1. Business and Security

I have successfully led a team, prepared and completed coursework and presented to ~40 people on the following topics:

Business and Security

Policy, process and procedures. Governance, risk and compliance. Aligning cyber security with business vision, mission and objectives. Confidentiality, integrity and availability (CIA). Key theoretical models (e.g. Bell-La Padula, Clark-Wilson)

MI and Metrics

People, processes and technology.  Risk appetite, asset value, key security areas. Using metrics to change business practice.

Ethics

Ethical theories and the rules of engagement of an organisation. Privacy of individuals, protection of property. Data lifecycle from creation to destruction. Regulations vs ethics.

Culture and Awareness

Attitudes to security in organisations, top-down approach. The difficulties of changing cultures and use of a maturity model (from non-existent cyber culture to a robust metric based framework). Cyber maturity assessment. The importance of cyber education, training and awareness.

Social Engineering

Background to cyber crime and the cyber landscape. Humans and technology. Understanding the cyber kill chain, cost and risk. Different types of social engineering (computer based, human based) and motivations for attacks.  Categories of attack (generic and targeted)

Risk Management

Defining risk.  Identify, analyse, prioritise, treat and monitor. The importance of risk management and conducting risk assessments.  Octave Allegro and the phases of risk assessment. Risk terminology (assets, vulnerability, threat, probability, impact) and risk calculation. Risk appetite and modelling.