Navigating Cyber Security Risk for Directors

Advance your expertise on our short programme, ‘Navigating Cyber Security Risk for Directors.’ This online short programme is designed to enable directors to enhance their knowledge and ability at assessing and resolving cyber security risks.  

This short programme fits under the Technical Skills and Knowledge Dimension of the IoD Ireland Continuing Professional Development Framework for Directors. It is eligible for 12 hours of Chartered Director CPD. This session may also be eligible for other professional body CPD, please check with your relevant professional body.

As part of IoD Ireland’s remit to support our members in ensuring high standards of cyber security, we developed this short programme taking into consideration NCSC publications, such as the  ‘12 Steps to Cyber Security: Guidance on Cyber Security for Irish Business’.

The short programme will be led by Bill McCluggage, an expert Chief Information Officer, with extensive cyber security and digital experience. It will include presentations from leading guest speakers and experts in the field, as well as the facilitation of peer-to-peer learning from the other attendees.

The short programme will be composed of the four half day sessions below:

1. Governance, Technology and Cyber Risk
2. Regulatory, Legal and Compliance Matters for Boards
3. Capability and Cyber Culture
4. Planning and Incident Response - Board Actions

Who is this Short Programme for?

The short programme is designed for board level executives and directors.

What Will I Gain from Attending this Short Programme?

• Clarity on where cyber security fits within their overall organisational strategy.
• An understanding of the challenges of cyber security to reputation, and overall business and operational performance.
• Gain an awareness of the emerging regulatory and legal landscape, and compliance requirements for their organisations.
• Develop a grasp of the cultural change that may be needed to deliver a secure organisation and understand the impact of cyber secure strategies on operations, processes, and their supply chains.
• Enable board-level attendees to see cyber risk as part of their overall business risk and the critical technology-based drivers in their business.
• Gain a sufficient understanding on cyber security to enable an informed and fluent conversation on the performance of their organisation’s cyber risk policies and procedures with their technical cyber security teams.
• Develop an action plan for their Board to prepare for, react to and withstand security compromises.

The four morning sessions of the online short programme will take place over four different dates from 9:00am to 12:30pm. The session topics, and dates, are:

1. Governance, Technology and Cyber Risk, being held from 9.00 am – 12.30 pm on Tuesday, 16th April 2024. Guest speaker to be announced. 
2. Regulatory, Legal and Compliance Matters for Boards, being held from 9.00 am – 12.30 pm on Tuesday, 7th May 2024. Guest speaker to be announced. 
3. Capability and Cyber Culture, being held from 9.00 am – 12.30 pm on Tuesday, 28th May 2024. Guest speaker to be announced.
4. Planning and Incident Response - Board Actions, being held from 9.00 am – 12.30 pm on Tuesday, 11th June 2024. Guest speaker to be announced. 

Session One: Governance, Technology and Cyber Risk

The first session looks at key business drivers and obtaining senior management support for a robust technology and cyber security programme. This is followed by establishing roles and responsibilities, agreeing your strategy, developing policies and standards, and enabling reporting.

In this session participants will cover:

• A Board’s responsibility to exercise appropriate oversight of cyber risk management.  
• Establishing a framework for managing technology and cyber risks.
• Ten Board-curious questions on cyber security.
• Identifying business critical assets and components.
• Defining your company’s/organisation’s Risk Appetite.
• Ensuring your Audit and Risk Committee is adequately addressing cyber risk.
• Embedding basic cyber hygiene into your business objectives.
• Reviewing your Information Security Management System.

Session Two: Regulatory, Legal & Compliance Matters for Boards

The second session focuses on the responsibility of Board-level executives to ensure their organizations comply with various regulatory, legal and compliance regimes. Having identified what matters most to your organisation and gained an understanding of the threat landscape, you will be able to ensure an effective risk assurance framework is in place and appropriate cyber security controls are operating effectively.

In this session participants will cover:

• Understanding the current and emerging regulatory, legal and compliance landscape.
• Building a cyber risk assurance framework.
• Understanding how cyber-attacks work.
• Development of a Board-level threat model.
• Balancing cyber security strategies and the impact on operational processes.
• Identifying and mitigating internal and external cyber risks.

Session Three: Capability and Cyber Culture

The third session looks at the Board’s role in building your organisation’s capability and growing a positive cyber security culture designed to defend your business. The majority of cyber attacks start by unauthorized access to systems using compromised credentials. System users are your first, and most critical line of defence. Building a risk-informed, layered defence of both technical and softer cultural defences will help develop a higher level of cyber maturity in your business and defend against cyberattacks.

In this session participants will cover:

• Putting people at the heart of security.
• Collaborating with your supply chain on cyber security.
• Layering your defences.
• Building your organization’s cyber security management plan.
• Reviewing and assessing the maturity of your cyber security defence measures.
• Developing workforce skills and capability.

Session Four: Planning and Incident Response - Board Actions

The final session enables directors to consider planning for a potential cyber security incident. Attacks will occur; therefore, directors need to understand how to respond and develop/exercise their business resilience plans in order to reduce the impact of a cyber security incident and recover from the disruption. Directors also need to understand the value of an effective cyber risk management lifecycle and the Board’s responsibility for its continuous evolution.

In this final session participants will cover:

• The Board’s role in incident management.
• The anatomy of a cyber attack.
• Developing and exercising a responsive incident management plan.
• Taking pre-emptive defence measures to mitigate further effects.
• Establishing recovery plans.
• Creating a cyber risk management lifecycle.

Bill McCluggage is a Chief Information Officer Expert. He is an experienced Managing Director, IT Director, Chief Information Officer (CIO), Chief Technology Officer (CTO), CISO, business and technology consultant, and company Chairman. He has worked for both the public and private sectors.

Bill is currently a Non-Executive Director for the following organisations: FCDO Services, Cocoon Data Technologies and Triangle Housing Association. He is also Chair of the Northern Ireland Fraud Forum and a CIO/CISO Advisor for Tanium. Bill is a former Head of Information Security at Open Banking, and former Irish Government CIO within the Department of Public Expenditure and Reform.

CPD

This 'Navigating Cyber Security Risk for Directors' short programme fits under the Technical Skills and Knowledge Dimension of the IoD Ireland Continuing Professional Development Framework for Directors. It is eligible for 12 hours of Chartered Director CPD. This session may also be eligible for other professional body CPD, please check with your relevant professional body.

Online Short Programme Cost

This online short programme is booked as a whole, and the individual sessions cannot be booked separately. The below costs cover the participation of attending the four sessions in the series.

• IoD members - €1,500 ex VAT
• Non-members - €1,950 ex VAT

Cancellation and Refund Policy

Places can only be confirmed on receipt of full payment. Cancellations and a full refund will be accepted if received in writing to training@iodireland.ie by Wednesday, 10th April 2024.  After that date, no refund will be possible, and all fees will be forfeited in the event of a cancellation or non-attendance.  Please note this is a live series requiring attendance, recordings will not be available as part of post session materials.

Group Bookings

If you would like to make a group booking, please contact the IoD Training Team on training@iodireland.ie or phone +353 1 411 0010.

How to Join this Online Short Programme

• Please note you will need an active microphone and camera to be able to interact in this workshop.
• To attend this online short programme, please book and pay via the ‘Book Now’ button.

Accessing the Link to Join the Online Short Programme

• When you register to attend, you will receive a confirmation email to confirm your booking.
• All registered attendees will receive a joining instruction email closer to the date of each session in the online short programme. This email will contain your registration link to access the session. Please click on the link in this email and confirm your details, you will then receive the direct link to join the session.  Please save this link to your calendar for easy accessibility on the morning of the session.

Short Programme Platform Information: Zoom

• This short programme will take place via the online platform Zoom. Please download Zoom to your system before the session to ensure you can view the webinar.
• We would ask all registered attendees to do a test of the Zoom platform in advance to ensure it works for them. To do this, please click on the following Zoom Test page. If you need any further support, please visit the Zoom support page for more information.
• Please note, before you join the short programme Zoom will prompt you for your email address before you can join, this is a required feature of the Zoom platform. For more information on this, please view: Zoom Video Communications GDPR Compliance.

Contact Information

For all queries relating to the IoD Training Programme, please contact training@iodireland.ie or phone +353 1 411 0010.