utulsa.edu

Managing Cyber Security Risks: How Much Security is Enough?

NEW BLENDED ONLINE FORMAT!
Two Week Course | 4 Modules of Asynchronous Content |4 one-hour Live Synchronous ZOOM Sessions | Date: September 14-25, 2020

How much security against cyber attacks is enough economically in today’s business world? That’s the focus of this program instructed by Tyler Moore, Ph.D., University of Tulsa Associate Professor of Computer Science, Tandy Chair of Cyber Security and Information Assurance, 2016-17 New America Cybersecurity Fellow.

FORMAT: Blended online course with asynchronous content (readings, videos, exercises, knowledge-check quizzes) in each module delivered ahead of live Zoom sessions with discussion, hands-on activities and Q&A.

Duration: 2 weeks. 4 one-hour live sessions. Participants are expected to follow the pace of the course and to be ready to participate in the live sessions with other participants.


Reviews (2-day F2F Course):

“Great class. Included excellent information on what to collect to determine risk in our environment.” – Justin, Security Engineer, QuikTrip Corporation
“Enjoyed the material & group discussion time.” – Patrick, IT, Calyx Energy
“This course is excellent for both cyber security practitioners to help understand the business side of cyber security and instrumental for anyone tasked with convincing CSuite Execs to invest in security.” – Erin, CSOC Lead, QuikTrip Corporation


Participants will learn how to answer the question, “How much security is enough?”, using three different methodologies:
1. They will understand that when compliance regimes dictate investments, meeting those obligations could be enough.
2. They will understand how to apply security investment frameworks and identify ‘enough’ spending when the controls recommended by the framework are applied.
3. They will learn how to compute quantitative metrics which calculate return on security investment, as well as conduct cost-benefit analysis to determine when security investments bring more benefits than they cost, spending is ‘enough’.

But Most Importantly:
4. Participants will understand the advantages and disadvantages of each approach, and be comfortable using each to guide investment decision.

Who Should Attend:
Anyone who has the responsibility of protecting the security of a company’s IT infrastructure but does not have formal training in cybersecurity will benefit from attending.

  • Chief Financial Officers
  • IT Staff with security responsibilities but no formal training
  • Those responsible for designing, implementing and overseeing cybersecurity operations
  • Audit Supervisors
  • System Architects
  • Chief Information Security Officers
  • Personnel with budgetary authority, or who must appeal to someone with budgetary authority, on IT investments
  • Chief Information Officers
  • Those who understand the technical aspects of security controls but need to have a broader perspective of how to build and implement a program

Instructor

Tyler Moore, PhD
Associate Professor of Computer Science,
Tandy Chair of Cyber Security and Information Assurance, The University of Tulsa. 2016-27 New America Cybersecurity Fellow
More Information

During this course, you will learn how to. . .

  • Explain how the most important threats to cybersecurity work
  • Describe operation of controls that mitigate cybersecurity risks and how they fit within investment frameworks
  • Identify compliance regimes that direct cybersecurity investments
  • Relate economic explanations of cybersecurity shortcomings to real-world scenarios
  • Compute quantitative investment metrics and cost-benefit analysis of security controls

Course Date & Format:

Date: September 14-25, 2020

FORMAT: Blended online course with asynchronous content (readings, videos, exercises, knowledge-check quizzes) in each module delivered ahead of live Zoom sessions with discussion, hands-on activities and Q&A.

Duration: 2 weeks. 4 live sessions. Participants are expected to follow the pace of the course and to be ready to participate in the live sessions with other participants.

Course Fee:

* $1,295/person: Early Bird Discount: Deadline: Sept. 3, 2020
* $1,295/person: Team Discount (2 or more)
* $1,595/person: After Sept. 3, 2020

Participants will:
1. Appreciate the cyber threat landscape – what threats are relevant to their organization
2. Identify whether particular compliance regimes apply to their business and require an investment in security controls
3. Frame cybersecurity investment in the language of risk management
4. Use a framework to identify which controls are needed to mitigate which threats
5. Compute security investment metrics to determine whether the cost of a control is justified by the benefits it could bring

Accreditation

  • 1.3 CEUs (Continuing Education Units)
  • 13 PDHs (Professional Development Hours)

Value-Added Highlights:
– Interaction with a leading expert on the economics of cybersecurity
– Exercises & activities showcase techniques on how to manage risks which might be applied to your own organization

NOTE: This is a complete program. Participants are expected to participate in all 4 modules.

Course Outline

Module 1: Cybersecurity Threats
Learning Objectives:
*Become conversant in the latest cybersecurity threats facing organizations
*Explain information security protection goals of confidentiality, integrity, availability
*Articulate how cybersecurity threats are mitigated
Topics:
1A. Case Studies: Target and Burisma
1B. Protection Goals
1C. Threats and Controls

Module 1 Live Zoom Session| Tuesday, Sept. 15 12-1 pm CST

Module 2: An Economic Approach to Cybersecurity
Learning Objectives:
*Articulate key concepts from economics, notably incentives and market failures, and understand how they apply to cybersecurity problems.
*Determine the promise and limitations of various policy interventions, notably certification schemes, information disclosure and voluntary measures.
Topics:
2A. The Power of Incentives
2B. Market Failures
2C. Policy Interventions

Module 2 Live Zoom Session| Friday, Sept. 18 12-1 pm CST

Module 3: Security Metrics and Cost-Benefit Analysis
Learning Objectives:
*Construct security metrics for a range of security applications
*Calculate high-level security investment metrics like ROSI, NPV, IRR
*Devise a cost-benefit analysis by estimated parameters and conducting breakeven analysis
Topics:
3A. Security Metrics
3B. High-Level Investment Metrics
3C. Cost-Benefit Analysis

Module 3 Live Zoom Session| Tuesday Sept. 22 12-1 pm CST

Module 4: Managing Cyber Risks
Learning Objectives:
*Define various compliance regimes and understand how they drive security investment decisions.
*Retrieve the terminology of risk management and relate it to cybersecurity scenarios.
*Understand the purpose and limitations of cyber insurance.
*Leverage cybersecurity frameworks to design an organizational cybersecurity investment strategy.
Topics:
4A. Survey of Compliance Approaches
4B. Risk Management
4C. Cyber Insurance
4D. Cybersecurity Frameworks

Module 4 Live Zoom Session| Friday Sept 25 12-1 pm CST

Register Here:

Managing Cyber Security Risks
September 14-25, 2020 | BLENDED ONLINE FORMAT
Register Here
Company In-House Training
Contact us about an exclusive educational training experience for your organization!
In-Company Training Request Form