Scribd
Upload
20 views24 pages

02 Movie Guidance

The document outlines a course designed to educate decision makers, particularly CEOs and board members, on the importance of cybersecurity. It includes various modules that cover topics such as cyber incident response, types of cyber attacks, risk management, and effective reporting techniques. Participants are expected to engage in discussions and practical exercises to enhance their understanding and ability to improve their organization's cybersecurity posture.

Uploaded by

mr.niceguyhat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views24 pages

02 Movie Guidance

The document outlines a course designed to educate decision makers, particularly CEOs and board members, on the importance of cybersecurity. It includes various modules that cover topics such as cyber incident response, types of cyber attacks, risk management, and effective reporting techniques. Participants are expected to engage in discussions and practical exercises to enhance their understanding and ability to improve their organization's cybersecurity posture.

Uploaded by

mr.niceguyhat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

How to Make Top

Managements Aware
of Cybersecurity
Subject Code: COM0010a Version 1.0 – 21/09/2021
INSTRUCTOR GUIDES MODULE 2
Course Goals
The participants are expected to understand how to make
decision makers (CEO and other board level management)
aware of the importance of cybersecurity and practice it.

2
Course Objectives
Module 1:
• Able to explain the methodology and relevant subjects of the
decision makers' thoughts and responsibility on cybersecurity.
Module 2:
• Able to propose appropriate responses to the cyber incident.

3
Course Objectives
Module 3:
• Able to recognize various types of cybersecurity attacks and
their impacts on the organization.
Module 4:
• Able to explain basic cybersecurity risks, management and
assessment.
• Able to show decision makers the specific steps to improve the
cybersecurity of their own organization.

4
Course Objectives
Module 5:
• Able to manage cyber risk processes including identification,
analysis, evaluation and addressing organization’s
cybersecurity threats.
Module 6:
• Able to make effective reports and presentations on the
importance of cybersecurity for decision makers.

5
Course Objectives and Participants

6
Prerequisites
The participants should have experience in managing IT related
divisions or sections, and have basic knowledge of cybersecurity.
When a security breach happens, the disruption and damage can
vary widely: the effects ripple through the entire organization,
often having significant operational and financial implications.
There are managerial, strategic, and financial considerations in
becoming cybersecure.
Managerial background especially related to IT and basic
knowledge of cybersecurity are needed for participants to better
understand the context of how cybersecurity influences decision
making and company policies.

7
Contents
• Pre Test
• Module 1: Introduction
• Module 2: Cyber Incident Response Exercise Using Movie
• Module 3: Cyber Attacks
• Module 4: Cybersecurity Management
• Module 5: Risk Management
• Module 6: Effective Reporting and Presentation Technique
• Post Test

8
Cyber Incident Response
Exercise Using Movie
Module 2
2.1.
Group Discussion
with Movie
Material

https://www.free-powerpoint-templates-design.com/simple-office-computer-view-powerpoint-template/

10
Group Discussion with Movie Material
• Cyber incident happens and grows bigger with unexpected
reasons
• Think of appropriate response towards the cyber incident
• Group discussion and presentation

11
Group Discussion with Movie Material
Scene 1
• Summary
• A stranger entered the office with following a staff
• A staff found a USB memory and took it and plug it into his PC.
• Purpose of this scene
• Raise awareness against bad habit
• Incident can be occurred from the situation where the CEO never
noticed – Need proper security policy
• Questions
• What are the observations in this scene?
• What are the potential risks in terms of cybersecurity?
• What must be improved?

12
Group Discussion with Movie Material
Scene 2
• Summary
• IT staff realize that a trouble happens in shared folder
• Files cannot be opened in whole company.
• Purpose of this scene
• The bad habit causes the incident (improper policy may cause the
incident)
• It’s the beginning
• Questions
• What are the observations in this scene?

13
Group Discussion with Movie Material
Scene 3
• Summary
• (IT team meeting) IT team noticed this is an incident cause by
ransomware
• They try to solve by themselves without reporting to managements.
• Purpose of this scene
• Explain the incident
• Showing the first action of IT team and manager – Correct or not?.
• Questions
• What are the observations in this scene?
• How they can identify this is caused by ransomware?
• What should the CIO do?

14
Group Discussion with Movie Material
Scene 4
• Summary
• Board meeting
• During the meeting, got blue screen in everyone’s PC.
• Purpose of this scene
• Incident spreads up to all employees even board levels before IT team
reports
• Questions
• What are the observations in this scene?
• What should the CEO and COO do?

15
Group Discussion with Movie Material
Scene 5
• Summary
• CIO and IT team reports the situation to CEO.
• CIO got angry and scolded them.
• Request investment of new software but rejected.
• Purpose of this scene
• Late reporting cause worse situation
• CIO doesn’t calm and instruct without consideration (Recall the
responsibility of CEO in cybersecurity).

16
Group Discussion with Movie Material
Scene 5
• Questions
• What are the observations in this scene?
• What was wrong in COO, CIO and IT team side?
• What should CEO instruct them?
• What are possible consequences?

17
Group Discussion with Movie Material
Scene 6, 7
• Summary
• Secretary got call from a media (Magazine).
• Secretary got a call from business partner.
• CEO got a call from regulator and he claimed about the information
leakage.
• Purpose of this scene
• It’s common that the media, business partner and regulator will
immediately contact if they found abnormal consequences
• It may happen before completing analysis and solution.

18
Group Discussion with Movie Material
Scene 6, 7
• Questions
• What are the observations in this scene?
• What the action of CEO and others cause this situation?

19
Group Discussion with Movie Material
Scene 8
• Summary
• The employees are talking about the incident
• A person at the next table is listening to the conversation and spread to
the public using SNS.
• Purpose of this scene
• Bad habit – Sensitive issue is discussed in the public
• Anyone can spread information to the public using SNS.
• Questions
• What are the observations in this scene?
• What was wrong? How can it be prevented?

20
Group Discussion with Movie Material
Scene 9
• Summary
• A meeting between CEO, COO, CIO and IT staff
• The incident has been solved.
• Purpose of this scene
• They got a lesson from the incident and CEO understood the
importance of cybersecurity
• Questions
• What things make this incident?
• How they solve this incident?
• What the company must change/improve to have better situation next
time?

21
Cyber Incident Response Practice

Practical Test

24
Cyber Incident Response Test
https://forms.gle/3T5iCg4M2ejaxQvg6

25
THANK YOU

You might also like