Cyber-attacks and incidents affect every aspect of an organization, often disrupting normal business which affects our customers/members and possibly the integrity of payment processing causing financial loss, lawsuits, brand damage, and more. A poor response to cyber-incidents is often more devastating than the attack itself, yet many organizations report they do not have an appropriate cyber incident response plan. Only by careful planning, documenting and testing can we effectively protect our customers/members, payment processes, and the organization’s reputation.
The workshop explores the effects of cyber-attacks and sound mitigation strategies necessary for effective cyber-incident response from multiple perspectives including Operations, Call Center, Vendor Management, and more. This course is intended for a varied audience as we explore the people, processes, and payment integrity aspects of responding to today’s cyber-threats.
NOTE: This is NOT a technical networking or network infrastructure workshop.
Attendees will receive a sample Security Incident Response Plan (developed by law firm Stinson Leonard Street, LLP), plus other valuable take-away, resources and action items.
Develop an effective Incident Response Team
Correlate critical components of an effective Cyber Incident Response Plan
Isolate operational challenges and counter-actions
Document critical provisions of any crisis communication program
Record action items from unique perspectives
Create appropriate responses to mock cyber incidents
Incident response teams
Risks related to reliance on critical vendors
Cyber response by function (i.e. call centre vs. operations)
Crisis communications program
Management and the Board
DAY 01(8:30 AM - 4:00 PM)
Registration Process: 8:30 AM – 9:00 AM
Session Start Time: 9:00 AM
8:30 am - 9:00 am: Registration
Attendees help develop the course agenda by identifying their unique questions, needs, perspectives, experiences, etc.
9:00 am – 10:15 am: Introduction to Cyber Incident Response Plans
Incident Response Teams
Critical functional areas to involve
Critical assets and processes
10:15 am – 10:30 am: Break
10:30 am – 12:00 Noon: Plan Development
Inherent risks by industry
Risks presented by vendors / solution providers
Unique response needs by functional area
Board and Exec. Management involvement
Involving external partners – vendors, law enforcement, experts
Bringing it all together
12:00 Noon – 12:45 pm: Lunch
12:45 pm – 1:30 pm: Plan Development continued
1:30 pm – 1:45 pm: Break
1:45 pm – 4:00 pm: Crisis Communication Program
Three stages of effective crisis communication
Tips on analyzing the program
How Leadership team supports an effective crisis communication program
The Crisis Communications Checklist
DAY 02(9:00 AM - 11:30 AM)
9:00 am – 9:15 am: Questions and thoughts from Day 1
9:15 am – 11:00 am: Workshops and roundtables
Group exercises – Cases simulate real situations. Cases are all true situations where attacks resulted in significant operational issues and significant losses. Attack details are provided throughout, simulating an actual incident where not all details or evidence is apparent during the initial attack. Attendees, working in cyber incident response teams, will work through studies to define appropriate courses of action and identify potential pitfalls.
11:00 am – 11:30 am: Conclusion
Group discussion of findings and recommendations
Final questions, resources, review takeaways