Birmingham City University will deliver a three hour workshop titled ‘Cybersecurity, risk and reality’.
All enterprises of whatever type and scale are subject to constant cyber-attack. No defence, however sophisticated, is perfect, and therefore organisations should assume that they will suffer cybersecurity breaches and prepare accordingly. How they respond to a successful cyber-attack has significant impact on stakeholder confidence and could make the difference between bankruptcy and enhanced reputation.
This workshop does not give any easy answers, but rather aims to make participants aware of cyber-threats and their business, and give them some principles and intellectual tools that they can apply to make their own organisations more resilient.
Part 1 of the workshop discusses the dependence of modern society and commerce on an ICT infrastructure that is highly vulnerable to cyber-attack, giving examples of a range of cyber-threats and the consequences of the businesses attacked. It also outlines the principles of risk management that are fundamental to improving an organisation’s resilience to cyber-attack.
Part 2: Involves a ‘table top’ role-playing exercise utilising videos produced by US Federal Emergency Management Agency (FEMA). Participants are divided into teams and asked to put themselves in the position of an incident management team in an company experiencing a cyber-attack. They are presented with an evolving scenario, at the end of each episode of which, the teams must discuss the situation and agree what should be done next. The exercise culminates in a mock press conference.
Part 3: The workshop concludes with a discussion of lessons learned from the exercise, and what the participants will take back and follow-up in their own organisations. Bespoke follow-up workshops with individual companies may be arranged if required.
- Appreciate cybersecurity as a business issue
- Experience decision-making under time pressure with incomplete information.
- Develop team-working skills.
- Stimulate participants to establish, or review and refresh, incident response and cyber-resilience measure in their own organisations.
Who should attend:
- Small and medium sized businesses (SMEs)
- Social enterprises
- Not-for-profit organisations