This 4-hour course provides a comprehensive understanding of the generic enterprise and cyber risk management practices and specific cyber risk concepts commonly deployed in the financial industry to enhance the overall cyber security and risk management. The complexity of today’s connected digital environment is exposing organizations to numerous technology and cyber threats that could lead to substantial data and financial losses as well as reputational damages.

Designed for professionals responsible for business activities exposed to technology and cyber risks, this programme focuses on the practical considerations in the design, adoption and implementation of systems and processes for optimal cybersecurity and technology risk (TR) management, aligned to global cybersecurity best practices, including MAS TR and Cyber Hygiene guidelines, covering the key technology and cyber risk management concepts and best practice implementation approaches, including its management and applications to IT and cyber risks. It will also go beyond that and address the practical usage of that knowledge; with case studies and examples.

• Assistant Relationship Managers in Private Banking
• Operations functions in Private Banking
• Covered persons under Private Banking Code of Conduct who may be interested

• Identify potential risks and threats associated with cybersecurity, such as viruses, hacking, and identity theft
• Protect personal and business information from cybersecurity threats
• Follow cybersecurity policies and procedures in own area of work
• Explain cybersecurity practices to customers and/or stakeholders
• Take appropriate actions as required during cybersecurity breaches
• Identify relevant channels in the organisation to report and initiate corrective actions

Cybersecurity threats and risks

• Motivation and drivers of cybercrimes
• Cyber universe of Attack Surface and evolution
• Risk identification - common cyber threats like viruses, hacking and identity theft
• Emerging cyber threats and risks

Organisation’s cybersecurity policies and procedures

• Foundational aspect – data governance, hierarchy, breach and loss data incidence management
• Cyber risk management framework and processes, implementation and compliance
• Understanding of causes of data leakage and losses
• Training and education

Areas prone to cybersecurity threats

• Cyber threat landscape
  • Mission critical assets
  • Data security
  • Application security
  • Endpoint security
  • Network security
  • Perimeter security

Best practices to safeguard against threats

• Establish cyber governance structure
• Produce cybersecurity policies and procedures
• Maintain board’s and senior management’s engagement with cyber risk
• Enhance user education and awareness incl. for clients
• Comply with cyber risk management framework and principles
• Forward looking scenario analysis with breach and simulation testing (ethical hacking and penetration)

Cybersecurity regulations and compliance requirements

• Adopt best practices from NIST guidelines and standards, MAS TRM, 3rd Party and Cyber Hygiene guidelines
• Periodic independent cyber risk model validation and review and assessment
• Scenario analysis and dry runs readiness and response testing

Relevant channels and responsible stakeholders for cybersecurity reporting procedures

• Conform to Cyber and Operational GRC / ERM framework organizational reporting hierarchy and process based on COSO, ISO 31000 standards for information and communication sharing and reporting
• Dynamic dashboard information access to key stakeholders, including Board, senior management, Divisional and BU Heads

Concluding Remarks, Q&A and Summary of Key Points

Assessment - MCQ