Cybersecurity Standards versus Hackers and Government

Starts:  Oct 28, 2020 6:00 PM (ET)
Ends:  Oct 30, 2020 9:00 PM (ET)

The final day class registration will be closed on October 20th, 2020 at 11:45 pm. No exceptions are made.

Due to COVID-19 this event will be online only.

" Please register for this class using private email address (gmail, yahoo, aol, hotmail address) and not your organizations's email address. Many organizations block emails with attachments and block webex links"

This is a 3-day virtual seminar, combining lecture with a case-study based workshop that introduces I.T. and Cybersecurity Professionals to the principles, structure and practical implementation
guide for Cybersecurity standards and frameworks.  It includes standards, methodology, review and audit techniques implementation and operations of cybersecurity standards.  The class also touches similarities and differences in Cybersecurity standards forIT security and Privacy based on General Data Privacy Regulation (GDPR).

CPEs:  10
Wed 28th October 6pm-9pm
2-hours topic:
 1. Are you smart enough? This part will explain why people create standards. The challenge is that some security professionals are trying to create their own rules, solutions etc. and from our experience, they all have shortcomings. So, it is better to follow one of the cybersecurity standards; since standard creators seriously concentrate on this subject, collaborating with multiple professionals and going through multiple tests before approval.
So, the question is, are you smarter than a group of people that are widely respected that have been analyzing cybersecurity for many years? 

2. What Cyber Security Standards are and what they are not?  Standards are basic recommendations that are very flexible and can be easily adapted. Many organizations are afraid to adapt a standard as they think that they are hard or complex and would require them to change their business processes. However, standards do not require companies to change their processes. Standards do not recommend physical technology or methods as a solution. We will show some standard techniques to demonstrate how it can be implemented in your day-to-day operations. 

3. Comparison We will be comparing NIST, ISO27001, PCI, SOC2 standards. Similarities and differences. Pros and Cons. What to adapt and when.  - Certifiable standards - Self-attestation standards - Auditors - How to communicate with auditing organizations - Relationship between auditors and certifying bodies.   

4. Selecting the right framework for you - Types of organizations and legal requirements - Industry accepted standards - Cost - Terms of certification - Self-attestation


1-hour hands on training, Q/A session


Thu 29th October 6pm-9pm

2-hours topic: 

1. Risk assessment and management methodologies Why risk is the foundation of all the standards. How risks should be managed. The basics and some recommendations. We will start with a simple
way of managing risk and go up to the complexity of quantifying risk and FAIR ideas.  - Likelihood - Impact - Risk rating - Value assignment (FAIR methodology) - Risk based budgeting

2. Benefits of Implementation We will discuss how standards should be implemented. Where to start, what tools to use. What is the sequence of actions to make implementation?  - Maturity of the
organization - Budgeting - Scheduled activities - Reviews, KPIs, self-audit and attestation.   

 3. Implementation guidelines.  - Starting with data classification - FISMA CIA factors - Governance - KPIs - Roles and responsibilities - Incident organization  - Relationship of incidents to risk likelihood - Controls selection - Policies and procedures, documentation management - Artifacts - SecOps - Incident management - Audits and reviews Explanation of ISMS cycles and reviews. Connection to KPIs. 

 1-hour hands on training, Q/A session


Fri 30th October 6pm-9pm

2-hours topic:

1. Creating an ISMS for a sample company - Legal analysis - Implementation - Creating an ISMS for a sample organization - Establishing ISMS baselines - Risk analysis - Controls and implementation - Maturity of the controls and implementations. - Artifacts - SecOps - Incidents - Self-audits - Review of the result and compliance with the law

2. Analysis of current attack vectors and effectiveness of standards in defending We will analyze current attacks and show how controls used in standards will defend a company from such attacks.
Will concentrate on situations when pure technology cannot protect. 

3. Analysis of current laws and regulations and effectiveness of standards in addressing the laws We will discuss laws and requirements of organizations like NYS DFS 500, GDPR, PCI requirements,
SEC requirements, etc. And how the implementation of standards can help cover regulations requirements. 

4. What is next  More info on the implementations, cases, question/answers. 

1-hour hands on training, Q/A session