Cybersecurity Risks and Industry
Cybersecurity Risks and Industry
You might know everything you can about the cyber threat landscape, but do you have a plan of action to utilize that knowledge? Cybersecurity Risks and Industry teaches you to address gaps within your company in terms of the people, processes and technologies responsible for preventing, mitigating and responding to cyberattacks. Through practical learning scenarios that address common cybersecurity incidents and concerns, you will learn to develop an incident response plan for your organization; deputize non-security staff to participate; align processes, policies and tools to upgrade your company’s security capabilities; and prioritize strategic education initiatives for your team.
Installment payments are now available on all course purchases!
No Mandatory Login Times
4-6 Work Hours Per Module
Your Subject Matter Expert:
Jeffrey Groman, CISSP
“Feeling like you need infinite budget and headcount in order to tackle your cybersecurity to-do list? This course will help you prioritize and get the most value out of basic defense strategies.”
This practical cybersecurity course provides guidelines and best practices for implementing effective cybersecurity strategy within your organization. Learn how to assess tools and techniques, distribute responsibilities, educate your team, get the most out of your existing resources, and prepare your organization to face existing cyber threats today and respond with agility to those that may arise in the future.
Module 1: Assessing the Cyber Risk in Your Organization
Critically examine the impact of risks and external threats on your industry. Differentiate between the components of the governance, risk and compliance (GRC) model. Calculate common vulnerability scores when presented with data on different types of security vulnerabilities. Discuss how your organization can buffer its technological infrastructure by addressing gaps with the Common Vulnerability Scoring System (CVSS). Apply the GRC model to complete a practical learning scenario. Evaluate the consequences and components of the GRC model within your organization.
Module 2: Creating Security Policies and Exception Handling
Determine the impact of security policies within your organization. Differentiate between the characteristics of good and poor security policies. Match the descriptions of security policies to their appropriate titles. Discuss the critical role that security policies can have within your specific industry and how to socialize policies in your organization. Develop an example of a security policy or policy exception from a list of provided policy areas.
Module 3: Creating a Culture of Security
List strategies and tools that cultivate a culture of security within your organization. Describe the significance of security awareness and training at your company. Explain how to empower and motivate non-security staff to enforce and implement security protocols and policies. Discuss best practices and procedures for reducing security silo syndrome and increasing security awareness and training. Develop an action plan or training strategies at your company that revolve around a culture of security.
Module 4: Building a Security Architecture Function
Explain the investment that an enterprise architecture can provide to company leadership and organizations. Compare and contrast the function of security architecture functions, enterprise architecture and reference architecture. Describe the purpose, characteristics and requirements for an enterprise architecture. Discuss how security requirements and security architecture functions inform organizational goals and growth. Identify how to improve, update and prioritize security architecture functions within your organization.
Module 5: Prioritizing Security Technologies
Determine how your company can vet and select appropriate security tools, technologies and products. Examine what comprises a minimum viable security tool collection to enable efficiency among your security team. Locate and research different security vendors that your organization can utilize. Discuss the types of services and differentiating characteristics of security technologies, vendors and products. Describe the strengths, weaknesses, opportunities and threats of different security technologies to determine what is beneficial or disadvantageous for your organization.
Module 6: Developing an Incident Response Plan
List steps your company can take to implement and strengthen its incident response plan (IRP). Describe the roles and responsibilities that comprise an incident response team. Determine the signs of a security incident that assist with categorizing and rating their severity levels. Discuss the strengths and weaknesses of an incident response plan to prepare your company for the unknown. Describe how an incident response plan can be socialized and leveraged within your organization.
Module 7: Continuing Education for Security Teams
Explain what to prioritize when vetting security vendors to better inform your security team. Differentiate and identify the proper resources for the various security team roles. Analyze company breach reports to educate yourself and others on cybersecurity trends and various attack types. Discuss and share additional resources applicable to your organization or industry on security practices and education. Critique the content of security resources and explain how they can be implemented within your professional and work life.
Module 8: Putting It All Together
Identify strategies your company can employ to ensure leadership can respond to cyber attacks. Organize your security team and the security team functions so they integrate into the communicative structure of your organization. Explain the strengths of and methods to develop incident response plans. Discuss incident response plans as they relate to people, processes, technologies and proactive actions that mitigate risks. Evaluate how security team functions relate to developing an incident response plan.
Jeffrey Groman, CISSP
Jeffrey Groman, founder of Groman Consulting Group, is dedicated to helping organizations identify and resolve their greatest cybersecurity risks. Mr. Groman has worked in the security field for more than 20 years. As a cybersecurity consultant, he has guided major corporations, including banks, insurance companies and software providers through risk prevention and rapid response to incidents and security breaches.
Mr. Groman is certified in forensic analysis and application security, and previously worked with Mandiant Security Consulting Services and FireEye, providing strategic and incident response consulting to security teams and educating executives through delivery of SOC assessments. In these roles, Mr. Groman led a team of consultants and functional experts in working with a wide range of clients across multiple verticals, including NYC Health and Hospitals, Blue Cross Blue Shield Association, Ameriprise Financial, American Express, Ally, Huntington National Bank, Eaton, Caterpillar, DST Systems, Sprint and TransAmerica.
Mr. Groman is passionate about cybersecurity and partnering with clients to find solutions to complex issues. His book “Avoid These 11 Pitfalls and Minimize the Pain of Your Next Data Breach” is designed to help organizations learn from his decades of real-world experience. He has presented at Information Systems Security Association (ISSA) International, NetSecure, and Infragard conferences; briefed boards of directors; conducted tabletop exercises and workshops; and helped clients build security processes to be better prepared for the inevitable.
Mr. Groman has a BS in Electrical and Computer Engineering from the University of Colorado, Boulder.