Cyber Threats - What Operational Risk Managers Need To Do 
About The Seminar
In the face of increasing sophistication, resources and skills in the hands of criminals, the concern about cyber threats is now very high among directors and regulators. Often ORM units feel they should make a contribution to this important field but haven't identified how they can best do so. This course shows the way by defining the special role they can play and the techniques to use.
The constantly growing types of cyber attack damage a firm in different ways. Each type of attack requires very different types of response. Although cyber defence technology is a specialist IT area, there is essential and important work for the Operational Risk Manager to do. This is especially with helping non-IT departments to play their part in risk control, and to enable directors and their corporate, business, financial and administrative units to know how best to respond to each of the different types of attack in order to minimise the financial and reputational damage to the firm.
Operational Risk Management also must provide risk assessments for inclusion in the Capital Adequacy assessment for the Directors’ needs as well as regulatory requirements in connection with Capital Adequacy and Pillar 2.
SEMINAR INTRODUCTION
This course provides information about how different types of Cyber attack can affect the company. Techniques and approaches for planning appropriate company-wide response plans minimising financial, regulatory and reputational damage will be set out, with worked examples and a practice case. Methods for assessing the potential damage for advice to the Board and for capital adequacy purposes will be provided.
The emphasis in this course is not to provide a technological briefing on how threats work, but on how to prepare the firm as a whole to be resilient and to prioritise defensive measures best.
KEY LEARNING OUTCOMES
- Identify dependencies in the business and operating models of the company
- Recognize key types of cyber attack and their consequences
- Apply quantitative and qualitative risk assessment methods for financial and other damage
- Prepare optimal response plans across the company
- Design root cause analysis and fault trees to identify potential vulnerabilities
- Develop non-technological controls to limit the vulnerabilities
- Test and improve response strategies for different types of attack
- Assess capital requirements through scenario analysis
WHERE & WHEN
Date: 6th December 2018
Venue: Kuala Lumpur
For enquiries please contact:
Mathias Sosovele
Account Manager, REDmoney Seminars
Mathias.Sosovele@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 25
Normariya Sariman
Account Manager, REDmoney Seminars
Normariya.Sariman@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 44
Ramesh Kalimuthu
Events Sales Director
Ramesh.Kalimuthu@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 65
Fax: +603 2162 7810
For sponsorship opportunities:
Andrew Tebbutt
Managing Director
Andrew.Tebbutt@REDmoneygroup.com
Direct Line: +603 2162 7802
For speaking opportunities:
Suhail Sinnalebbe
Senior Events Producer
Suhail.Sinnalebbe@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 43
For marketing and media enquiries
Clement Anthony
Marketing Executive
Clement.Anthony@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 22
Standard: RM1,999
Register before 2nd November 2018
About The Seminar
In the face of increasing sophistication, resources and skills in the hands of criminals, the concern about cyber threats is now very high among directors and regulators. Often ORM units feel they should make a contribution to this important field but haven't identified how they can best do so. This course shows the way by defining the special role they can play and the techniques to use.
The constantly growing types of cyber attack damage a firm in different ways. Each type of attack requires very different types of response. Although cyber defence technology is a specialist IT area, there is essential and important work for the Operational Risk Manager to do. This is especially with helping non-IT departments to play their part in risk control, and to enable directors and their corporate, business, financial and administrative units to know how best to respond to each of the different types of attack in order to minimise the financial and reputational damage to the firm.
Operational Risk Management also must provide risk assessments for inclusion in the Capital Adequacy assessment for the Directors’ needs as well as regulatory requirements in connection with Capital Adequacy and Pillar 2.
SEMINAR INTRODUCTION
This course provides information about how different types of Cyber attack can affect the company. Techniques and approaches for planning appropriate company-wide response plans minimising financial, regulatory and reputational damage will be set out, with worked examples and a practice case. Methods for assessing the potential damage for advice to the Board and for capital adequacy purposes will be provided.
The emphasis in this course is not to provide a technological briefing on how threats work, but on how to prepare the firm as a whole to be resilient and to prioritise defensive measures best.
KEY LEARNING OUTCOMES
- Identify dependencies in the business and operating models of the company
- Recognize key types of cyber attack and their consequences
- Apply quantitative and qualitative risk assessment methods for financial and other damage
- Prepare optimal response plans across the company
- Design root cause analysis and fault trees to identify potential vulnerabilities
- Develop non-technological controls to limit the vulnerabilities
- Test and improve response strategies for different types of attack
- Assess capital requirements through scenario analysis
Standard: RM1,999
Register before 2nd November 2018
Seminar Agenda
- Cyber Risk – Emerging Threats and No End in Sight
-
- Consequences of recent technologic developments
- The vulnerability of today’s business models
- Past is no guide to future exposure – how to look ahead
- New technological developments bringing new cyber threats
- Regulators’ involvement
-
- Understanding the Key Assets of the Firm*
- Assessment in Regulation of Banking, Insurance and other Financial Sectors
- Mapping key functions of the company with its assets of data, processes, etc
- How loss of any assets affects the company in its operations and responsibilities
- Identifying dependencies in the business and operating models of the company
- Significance of third parties/outsourced services
- Key Types of Attack*
- Various Objectives of the Cyber Criminals
- The key types of cyber attack and their consequences Corporate and Business Impact Assessment*
- How functions and responsibilities are affected by different types of attack
- Quantitative and qualitative risk assessment methods for financial and other damage
- Use of event trees to identify and analyse consequences
- Data sources
- Building Corporate Resilience – The Role of the Operational Risk Manager
- Cascade of briefings to board and management on business implications and exposures
- Project planning to prepare optimal response plans across the company
- Organisation and resources for cyber risk management
- Engagement with third party service providers
- Response Planning Techniques*
- Using root cause analysis and fault trees to identify potential vulnerabilities
- Development of non-technological controls to limit the vulnerabilities
- Uses of decision trees
- Introduction to bayesian methods.
- Testing and improving response strategies for different types of attack
- Risk Monitoring and Reporting of Evolving Cyber Threats
- KRIs
- Periodic briefs
- Use in Capital Adequacy
- Key risk for inclusion in pillar 2
- Scenario analysis to assess capital requirement
- Meeting the Interest and Requirements of Banking, Data etc Regulators
- Key risk for inclusion in pillar 2
- Scenario analysis to assess capital requirement
* marks topics that will be supported by Case Studies, Examples, and Practical Exercises. (Please use it as page note at the end of the page)
- Schedule of the Seminar
- 08.30 – 09.00: Registration
- 09.00 – 10.30: Session 1
- 10.30 – 11.00: Coffee Break
- 11.00 – 12.30: Session 2
- 12.30 – 14.00: Lunch & Prayer Break
- 14.00 – 15.30: Session 3
- 15.30 – 16.00: Coffee Break
- 16.00 – 17.30: Session 4
SEMINAR SPEAKER
 Edward Sankey |
Edward is a managing consultant in corporate and operational risk management in banks and insurance companies. His career has included in addition to the UK, an executive post in New York. His project assignments have also been in South East Asia, mainland Europe, Russia and elsewhere. He had a long assignment as Interim Director and Approved Person by the UK Regulator, Operational Risk and member of the Risk Committee at Santander UK. Edward has previously led risk consulting activities in Marsh Europe (in the Marsh and McLennan group of companies), City Practitioners, AEA Technology/Risk Solutions and KPMG. Projects have been in wholesale markets, retail and corporate banking, insurance, investment management, full range major banks, and for a regulator/supervisor.
He is the Past Chairman and a Fellow of the Institute of Operational Risk, the leading professional body focusing on high standards in this risk field. Edward is also an Honorary Life Member of the Institute of Risk Management. He is a member of the City Values Forum set up by the Lord Mayors of London which focuses on organisations’ cultures and individuals’ behaviors. |
SEMINAR SPEAKERS
Edward is a managing consultant in corporate and operational risk management in banks and insurance companies. His career has included in addition to the UK, an executive post in New York. His project assignments have also been in South East Asia, mainland Europe, Russia and elsewhere. He had a long assignment as Interim Director and Approved Person by the UK Regulator, Operational Risk and member of the Risk Committee at Santander UK. Edward has previously led risk consulting activities in Marsh Europe (in the Marsh and McLennan group of companies), City Practitioners, AEA Technology/Risk Solutions and KPMG. Projects have been in wholesale markets, retail and corporate banking, insurance, investment management, full range major banks, and for a regulator/supervisor.
They have covered:
- Directing operational risk management including scenario analysis for Directors and Risk Committee
- Upgrading risk management frameworks: information, organisation, and processes
- Assessment and control of strategic and operational risks
- Preparing Basel Capital Adequacy assessments and the Pillar 2 ICAAP Report (UK Capital Adequacy Assessment to the Regulator)
- Enhancing major projects, M&A, outsourcing through risk management
- Training directors, managers and staff in risk management
He is the Past Chairman and a Fellow of the Institute of Operational Risk, the leading professional body focusing on high standards in this risk field. Edward is also an Honorary Life Member of the Institute of Risk Management. He is a member of the City Values Forum set up by the Lord Mayors of London which focuses on organisations’ cultures and individuals’ behaviors.
Contact us
For enquiries please contact:
Mathias Sosovele
Account Manager, REDmoney Seminars
Mathias.Sosovele@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 25
Normariya Sariman
Account Manager, REDmoney Seminars
Normariya.Sariman@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 44
Ramesh Kalimuthu
Events Sales Director
Ramesh.Kalimuthu@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 65
Fax: +603 2162 7810
For sponsorship opportunities:
Andrew Tebbutt
Managing Director
Andrew.Tebbutt@REDmoneygroup.com
Direct Line: +603 2162 7802
For speaking opportunities:
Suhail Sinnalebbe
Senior Events Producer
Suhail.Sinnalebbe@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 43
For marketing and media enquiries
Clement Anthony
Marketing Executive
Clement.Anthony@REDmoneygroup.com
Direct Line: +603 2162 7800 ext 22
For any inquiries contact us
Our team will be glad to answer any questions you may have about this seminar.
