utulsa.edu

MANAGING CYBERSECURITY RISKS: How Much Security is Enough?

October 25 – November 5, 2021
Two Week Course | 4 Modules of Asynchronous Content | 4 one-hour Live Synchronous ZOOM Sessions

It seems like it’s happening almost every day. This is just one recent headline (BusinessInsider.com, June 12, 2021):

“Major cyberattacks have rocked the US, and there are ‘a lot of different ways that ransomware actors can disrupt everyone’s lives,’ experts say”

An excerpt from the article:
“Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider. These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and Colonial Pipeline. Another type, he said, is an espionage attack where foreign criminals breach a system intending to steal information.
There’s also a third and more common type category called “email compromise,” where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI’s Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019. In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report.”

So, the question is … how much security against cyber attacks is enough economically in today’s business world?
That’s the focus of this program instructed by Tyler Moore, Ph.D., University of Tulsa Tandy Professor of Cyber Security, Tandy School of Computer Science; Chairperson, School of Cyber Studies; Faculty Director, MS in Cyber Security Online at The University of Tulsa, 2016-17 New America Cybersecurity Fellow.

FORMAT: Blended online course with asynchronous content (readings, videos, exercises, knowledge-check quizzes) in each module delivered and reviewed by the participants ahead of the live one-hour instructor-led Zoom sessions with discussion, hands-on activities and Q&A.

Duration: 2 weeks. 4 one-hour live sessions. Participants are expected to follow the pace of the course and to be ready to participate in the live sessions with other participants.


Participant Reviews (Blended Online & F2F courses):

“The program provided me with more tools to communicate the benefits of cybersecurity investments in ways that our non-technical leadership can easily understand.” – Sr. Solutions Architect & Cyber Security Operations Center Lead, QuikTrip

“This program is a great crash course on cybersecurity and how companies view cybersecurity. Dr. Moore is an excellent instructor. Being able to learn from someone who has actually testified before congress on cybersecurity issues is both really cool and informative.” – Audit Supervisor, Continental Resources, Inc.

“Great class. Included excellent information on what to collect to determine risk in our environment.” – Security Engineer, QuikTrip Corporation

“Enjoyed the material & group discussion time.” – IT, Calyx Energy

“This course is excellent for both cyber security practitioners to help understand the business side of cyber security and instrumental for anyone tasked with convincing CSuite Execs to invest in security.” – CSOC Lead, QuikTrip Corporation


Participants will learn how to answer the question, “How much security is enough?”, using three different methodologies:
1. They will understand that when compliance regimes dictate investments, meeting those obligations could be enough.
2. They will understand how to apply security investment frameworks and identify ‘enough’ spending when the controls recommended by the framework are applied.
3. They will learn how to compute quantitative metrics which calculate return on security investment, as well as conduct cost-benefit analysis to determine when security investments bring more benefits than they cost, spending is ‘enough’.

But Most Importantly:
4. Participants will understand the advantages and disadvantages of each approach, and be comfortable using each to guide investment decisionS.

Who Should Attend:
Anyone who has the responsibility of protecting the security of a company’s IT infrastructure but does not have formal training in cybersecurity will benefit from attending.

  • Chief Financial Officers
  • IT Staff with security responsibilities but no formal training
  • Those responsible for designing, implementing and overseeing cybersecurity operations
  • Audit Supervisors
  • System Architects
  • Chief Information Security Officers
  • Personnel with budgetary authority, or who must appeal to someone with budgetary authority, on IT investments
  • Chief Information Officers
  • Those who understand the technical aspects of security controls but need to have a broader perspective of how to build and implement a program

Instructor

Tyler Moore, PhD
Tandy Professor of Cyber Security, Tandy School of Computer Science; Chairperson, School of Cyber Studies; Faculty Director, MS in Cyber Security Online at The University of Tulsa. He’s also the recipient of the 2016-27 New America Cybersecurity Fellow; and the Editor in Chief, Journal of Cybersecurity
More Information

During this course, you will learn how to. . .

  • Explain how the most important threats to cybersecurity work
  • Describe operation of controls that mitigate cybersecurity risks and how they fit within investment frameworks
  • Identify compliance regimes that direct cybersecurity investments
  • Relate economic explanations of cybersecurity shortcomings to real-world scenarios
  • Compute quantitative investment metrics and cost-benefit analysis of security controls

Course Date & Format:

Date: October 25-November 5, 2021

FORMAT: Blended online course with asynchronous content (readings, videos, exercises, knowledge-check quizzes) in each module delivered ahead of live instructor-led Zoom sessions with discussion, hands-on activities and Q&A.

Duration: 2 weeks. 4 live sessions. Participants are expected to follow the pace of the course and to be ready to participate in the live sessions with other participants.

Course Fee:

* $1,295/person: BEST DEAL DISCOUNT: Deadline: Sept. 9, 2021
* $1,495/person: EARLY BIRD DISCOUNT: Deadline Oct. 7, 2021
* $1,695/person: After October 7, 2021

Participants will:
1. Appreciate the cyber threat landscape – what threats are relevant to their organization
2. Identify whether particular compliance regimes apply to their business and require an investment in security controls
3. Frame cybersecurity investment in the language of risk management
4. Use a framework to identify which controls are needed to mitigate which threats
5. Compute security investment metrics to determine whether the cost of a control is justified by the benefits it could bring

Accreditation

  • 1.3 CEUs (Continuing Education Units)
  • 13 PDHs (Professional Development Hours)

Value-Added Highlights:
– Interaction with a leading expert on the economics of cybersecurity
– Exercises & activities showcase techniques on how to manage risks which might be applied to your own organization

NOTE: This is a complete program. Participants are expected to review and participate in all 4 modules.

Course Outline

Module 1: Cybersecurity Threats
Learning Objectives:
*Become conversant in the latest cybersecurity threats facing organizations
*Explain information security protection goals of confidentiality, integrity, availability
*Articulate how cybersecurity threats are mitigated
Topics:
1A. Case Studies: Target and Burisma
1B. Protection Goals
1C. Threats and Controls

Instructor-Led Zoom Session | Tuesday,Oct. 26 | 12-1 pm CST

Module 2: An Economic Approach to Cybersecurity
Learning Objectives:
*Articulate key concepts from economics, notably incentives and market failures, and understand how they apply to cybersecurity problems.
*Determine the promise and limitations of various policy interventions, notably certification schemes, information disclosure and voluntary measures.
Topics:
2A. The Power of Incentives
2B. Market Failures
2C. Policy Interventions

Instructor-Led Zoom Session | Friday,Oct. 29 | 12-1 pm CST

Module 3: Security Metrics and Cost-Benefit Analysis
Learning Objectives:
*Construct security metrics for a range of security applications
*Calculate high-level security investment metrics like ROSI, NPV, IRR
*Devise a cost-benefit analysis by estimated parameters and conducting breakeven analysis
Topics:
3A. Security Metrics
3B. High-Level Investment Metrics
3C. Cost-Benefit Analysis

Instructor-Led Zoom Session | Tuesday,Nov. 2 | 12-1 pm CST

Module 4: Managing Cyber Risks
Learning Objectives:
*Define various compliance regimes and understand how they drive security investment decisions.
*Retrieve the terminology of risk management and relate it to cybersecurity scenarios.
*Understand the purpose and limitations of cyber insurance.
*Leverage cybersecurity frameworks to design an organizational cybersecurity investment strategy.
Topics:
4A. Survey of Compliance Approaches
4B. Risk Management
4C. Cyber Insurance
4D. Cybersecurity Frameworks

Instructor-Led Zoom Session | Friday. Nov. 5 | 12-1 pm CST

Register Here:

MANAGING CYBERSECURITY RISKS
October 25 – November 5, 2021 | BLENDED VIRTUAL FORMAT
Register Here
Company In-House Training
Contact us about an exclusive educational training experience for your group of 10 or more!
In-Company Training Request Form