Cyber Risk Management Frameworks and Implementation

Date: Thursday, May 2, 2019
Instructor: Lynn Fountain
Begin Time:  12:00pm Pacific Time
1:00pm Mountain Time
2:00pm Central Time
3:00pm Eastern Time
CPE Credit:  2 hours for CPAs

In today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management. Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. It is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach.

Multiple risk management frameworks exist including:
• NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
• ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission
• FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council
• SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations
• FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses

Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework:
• Identify
• Protect
• Detect
• Respond
• Recover

In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization. The course utilizes the NIST framework as a guide for application.

Who Should Attend
Information technology specialists, Internal auditors, Professionals considering the role of internal audit, Chief Audit Executives, Accountants and Finance professionals, CFOs, CEOs, Legal and Compliance professionals, Board members and Audit Committee members.

Topics Covered

  • Attributes critical to the proper establishment of a cyber risk management program
  • Concepts and apply thoughts as to how each component should be evaluated for your organization
  • How to utilize the NIST framework as a guide for application

Learning Objectives

  • Recognize and apply effective cyber frameworks
  • Identify the National Institute of Standards and Technology (NIST) cyber framework
  • Describe components of the NIST cyber framework and their applicability to any framework
  • Recognize the concept of framework tiers and profiles
  • Identify steps to implement a framework

Level
Basic

Instructional Method
Group: Internet-based

NASBA Field of Study
Information Technology (2 hours)

Program Prerequisites
None

Advance Preparation
None

Registration Options
Individual
Group
*Note: 3 or more qualifies for discounted Group Participant Fee
Fees
Regular Fee $100
Group Participant Fee $77

 Chat — Books Support