Day One: Tuesday, June 4, 2024
10:00 EDT
15 minWelcome and Opening Remarks from the Chair
Vito Mangialardi, Business Continuity Management (BCM) and Operational Resiliency Strategic Advisor
10:15 EDT
45 minYour Role in Building a Culture of Cyber Resilience
Priscilla Kosseim, Director Consulting Expert in Cybersecurity
- Understanding the current cyber security culture, purpose and values of your organization
- Strategically aligning cyber security, organizational and risk goals
- Understanding mindsets and behaviour to determine where the significant gaps are and develop a roadmap for change
- Demonstrated support from leadership in setting an example and actively embodying and advocating security consciousness
11:00 EDT
45 minUpdate Your Crisis Management Plan Now! Crucial Additions to the Coordinating Response and Recovery Framework
- The Crisis Management Planning Guide to respond in a crisis
- Roles, responsibilities, communication protocols (internal and external)
- Training for staff, executive and board
- Procedures for managing resources
- Validate the CRM and plan with regular drills, simulation exercises, tabletops, or mock-live events
- After action reporting: identify gaps through process mapping responses, data mapping locations, response times, and other assessments, to help strengthen future results.
11:45 EDT
45 minRe-Build Your Business Continuity Program – From Business Impact Assessment to Business Continuity Plan to Disaster Recovery
Ferris Adi, Senior Security & Compliance Manager and Instructor, University of Toronto
The BCP provides ready-made directions on tasks, who performs them, and in what order, to keep the business viable, meet regulatory requirements and maintain and instill consumer confidence. This session will cover:
- The essential steps
- Business Impact Analysis
- Recover time and recovery point objectives
- Steps, roles and responsibilities
- How the BC Plan informs action items detailed in the Disaster Recovery Plan
- Checklists
- Types and timing of tests to build muscle memory and identify gaps
- Reviewing and updating your plan
- Soliciting feedback
- Demonstrating plan support from the top down and the bottom up.
12:30 EDT
60 minBreak
13:30 EDT
45 minBest Practice: Reducing the Cyber Security Threat of AI System Development
AI systems are on our agendas. With the pace of developing AI systems increasing, security can become a secondary consideration. But AI is a source of new security threats and vulnerabilities. This session presents best practices in maintaining security as a core requirement as you take AI forward steps including;
- Secure design.
- Secure development.
- Secure deployment.
- Secure operation and maintenance.
14:15 EDT
45 minEffective and Dynamic Security and Operational Incident Response (IR) Plans
Vito Mangialardi, Business Continuity Management (BCM) and Operational Resiliency Strategic Advisor
- An Incident Response Plan is a written document, formally approved by the senior leadership team, that helps your organization before, during, and after a confirmed or suspected security incident.
- Massive cloud adoption, increasingly advanced attacks, a shift to work from home, ransom groups engaging in additional layers of extortion, more easily accessible versions of malware. You need a strong, up-to-date IR plan, including preparation, education and testing, so that you and your team are sure to rise to the occasion.
- Make incident response training a priority and incorporate cybersecurity into your business continuity plan considering preparation, detection/analysis, containment/eradication, and recovery.
15:00 EDT
15 minBreak
15:15 EDT
45 minOperational Resilience: Recovery of In-house and Third Parties Cloud Environments
Arunima Sharma, Senior Specialist, Enterprise Application Resilience, City of Toronto
- Operational resilience
- What are organizations aspiring to?
- Different types of hazards impacting your cloud
- Hazard Identification and Risk Assessment (HIRA)
16:00 EDT
45 minThe New Playbook on Ransomware –Shift from Prevention to Preparation and Recovery
In today’s digital landscape, the question is no longer if your organization will face a ransomware attack, but when. The traditional approach of striving to prevent ransomware attacks altogether is proving to be less realistic. As such, a shift in perspective is required—from prevention to preparation and recovery. This session aims to explore the multifaceted nature of ransomware risks and the imperative of a holistic business continuity and recovery strategy.
This session will explore:
- Why ransomware risks must be addressed from a business perspective—not just a technical one.
- Negotiate or don’t Negotiate? Pay or not Pay? What you need to know about ransom negotiations in advance of an attack – what are the legal and public perception repercussions if you don’t pay and who will be harmed?
- How to prepare for a Ransomware event
- Ransomware and insurance policies, do they go together?
16:45 EDT
End of Day One
Day Two: Wednesday, June 5, 2024
10:00 EDT
15 minWelcome and Opening Remarks from the Chair
Vito Mangialardi, Business Continuity Management (BCM) and Operational Resiliency Strategic Advisor
10:15 EDT
45 minImproving Organizational Resilience to Insider Risks: Insider Threats Playbook
Robert Pitcher, Industrial Cybersecurity Assessment and Certification, DND
What if the keys to your castle were in the hands of your most vulnerable employee? What if one of your trusted workers is also one of your biggest liabilities?
This session will:
- Explore Government of Canada Insider Risk Mitigation Strategies.
- Dramatically improve your organizational approach to managing the threats of individuals that both intentionally and unintentionally subvert your security from within.
- Guide you through industry best practices.
- Provide real-world examples of the cause and effect of failing to plan for insider risk threats.
11:00 EDT
45 minPlaybook for Safeguarding Digital Data – Privacy and Data Protection Legislation
Imran Ahmad, Partner and Head of Technology, Co-Chair Data Protection, Privacy and Cybersecurity
- Steps relating to business continuity
- Data collection
- Data mapping
- What must you do to comply with practical and legal requirements when a breach occurs?
- When must you report a breach to government? To those impacted?
- What is the reporting threshold?
11:45 EDT
45 minThe Role of Business Continuity for Executive Simulations Focused on Resilience
Aron Feuer, Founder and CEO (Chief Executive Optimist), Valencia Risk
- How can organizations drive the most value from investing in simulations?
- How do you stress-test business continuity during a simulation?
- Can you even do a BCP simulation without having a BCP?
- What are the most common gaps found during a BCP simulation?
- Stress-testing Resilience across People, Process, Technology, and Governance
12:30 EDT
60 minBreak
13:30 EDT
45 minBest Practices: Important Role of Internal Audit in Ensuring an Effective Business Continuity Plan
Greg Murphy, Vice President, Audit, Regulatory Compliance, and Controls, Metrolinx
- Role of Internal Audit (IA) departments in monitoring your organization.
- Need for IA needs to be acutely attuned to information technology (IT) and cybersecurity threats.
- Role of IA in conducting cyber risk assessments and evaluations of the organization’s data governance, cloud infrastructure and ability to confront ransomware attacks.
- Need for an IT IA plan to execute, measure and report findings.
14:15 EDT
45 minCyber Fire Drills: How to Run an Effective Cyber Table -Top Exercise
- How the best organizations are practicing their cyber response processes.
- Using cyber tabletop exercises to improve your ability to respond to cyber incidents.
- Allowing participants to practice prescribed responses to a threat.
- Debriefing and lessons learned.
- Help you buy additional time, prove or disprove they’re exfiltrating data.
15:00 EDT
45 minBreak
15:15 EDT
45 minFulfilling the Role of Governance in Cyber Security
- What are executives responsible for?
- Best practices in governance
- Are executives providing strategic direction?
- Is the board ensuring that objectives are achieved?
- Ensuring risks are managed appropriately
- Is the enterprise using resources responsibly?
16:00 EDT
End of Day Two