Cybersecurity Awareness - What Managers Need to Understand & How to Train their Staffs
This session is oriented towards corporate & professional services managers. This is for 8 hours of CPE, on-site class instruction with significant class interaction.
This session takes attendees into a dive deep of specific situations and exposures. Real life examples will be discussed, along with knowledge transfer that can be used for your follow up actions at work to build cybersecurity awareness with your staff. Topics include:
- Risk Exposure - Why do we need our staff to be alert? Discussion of various exposures and impact to corporate assets & reputation. Group discussion on their personal observations about company exposures, threats, and incidents.
- Introduction to Trust Services Criteria: What a non-technical manager should understand about the main principles and how used by their functional area: Security, Availability, Integrity, Confidentiality & Privacy
- Threats --- How we could be attacked? Discussion of various types of attacks & how you can train your staff not to fall victim to the social engineering attacks. It is not just your IT departments responsibility. Group discussion on your observations of your company’s response to such incidents.
- Acceptable Use Policy: What do we communicate to our employees / contractors / vendors?
- Group discussion of your company’s ‘Acceptable Use Policy’, typically an HR distributed document that is signed by each employee, regarding use of corporate laptops, cell phones. What personal activity is allowed and is there any effort to monitor such usage? Any penalty or disciplinary action if policy is violated?
- Group discussion on how should they best communicate & train staff on ‘Acceptable Use Policy’ and Employee Data Privacy?
- Identify & Access Policy: Who should be authorized and what data / applications should they be allowed access to?
- Group discussion on how managers train staff and follow up with IT / Security when employee job functions change
- Risk Management – Where are our key risks and how do we mitigate risk?
- The risk management process: Identify, analyze, determine business impact, then determine best means to mitigate (or transfer via cyber insurance, avoid or accept risk)
- Group discussion: What are your key corporate assets & what happens if a specific asset is lost or becomes unavailable, breached or altered?
- Data Classification & Privacy: Do you know where your data is and if it is properly protected? What safeguards are in place to classify data, determine data security, backup / recovery processes, encryption & retention policy. Are you GDPR compliant?
- Become aware of various cyber risk exposures
- Learn cybersecurity controls to mitigate risks
- Understand the AICPA’s Descriptive Criteria for SOC for Cybersecurity
- Explore the AICPA’s Trust Services Criteria
Primary Instructor - Pete Nassos, CPA, CISSP, CPCU, CITP, SOC for Cybersecurity: Pete brings a broad and deep business experience to this course, with over 38 years corporate experience at DuPont, KPMG, Dell Services and enterprise software firms. He has worked with many large corporate clients developing process & control improvement projects, along with outsourced, managed services engagements. Pete is AICPA certified to provide cybersecurity risk assessments and attest reports. He is also a licensed insurance agent and advises clients on procuring appropriate insurance policy terms, with focus on professional liability & cyber-risk.