• Understanding the current cyber security culture, purpose and values of your organization
• Strategically aligning cyber security, organizational and risk goals
• Understanding mindsets and behaviour to determine where the significant gaps are and develop a roadmap for change
• Demonstrated support from leadership in setting an example and actively embodying and advocating security consciousness

• The Crisis Management Planning Guide to respond in a crisis
• Roles, responsibilities, communication protocols (internal and external)
• Training for staff, executive and board
• Procedures for managing resources
• Validate the CRM and plan with regular drills, simulation exercises, tabletops, or mock-live events
• After action reporting: identify gaps through process mapping responses, data mapping locations, response times, and other assessments, to help strengthen future results.

The BCP provides ready-made directions on tasks, who performs them, and in what order, to keep the business viable, meet regulatory requirements and maintain and instill consumer confidence. This session will cover:

• The essential steps
• Business Impact Analysis
• Recover time and recovery point objectives
• Steps, roles and responsibilities
• How the BC Plan informs action items detailed in the Disaster Recovery Plan
• Checklists
• Types and timing of tests to build muscle memory and identify gaps
• Reviewing and updating your plan
• Soliciting feedback
• Demonstrating plan support from the top down and the bottom up.

AI systems are on our agendas. With the pace of developing AI systems increasing, security can become a secondary consideration. But AI is a source of new security threats and vulnerabilities. This session presents best practices in maintaining security as a core requirement as you take AI forward steps including;

• Secure design.
• Secure development.
• Secure deployment.
• Secure operation and maintenance.

• An Incident Response Plan is a written document, formally approved by the senior leadership team, that helps your organization before, during, and after a confirmed or suspected security incident.
• Massive cloud adoption, increasingly advanced attacks, a shift to work from home, ransom groups engaging in additional layers of extortion, more easily accessible versions of malware. You need a strong, up-to-date IR plan, including preparation, education and testing, so that you and your team are sure to rise to the occasion.
• Make incident response training a priority and incorporate cybersecurity into your business continuity plan considering preparation, detection/analysis, containment/eradication, and recovery.

• Operational resilience
• What are organizations aspiring to?
• Different types of hazards impacting your cloud
• Hazard Identification and Risk Assessment (HIRA)

In today’s digital landscape, the question is no longer if your organization will face a ransomware attack, but when. The traditional approach of striving to prevent ransomware attacks altogether is proving to be less realistic. As such, a shift in perspective is required—from prevention to preparation and recovery. This session aims to explore the multifaceted nature of ransomware risks and the imperative of a holistic business continuity and recovery strategy.
This session will explore:

• Why ransomware risks must be addressed from a business perspective—not just a technical one.
• Negotiate or don’t Negotiate? Pay or not Pay? What you need to know about ransom negotiations in advance of an attack – what are the legal and public perception repercussions if you don’t pay and who will be harmed?
• How to prepare for a Ransomware event
• Ransomware and insurance policies, do they go together?