Course Overview

Breaches of information security are consistently one of the top two reasons for data protection regulator enforcement action. And fines for breaches of security are usually higher than for other types of breaches.

With mandatory breach notification under the GDPR and the significant uplift in potential monetary penalties, compliance professionals need to be suitably empowered with cybersecurity knowledge and awareness to assist their organisations to both mitigate ongoing data security risks and to deal with personal data breaches. It is also useful for compliance professionals to have a basic knowledge of cybersecurity terminology to facilitate effective communications with IT Team members.

This session is prepared specifically in the context of the GDPR and the objective of compliance professionals dealing more assuredly and knowledgeably with cybersecurity within their organisations. The session addresses:

• what exactly cybersecurity means and encompasses
• threats, vulnerabilities and risk from a security perspective
• comparing and contrasting “risk” in security, and data protection under the GDPR
• risk analysis and management from a security and data protection standpoint
• cryptography as a privacy tool: encryption, at rest and in transit; hashing and salting
• managing identity and authentication, security operations
• security baselines: including ISO 27001 and Cyber Essentials
• introduction to malware: botnets, ransomware, Denial of Service (and DDoS), Advanced Persistent Threats (APTs)
• personal data breach / incident management and crisis management
• business continuity planning and disaster recovery
• data breach simulations

No technical knowledge is required in order to attend this session. A basic working knowledge of data protection legal requirements would be useful. Delegates with limited data protection knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.