IT Security & Risk Management Programme in Cybersecurity
Banks and other financial institutions face major cyber threats. Whatever their size, they are extremely attractive targets. They must invest in technical and organizational means to protect their business and clients. Banks need also to develop broader strategies to engage with governments, other banks, their clients and the public. This will be even truer as Fintech develops and more complicated digital systems increase inter-connectivity, and therefore vulnerabilities. The only efficient way to address this issue is to adopt proper Security Risk Management practices to ensure the right investments are made.
A major objective of this session is to make the link between Cyber and Risk Management to guide banks to face Cyber Threats.
By the end of this week you will be able to:
- Identify how Cybersecurity fits in the governance of your institution;
- Make the right decisions on how to address the cybersecurity risks;
- Know where to focus investment into security (have the information needed to decide where to invest resources and where to get started);
- Know how to get started with risk management
- Know how to set up security and defense controls
- Know how to respond to security incidents
- Know how to react under attack and
- Be prepared for the worst.
During this week, you will also be challenged to try to answer to the following questions:
- What is the purpose of Cybersecurity?
- Why is it important?
- How to manage security?
Executive levels, directors and managers of IT and information security, risk and compliance directors, managers of audit functions of financial institutions, central banks or supervisory bodies a partner country.
Day 1: IT Security & Refresh
- Setting the scene & introduction
- Practical examples
- Basics 1-0-1
- Overview of the Cybersecurity ecosystem in Luxembourg
- Governance, regulation, legal aspects
- IT–security vs. risk management
DAY 2: Cyber defence strategy based on a risk management approach, in line with the risk appetite of the Board - learning by doing
- Cybersecurity challenge
- What are the asset to be protected
- Information Security Governance
- Information Security Risk Management
- Workshop on specific risk scenario
- Optimized Risk Analysis Method & Platform
- Introduction to the MONARC Tool – method for the optimization of risk analysis CASES (Cyberworld Awareness and Security Enhancement Services)
DAY 3: Cyber-attack simulation exercise including discussion with members of CIRCL
- Cyber-attack simulation game - ROOM 42 (SMILE) & Discussion with members of CIRCL - Computer Incident Response Center
- Visit to the Luxembourg House of FinTech (LHOFT)
DAY 4: State of the art and best practice workshops
- IT audit and Governance
- AI Risk/Control
- Cloud for banks? What to do and how? By the CSSF (Commission de Surveillance du Secteur Financier) - Supervisory Authority of the Luxembourg Financial Sector
- Initiating the journey into the Cloud - Cloud case study by a major insurance company
- Social Event « Cyber Challenges 2020 ».
DAY 5: Application of the knowledge acquired
- Workshop in the framework of Cybersecurity4success, by the ABBL – The Luxembourg Bankers’ Association