WMISACA Winter Seminar 2025 - Cyber Impact and Strategy Analysis

Starts:  Jan 21, 2025 08:30 (ET)
Ends:  Jan 22, 2025 12:30 (ET)
Associated with  Western Michigan Chapter

You are invited to the WMISACA Winter Seminar 2025 starting on Tuesday, January 21, 2025 and ending on Wednesday, January 22, 2025.

 

Cyber Impact and Strategy Analysis

Presented by:

Steven J. Ross, CISSP, MBCP, CDPSE, CISA

Risk Masters International

 

This is a two 1/2 day event

Cost

Members $75

Non-Members $85

Registration Deadline

January 17, 2025

Event Dates

Tuesday and Wednesday, January 21st and 22nd, 2025

Time

8:30am – 12:30pm (EST) each day

 

Summary

Senior management often has two questions regarding cyberattacks: How would cyberattacks affect our organization and what should we do about them. Business Impact Analyses, as they have been performed for decades, are inadequate. The determination of RTO and RPO may be meaningless in the face of stolen information and ransomware attacks that reflect what business leaders would like to be done rather than what IT can do. Moreover, new government rules require analysis and disclosure that necessitate an understanding by executive management of what the impact of a cyberattack would be if an attack were to occur. This one-day seminar/workshop, combining instruction with a hands-on case study, presents practical methods for understanding the potential impact of cyberattacks, as the basis for remediation, reporting and recovery.

 

Who Should Attend?  

This seminar is designed for Management and staff in Information Security, Business Continuity Management, IT Auditing, Risk Management, Finance, Office of General Counsel.

 

Learning Objectives

Participants in this seminar will learn:

  • How cyberattacks change the context of Business Impact Analyses
  • The differences in effects of different types of cyberattacks
  • How to conduct a Cyber Impact Analysis
  • Different techniques to develop cyberattack recovery strategies
  • How IT can shorten the time needed for recovery
  • Including insurance in cyber resilience strategies
  • How to plan for resilience over the longer term

 

Seminar Outline:

 

  1. The Context of Cyber Impacts
    1. Different types of attacks, different impacts
      1. Theft of information
        1. Personally identifiable information (PII)
        2. Secrets
        3. Digital resources
      2. Attacks on data integrity
        1. Ransomware
        2. Destructive attacks
      3. Inability to perform business activities
        1. Untrusted information
        2. Lost or unavailable data
    2. How the impacts would be felt
      1. Financial
      2. Sales
      3. Operational
      4. Reputational
      5. Regulatory
      6. Societal
    3. Case study exercise #1
  2. Why Traditional Business Impact Analyses Are Inadequate
    1. Planned vs. actual variance
    2. Emphasis on premises, personnel and equipment
    3. Lack of meaningful metrics
    4. Do Business Impact Analyses still make sense
  3. The Cyber Impact Analysis Process
    1. Scope and objectives within the cyberattack cycle
      1. Awareness through post-recovery
      2. The "Danger Zone"
    2. Planning
      1. Top-down versus bottom-up
    3. Research
    4. Data gathering
      1. IT view of impacts
      2. Business view of impacts
    5. Analysis
      1. Leading to strategies
      2. Categorization
        1. Data theft
        2. Critical application unavailability
    6. Reporting
      1. Obtaining buy-in for needed changes
    7. Case Study exercise #2
  4. Strategies to Mitigate Business Impact of Cyberattacks
    1. Dependency-based strategic approaches
      1. Cash flow and capital 
      2. Human resources
      3. Information
      4. Technology
      5. Systems
      6. 3rd parties
      7. Equipment
    2. Business process-based strategic approaches
      1. Procure to Pay (P2P)
        1. Financial systems
        2. Alternate SaaS applications
      2. Order to Cash (O2C)
        1. Contingent arrangements
        2. Co-opetition
      3. Case Study exercise #3
  5. Strategies to Shorten System Recovery Times
    1. Digital Forensics and Incident Response (DFIR)
    2. Cyber health check
    3. Scanning software and data
    4. Retention of backups
    5. Practice
    6. The Human Factor
  6. Cyber Insurance to Mitigate Cyber-Related Losses
    1. Cyber insurance concepts
    2. Cost and coverage
    3. Policy complexity
      1. Cyber Liability vs. Cyber Breach insurance 
      2. First Party vs. Third Party insurance
      3.  Other cost factors
  7. Long-Term Cyberattack Mitigation Strategies
    1. Cyber-response governance
    2. Specialized personnel
    3. Zero Trust Architecture
    4. Threat intelligence
    5. Artificial intelligence
  8. Conclusion
Register Now