Cybersecurity Awareness - What Managers Need to Understand & How to Train their Staffs
This session is oriented towards corporate & professional services managers. This is for 8 hours of CPE, on-site class instruction with significant class interaction.
Assist finance and accounting managers in understanding the critical topics related to cybersecurity awareness. This includes understanding the different ways their organization addresses corporate cyber-risk. The non-technical manager will be better prepared to ask questions related to their department’s security risk exposures and train their staff.
Pete teaches with an interactive discussion style and will dive deep into specific situations experienced or exposure concerns of the class participants. Real life examples will be discussed, along with knowledge transfer that can be used for your follow up actions at work to build cybersecurity awareness with your staff.
- Risk Exposure - Why do we need our staff to be alert? Discussion of various exposures and impact to corporate assets & reputation. Group discussion on their personal observations about company exposures, threats, and incidents.
- Introduction to Trust Services Criteria: What a non-technical manager should understand about the main principles and how used by their functional area: Security, Availability, Integrity, Confidentiality & Privacy
- Threats --- How we could be attacked? Discussion of various types of attacks & how you can train your staff not to fall victim to the social engineering attacks. It is not just your IT departments responsibility. Group discussion on your observations of your company’s response to such incidents.
- Acceptable Use Policy: What do we communicate to our employees / contractors / vendors?
- Group discussion of your company’s ‘Acceptable Use Policy’, typically an HR distributed document that is signed by each employee, regarding use of corporate laptops, cell phones. What personal activity is allowed and is there any effort to monitor such usage? Any penalty or disciplinary action if policy is violated?
- Group discussion on how should they best communicate & train staff on ‘Acceptable Use Policy’ and Employee Data Privacy?
- Identify & Access Policy: Who should be authorized and what data / applications should they be allowed access to?
- Group discussion on how managers train staff and follow up with IT / Security when employee job functions change
- Risk Management – Where are our key risks and how do we mitigate risk?
- The risk management process: Identify, analyze, determine business impact, then determine best means to mitigate (or transfer via cyber insurance, avoid or accept risk)
- Group discussion: What are your key corporate assets & what happens if a specific asset is lost or becomes unavailable, breached or altered?
- Data Classification & Privacy: Do you know where your data is and if it is properly protected? What safeguards are in place to classify data, determine data security, backup / recovery processes, encryption & retention policy. Are you GDPR compliant?
- Class summary
- Group discussion on how managers can efficiently train their staff on cybersecurity awareness, which topics and key company policies should be covered. Additional sources of materials they can use to educate themselves and staff. Sample of questions they should be asking of their corporate IT and security executives
Primary Instructor - Pete Nassos, CPA, CPCU, CITP, SOC for Cybersecurity: Pete brings a broad and deep business experience to this course, with over 38 years corporate experience at DuPont, KPMG, Dell Services and enterprise software firms. He has worked with many large corporate clients developing process & control improvement projects, along with outsourced, managed services engagements. Pete is AICPA certified to provide cybersecurity risk assessments and attest reports. He is also a licensed insurance agent and advises clients on procuring appropriate insurance policy terms, with focus on professional liability & cyber-risk.