (Mandatory data breach notification scheme), in Europe (General Data Protection regulation) will see huge fines for corporations and individuals.
Upon reflection, FBI Director Robert Mueller's statement could be considered out of date. In today's environment, “There are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.”
Start here: Never allow your stakeholders to ask “Where was the Board?”
‘How to Govern Cyber Security’ is a cyberliteracy and strategy program for your Board. It will show you how to elevate the cyber security discussion in the Boardroom and provide you with the process to create a cyber security strategy and governance framework that will substantially reduce your cyber risk exposure.
Not only will it bridge the gap in Boardroom cyberliteracy, this program will ensure that security becomes part of your ongoing business strategy.
If one thing has become certain, it’s that the Board can no longer claim ignorance. The discussion in the Boardroom must move from acknowledgment to commitment and take full accountability.
Act now and be prepared...
“How to Govern Cyber Security” is ideal for Chairs, Finance/Audit/Risk Management committees, individual Directors and Trustees, senior executives, and all governance professionals.
Here's what you will learn:
- How to become a ‘Cyber champion director’, and know what questions to ask at the Board table
- How to identify your “crown jewels” (critical data assets) and take measures to defend them against an inevitable breach
- How to establish a cyber security strategy that balances finite resources with an intelligent defense management system
- How to detect and avoid leading causes of system penetration such as spear phishing
- How to improve your cyberliteracy, enabling the Board to speak a common language when assessing their risk oversight capabilities
- How to prioritize cyber security in the Boardroom and stay ahead of new regulation by establishing a specialist FARMS committee
- How to establish layers of accountability within Board and management when thinking about your organization’s vulnerabilities
The most prepared organizations typically experience fewer incidents than their counterparts. They also sustain less damage and achieve far quicker recovery times.
Ready for you Now!
'How to Govern Cyber Security'
$390
- 9 easy-to-digest sessions (see program outline)
- 7 PDF downloads including a workplace culture booklet
- 6 informal 'strategy-conversations' with presenter Monica Schlesinger & Steven Bowman
- Lifetime access, so you can reference the program into the future
Program Outline
- Getting yourself ready to govern cyber security
- Where do you start in developing a Board-level cyber security strategy
- Engaging senior management to inform the cyber risk register
- Embedding cyber security into your Governance
- Framework
Implementing a cyber security framework - Board subcommittee reporting
- Case studies and statistics
- Practical ways to protect yourself as an individual
- Busting the 3 most common cyber security myths
- BONUS: 6 informal 'strategy-conversations' with presenter Monica Schlesinger & Steven Bowman
Downloads & Worksheets
- Cyber Security Developments in Australia & Globally
- Sample Cyber Security Strategy Worksheet
- Questions for Board Members to Ask About Cyber Strategy
- Cyber Security Strategy On One Page Template
- Sample Cyber Security Strategy On One Page
- Embedding Cyber Security into a Governance Framework
- Steps to Create a Cyber Security Framework
- Cyber Security Governance Framework
- Creating Lines of Defense Dashboard
- FARMS Committee Report
- Cyber Security Policy Sample
- Practical Ways to Protect Yourself as a Director or Officer
Have a question?
If you have a question about 'How to Govern Cyber Security', please email: robert[at]consciousgovernance.com
FAQs
Who would benefit from this program?
“How to Govern Cyber Security” is ideal for Chairs, FARM committees, individual Directors and Trustees, senior executives, and all governance professionals.
How do I view the program?
When you purchase this program, your chosen email and password become your login credentials. Your login will be automatically emailed to you.
I want to change my login details. How do I do this?
No problem -- notify us by email and we will make this happen for you.
What if I am a peak body and have member organizations?
You have two options: You can fund the program for selected organizations as part of your member benefits.
If you buy a bulk quantity of subscriptions we can offer some scholarships to relevant member organizations.
What if I don't want to pay by credit card or PayPal?
We are happy to offer a tax invoice to process your payment. Just notify us by email and we will send it to you.
What if I can't login?
Most problems are caused by typo errors in your email. Notify us and we will sort it out for you.
Disclaimer
The advice given is general and may not cover all or any of the aspects of your particular organization setup or be applicable to particular situations. There is no guarantee that even if all the measures described/discussed are taken, the individual or organization will be 100% protected against malware, hacking, ransomware, or any other form of cyberattack. Advisory Boards Group & Conscious Governance, all its officers, staff and contractors do not accept any liability for any acts in connection with the delivery of this course. The information presented in this online course or the downloads do not constitute personal or business advice. Organization names mentioned in the materials or recordings are not necessarily endorsed or recommended by the Advisory Boards Group for your specific network or devices The sources of information used, despite believed to be reliable, are not guaranteed to be so. Please contact your legal, financial or other advisor for any clarification or questions