ΠΕΡΙΓΡΑΦΗ

Due to the increasing number of technology threats, cyber security is of utmost importance for each organisation to safeguard their data and information. This course is essential in today’s world, as it will keep participants up to date with the latest information regarding cybersecurity threats and explain how to critically evaluate them and prevent them. Through real-life incidents, participants will learn how security attacks can be performed and how they can be identified timely. 

This seminar will also help in the reduction of human error, which is a common cause of security breaches. In addition, organisations will be supported in building a security culture, which will save money in the long run by preventing costly data breaches and will maintain their reputation by preventing security incidents that could be debilitating.

The course will include a number of areas for a holistic understanding of security principles in a theoretical manner and via the live demonstration of how cyber-attacks can be executed. The participants will have the opportunity to use their computers and participate in group exercises, simulating real-life events.

CPD

This seminar may contribute to Continuing Professional Development requirements. At the end of the seminar participants will be given a certificate of attendance confirming the total number of training hours (6 CPD).

ΣΚΟΠΟΣ ΣΕΜΙΝΑΡΙΟΥ

By the end of the training, participants will be able to:

• Describe cyber security principles
• Identify and name possible threats
• Correlate potential cyber events with the knowledge to be obtained via the training in order to identify real cyber attacks
• Develop critical thinking with regards to cyber security
• Demonstrate compliance with the basic cyber security principles
• Contribute towards maintaining the organisation's security culture
• Implement cyber security best practices and principles to safeguard data and information in a personal and corporate environment.

ΣΕ ΠΟΙΟΥΣ ΑΠΕΥΘΥΝΕΤΑΙ

This training is addressed to all types of employees (including upper management) that have access to data and information, either in electronic or physical form.

ΠΕΡΙΣΣΟΤΕΡΕΣ ΠΛΗΡΟΦΟΡΙΕΣ

Agenda

1. Introduction (30 minutes)

• Information Security Objectives
• The C.I.A.
• What is Information Security?
• Key Principles

2. Cyber and Information Security Threats (1 hour and 30 minutes)

• Terms & Definitions
• Why our Organisation
• Threat Landscape
• Threat Actors
• Malware
• Information Leakage
• Mobile Devices threats

3. Real life cyber security incidents (45 minutes)

• Presentation of recent cyber security incidents (2-3 cases) and a brief description of:

            o The type of the Attack

            o The damages caused

            o How could the attacks be avoided

4. Unauthorised Access (Physical & Logical)- Risk and Controls (30 minutes)

• Unauthorised Access Overview
• Unauthorised Physical Access
• Unauthorised Logical Access

5. Social Engineering (45 minutes)

• Social Engineering Overview
• What do the attackers think
• Anatomy of a Phishing Email
• Phishing Attack Demonstration / Simulation
• Vishing
• Smishing

6. Cyber Security Attack – Live Demonstration (30 minutes)

• Performance of a live social engineering attack to showcase how a thread actor can utilise social engineering techniques to harvest credentials and gain unauthorised access

7. Case study / practical exercise (45 minutes)

• Exercise 1: Group exercise for the development and identification of a phishing email in order for the users to be able to understand an attacker’s mindset, hence be able to identify similar attacks
• Exercise 2: Through the use visual media challenge the participants in identifying risks and controls in regards to information security

8. Cyber and information security controls (30 minutes)

• Presentation of Control Categories and sample of controls per category that can be established to safeguard an organisation’s information assets

9. Live Quiz (15 minutes)

Trainers

Stelios Katsantonis
Cybersecurity Specialist, Technology Consulting – MC, KPMG in Cyprus

Stelios is a Cybersecurity Analyst, with more than six years of experience in the field of Information Security and Cybersecurity. His expertise lies in the development and implementation of ISMS in line with ISO 27001, Security risk assessment and mitigation, Azure cloud security and the performance of Information Security Audits. Furthermore, he holds a BSc in Computer Security with Forensics focusing on Network security with a final project on containerisation and virtualisation.

Over the years, he has helped clients to develop solid Information Security Management Systems (ISMS) in line with ISO27001 and based on the results of a business impact analysis and risk assessment. He has also supported clients in the development of Business Continuity and Disaster Recovery Plans as well as test scenarios and facilitation of BCP/DRP tests.

Moreover, he has led and performed numerous Information Security Audits and Internal Controls Framework reviews for banking and financial institutions. He has performed a range of IT general control and application controls testing in external audit for a variety of sectors including Banking, Insurance, Financial Institutions, Forex Trading, Telecommunications, etc.

Finally, he has participated in a number of International Standards for Assurance Engagements, ISAE3000 and Service Organisation Control (SOC2) reporting for clients in various sectors.

Elena Soteriou
Senior Manager, Technology Consulting – MC, KPMG in Cyprus

Elena has more than eight years of experience in Cyber Security and IT Assurance. Her expertise lies in the fields of IT Audit, Attestation Engagements and Information Security Audits. Her main areas of focus are the provision of IT/IS Audits as part of internal and regulatory audits, with emphasis on the effectiveness of the internal control environment, the development of ISMS in line with ISO 27001 and the performance of attestation engagement.

Over the years, she has helped clients to develop solid Information Security Management Systems (ISMS) in line with ISO27001 and based on the results of a business impact analysis and risk assessment. She has led and performed numerous Information Security Audits and Internal Controls Framework reviews for banking and financial institutions. She has also performed a range of  IT general control and application controls testing in external audit for a variety of sectors including Banking, Insurance, Financial Institutions, Forex Trading, Telecommunications, etc.

Moreover, she has led a number of International Standards for Assurance Engagements ISAE3402, ISAE3000 and Service Organisation Control (SOC2) reporting for clients in various sectors. She has supported the development of IT Governance Frameworks adjusted on clients’ needs based on relevant standards (COBIT, ITIL) as well as the development of Business Continuity and Disaster Recovery Plans.