Cybersecurity Oversight for Boards
Board directors, trustees and advisory board members play a crucial role in the governance and stewardship of publicly and privately owned organizations.
Note: Due to the in-person nature of this training, there is a minimum number of participants required for each training cohort. Contact us for more details.
Course Information
Investment
$850 CAD per person
Course Dates and Times:
Inquire for more details
Cybersecurity knowledge is crucial to fulfill fiduciary duties and make informed strategic decisions in an increasingly complex world.
Malicious attacks are escalating at an unprecedented rate - both in terms of severity and sophistication. Organizations understand the massive threat that ransomware, data-breaches and hacking pose to their business and their customers. Corporate espionage, data exfiltration and intellectual property theft are at an all-time high, leading to catastrophic economic and reputational damage for victims.
The global cybersecurity market is projected to surpass $500B U.S. dollars by 2030 (Bloomberg). Understanding the nature of cybersecurity risk is essential to managing business risk. It’s imperative that board members have a nuanced understanding of cybersecurity to ensure the necessary measures are in place to protect sensitive data, maintain compliance, and mitigate cyber risks.
Why Take This Course?
- 1. Understanding Cyber Risks: Cybersecurity threats are a significant risk to organizations in today's digital age. Directors need to have a fundamental understanding of these risks to make informed decisions about cybersecurity strategy and investments.
- 2. Legal & Regulatory Compliance: Many industries are subject to cybersecurity regulations and compliance requirements. Directors can be held liable for breaches or non-compliance. A cybersecurity course can help them understand their legal obligations and how to ensure the organization remains compliant.
- 3. Protecting Reputation: Cybersecurity incidents can severely damage an organization's reputation. Directors who are well-versed in cybersecurity can help the company take proactive measures to protect its image and brand.
- 4. Strategic Decision-Making: Directors play a crucial role in setting an organization's strategic direction. A cybersecurity course can provide them with the knowledge needed to make informed decisions about cybersecurity investments and priorities.
- 5. Effective Oversight: Directors are responsible for overseeing the organization's management, including its cybersecurity program. Understanding the basics of cybersecurity allows them to ask the right questions, assess the effectiveness of the cybersecurity program, and hold management accountable.
- 6. Cybersecurity as a Competitive Advantage: In some industries, strong cybersecurity measures can be a competitive advantage. Directors who understand this can advocate for cybersecurity as a strategic asset rather than just a cost center.
- 7. Communication with IT and Security Teams: Directors with cybersecurity knowledge can communicate more effectively with IT and security teams. This can lead to better collaboration and a shared understanding of priorities and risks.
- 8. Cybersecurity Governance: Directors are responsible for establishing and maintaining effective governance structures within the organization. A cybersecurity course can help them understand how to integrate cybersecurity into the overall governance framework.
- 9. Incident Response Planning: Directors need to know how to respond effectively to a cybersecurity incident. A cybersecurity course can provide insights into incident response planning and help directors understand their role in the process.
- 10. Continuous Learning: Cyber threats are constantly evolving, so directors must stay informed about the latest developments in cybersecurity. Taking a course is a structured way to ensure ongoing learning and awareness.
(2023) Source: CVG Strategy
“Colonial Pipeline Co. and its owners acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack, a proposed Georgia federal court class action alleges.”
(2021) Source: Bloomberg Law
“The Suncor attack likely to cost company millions of dollars.”
(2023) Source: Financial Post
“Solar Winds executives receive Wells Notice from U.S. SEC.”
(2023) Source: Reuters
“The global average cost to companies of a data breach hit an all-time high in 2022 of US$4.35 million, a 13 per cent increase from 2020. In the United States, the average cost to companies of a data breach in 2022 was US$9.44 million.”
(2022) Source: IBM
Course Details
AUDIENCE
If you are currently sitting on a board, or are aspiring to enter the world of governance, learning the basics of cyber risk management is an invaluable investment for your enterprise and for yourself.
Our Cybersecurity Oversight for Boards course is geared towards:
Board members
Aspiring board members
Senior executives
Technical expertise is not expected or required.
OVERVIEW
The primary goal is to cover basic board-level governance, risk and compliance with regard to information security policy management. You will begin to understand how cybersecurity programs operate to empower board directors to be effective partners with CISOs and their teams. Together you will be able to better identify and mitigate risk to your organization, your customers, shareholders and other stakeholders. There are five live sessions with the cohort of executives led by the course instructor:
- Board-level Cybersecurity Basics
- Risk Management Fundamentals for the Digital Economy
- Compliance Frameworks
- Budgets and Resource Allocation
- Policy and Practice
This master course is delivered in 5 live instructor-led Zoom sessions of 60 minutes including:
12.5 hours of recorded lectures focusing on board director cybersecurity topics
Access to 30 total hours of graduate-level lectures (including slides and speaker notes)
Security Scorecard “Cybersecurity in the Board Room” curriculum and exam/certification ($5,000 Value)
BENEFITS & LEARNING OUTCOMES
Upon completion of this master course, the participant will gain a high-level understanding and management view of information security: what it is and what drives the requirements for cybersecurity programs. The primary goal is to cover basic board-level governance, risk and compliance with regard to information security policy management as well as the practice cybersecurity programs to help boards be effective partners with CISOs and their teams to identify and mitigate risk to their organizations, their customers, shareholders and other stakeholders.
- Feel confident in fulfilling your fiduciary duty by knowing the right questions to ask and if the answers from management are suitable
- Align your enterprise’s digital strategy with modern cybersecurity frameworks, policies and procedures
- Improve your CV for board recruitment
- Better understand the unique dimensions of cyber risk
- Identify key indicators of resilience to reduce the impact of business disruptions
- LinkedIn credential (certification badge)
Course Outline
Each live session has an optional “pre-read” which prepares the cohort for each weekly topic. Participants are not required to view the pre-read lectures, but have access to them as part of the course offering for those who enjoy self-paced further study of the concepts and themes around cybersecurity and effective governance of information security programs in their organization.
-
a. What is risk?
b. C.I.A. triad, the three pillars of information security
c. Data classification, the first step in understanding business’ critical assets
d. Risk quantification and objective measures of security
-
a. Audits, Assessments and Observability
b. Change Control and Software Development
c. Who’s Watching the Watchers?
d. Threat Intelligence
-
a. SOC2 (Type1 and Type2, US focus) and ISO27001 (international focus)
b. NIST 800-53 and NIST 800-171
c. PCI (Payment Card Industry)
d. CIS Top Controls (Center for Internet Security)
e. GDPR (Europe) / PIPEDA (Canada)
-
a. People, Process and Tools
b. Identity & Access Management
c. Privileged Identity Management
-
a. Information Security Policy = WISP + SIRP
b. Social Media Policy
c. Protecting your Identity, Data and Family
d. Secure Development Initiatives
e. Tabletop Exercises and Red Teaming
About Your Instructor
Mike Wilkes
Mike Wilkes is a Chief Information Security Officer that has built, transformed and protected companies such as SecurityScorecard, ASCAP, Marvel, AQR Capital, ING Bank, Rabobank, CME Group, Sony Playstation, Macy's as well as European banks and airlines. Nominated in 2020 to the World Economic Forum as a technology pioneer, he provides thought leadership on cyber resilience in the oil and gas industry as well as quantum security working groups. A graduate of Stanford University and author of a book for Cisco Press in 2002, he is a featured speaker at technology conferences for Black Hat, Gartner, GovWare, and SANS. Currently Mike is a Cybersecurity Adjunct Professor at NYU and Columbia University.
