Technology and Cyber Risk Management
About This Course
This 3-hour course provides a comprehensive understanding of the specific operational and cyber risk concepts commonly deployed in the financial industry to enhance the overall cyber security and risk management. The complexity of today’s connected digital environment is exposing organizations to numerous technology and cyber threats that could lead to substantial financial losses and reputational damages.
Designed for professionals responsible for technology and cyber risk management, this programme focuses on the practical considerations in the design, adoption and implementation of systems and processes for optimal cybersecurity and technology risk (TR) management, aligned to MAS TR and Cyber Hygiene guidelines, covering the key technology and cyber risk management concepts and best practice implementation approaches, including its management and applications to IT and cyber risks. It will also go beyond that and address the practical usage of that knowledge; with case studies and examples.
Who Should Attend
- Operational Risk, Technology & Cyber Risk
- Risk management
- Compliance and internal audit and
- Other middle/back office functions
- Understand emerging trends and developments in the digital space and how they impact on technology and cyber risk management
- Enhance awareness in technology and cyber risk management
- Develop a comprehensive Cyber Security and Hygiene framework encompassing cyber risk assessment, maturity assessment and mitigation plans
- Apply cyber analytics in cyber security including threat identification and assessment
- Develop templates for Cyber KRI monitoring and reporting
- Apply relevant tools to enhance effectiveness
- Gain insights from case studies
Introduction: Definition of Cyber Risk and Technology Risk
- Technology Risk
- Cyber Risk
- Technology Risk Identification
- Technology Risk Assessment and
- Technology Risk Governance
Addressing MAS TRM Guidelines
- Sources of Risks in FSI
- Building Resilience through Oprisk GRC
- Technology Risk Management Framework
- Value Chain of TRIAGE (Technology Risk Identification, Assessment & Governance Engine)
Cyber Risk: Towards Establishing a Cyber Hygiene Framework
- Towards an Enhanced Cyber Hygiene State: CRIAGE
- Cyber Resilience Assessment Framework (CRAF)
- CRAF Workflow
- Inherent Risk Assessment
- Maturity Level Assessment
- Improvement/Enhancement Plans
- CRAF Workflow
Key Principles – Conducting the CRAF
- CRAF Workflow Independent & Qualified Personnel
- Documentary Evidence
- Authority to sign-off assessment
- Designing an improvement plan & closing the gap
- Key Elements of Inherent Cyber Risk Assessment
- Inherent Risk Profile
- Definitions of different inherent risk levels
- Key categories of business activities and operational aspects to be assessed
- Determining inherent risk: The “matrix” as the assessment tool
- Determining inherent risk: Assessment workflow
- Inherent risk level vs minimum required maturity level
- Cyber Hygiene Maturity assessment
- General framework – 7 Key Domains
- The 7 Domains
- Individual Domain & Its Components
- Determining the maturity level of each component: the maturity “matrix” as the assessment
- Determining the maturity level of each component: Assessment workflow
- Determining the maturity level – Examples
- Intelligence-based Cyber Attack Simulation Testing (ICAST)
- Comparing ICAST with traditional penetration testing: what’s new?
- ICAST Test Scope & Workflow
- Governance – Oversight of ICAST
- The 5 Phases of ICAST
- ICAST Process Flow
- Qualification Requirements
- General requirements
- 3 Levels of Expertise
- Roles, responsibilities and required level of expertise
- Case studies of CRIAGE
Dr Khoo Guan Seng
PhD in Computational Physics (NUS)
GS Khoo has over 30 years of AI, data-mining, management and startup work-experience, focusing on risk and hedge fund analytics. He joined CAI in Feb 2016, after relocating back from Canada, where he was the Head of ERM with one of the largest Canadian pension fund managers, AIMCo, which he joined in 2011.
Prior to AIMCo, He was with Temasek Holdings, which he joined in 2009 from Standard Chartered Bank, where he was the Global Head/MD, Group Risk Analytics, heading the global team performing all global risk models validation for Basel & BIPRU compliance, and liaised with all the financial regulators in Europe, Asia, Africa and the Middle East, including the FSA (UK), the FSS (Korea), CBRC, HKMA and MAS (Singapore). At Temasek Holdings, he focused on developing novel investment performance and portfolio risk management metrics, applicable across the whole spectrum of investment asset classes and horizons.
In his other previous roles, he designed and managed an algorithmic hedge fund at Man Investment Products (Man Group plc.) in the 90s, was Head of Innovation (Strategy & Business Devt.) at the Singapore Exchange, was Group Chief Risk Officer at a SE Asian conglomerate (RHB Capital, Malaysia) and was based in Chicago and Denver in 2001-02 at American Bourses Corp (ABC, spun off from the Man Group), providing AI-based investment and trading analytics to clients trading on the ECNs in N America and in the Asia Pacific. At ABC, he managed the launch and production of the financial portals of SPH, asiaonemarkets.com and zaobaofinance.com in 2000. He also provided advisory services to the regulators, family offices, research institutes, global and Asian banks in the Asia-Pacific region on data-mining, ERM, Basel 2 and 3.
In addition, he has also advised startup and IT companies in S’pore, Silicon Valley and Vancouver, B.C in BigData, FinTech, and Energy Farming. He has a PhD in Physics, and has done post-doctoral work at Nagoya University, MSI’s (Molecular Simulations Inc.) research centers at Caltech (Pasadena, California), Boston and at Teijin-MSI in Tokyo, Japan on computer-aided drug design. In academia, he published over 30 journal papers on financial engineering, artificial intelligence (AI) applications in financial markets and materials science.
He has also published chapters on sovereign investing in “Sovereign Investments” (Riskbooks/IncisiveMedia, 2013), enterprise risk management for financial institutions in “Operational Risk 2.0”, (Riskbooks/IncisiveMedia, 2007), investment management in “Sovereign Asset Management for a post-crisis World”, (Riskbooks, 2011). Other publications included articles in Investment & Pensions Asia (IPA) magazine (Sept/Oct issue, 2010) where he demonstrated a deficient frontier outcome (instead of efficient frontier), entitled, “Rethinking Investment Decision-making post-GFC (Global Financial Crisis)” as well as on “Strategic Risk Allocation” in IPA Magazine (Sept/Oct 2011 issue). He has also been a speaker on ICAAP, Stress Testing, Model Validation and Economic Capital at RISKMINDS (Geneva, 2008) and RISKCAPITAL (Brussels, 2009), panelist on “Investing Beyond BRICs” at the 2013 Taft-Hartley Pension Fund Forum in Los Angeles, “Long-term Investing” & “Hedge Fund Investing” at the Asia & Middle East Govt. Funds Roundtable, (Institutional Investors, 2012-2015) and on “Emerging Markets and FX Risks” at the Asian Pension Funds Roundtables (Pacific Pension Institute, 2010-2015). He has also presented a paper on “Valuation & Risk Issues in Illiquid Investments”, in Seoul, S. Korea for Korea’s pension fund association in 2012.
The Financial Training Scheme (“FTS”)
The Financial Training Scheme (“FTS”) is a training incentive scheme supported by the Financial Sector Development Fund (FSDF). The scheme supports financial sector-specific training programmes that raise the competency of the financial sector.
All our programmes are approved for listing on the Financial Training Scheme (FTS) Programme Directory and are eligible for FTS claims, subject to all eligibility criteria being met. For latest development on the Enhanced Funding Support for IBF FTS, please visit the Financial Training Scheme site.
Early Bird Discount
Enjoy 10% early bird discount when you register one (1) month before the course commencement date.