This 1 day workshop, dedicated to your firm, will build a cyber security strategy that:
• is aligned to your business objectives;
• is aligned to your business risks;
• is aligned to IT best practice;
• and, balances security, usability, and cost.
Who should attend
Compliance Officers, Operations Managers, Finance Directors, and anyone with direct responsibility for determining the cyber security strategy within your firm. The workshop is focused at a business level and all required technical concepts will be explained during the day as required.
The typical agenda is outlined below. A pre-workshop planning conference call will refine the agenda to best suit your firm’s needs.
- Cyber security fundamentals – We start with an overview of the fundamentals of cyber security: the “kill chain” and how breaches occur; the importance of process and people together with technology; an overview on the arsenal of protection tools available; and explanations of key concepts such as security by design and security in layers.
- Existing environment – The most important input to the workshops is having a clear definition of the existing environment from a technology and business perspective. This includes business risks, data classifications, and business processes. This will provide a basis for the rest of the day, as such some information gathering in advance of the workshop will be required by participants. To make the day more efficient a pre-workshop questionnaire will be provided on this topic.
- Business objectives– This topic will cover the business objectives that the strategy must support. For example, entering new markets or new approaches to service delivery. This will make sure that the resultant cyber security strategy is aligned to your firm’s business objectives, rather than being an isolated technical strategy.
- Existing business and technology strategies – This topic will take the business objectives identified previously and then provide additional context based on existing technology strategies. For example, existing strategies on outsourcing services, on preferred technology, or even guidance on capital versus operational spend.
- Strategy options – The previous topics provide the necessary inputs to define your cyber security strategy options. We will guide participants through the options available based on our experience. The pros and cons will be covered and decisions on the most appropriate options will be required.
- Implementation and operational considerations – This topic will expand on the strategy options by considering implementation and operations. The may trigger review of the strategy options output earlier.
- Your firm’s IT strategy – Based on the previous topics we will step through a pre-defined template to capture the key decisions of the workshop participants. This will directly lead to a draft strategy.
- Strategy action plan – The final topic for the day is to identify the follow-on actions required to move the strategy captured in the workshop from draft to final.
9.30am to 4.30pm, with 1 hour break for lunch, and coffee break in the morning and afternoon.
Workshops are delivered at your offices in the UK, alternatively, we can arrange local meeting facilities.
Peerless IT will provide a cyber security strategy document based on the discussions captured during the workshop.
£850 Ex VAT. This price covers the pre-workshop assessments (questionnaire based), the 1 day workshop, and the post workshop cyber security document that will capture key decisions and actions from the workshop.
Richard Tucker is the Managing Director of Peerless IT. Peerless IT has been providing independent advice to regulated industries on IT strategy and IT security since 2007. Richard has 17 years’ experience in the IT industry and has held senior management roles in both government and the private sectors. Richard has an honors degree in Engineering and a degree in Economics from the Australian National University.
Further information and bookings
For further information or for bookings please contact firstname.lastname@example.org.