Course delegates will be given an outline of what a Cyber Breach Response Plan contains, what it aims to achieve, what the important questions need to be asked and who needs to engage with the plan. Your objectives:

• Protection of company reputation/brand in the media
• Protection of financial and operational assets
• Preservation/retention of customer base/supply chain

• Enhance the understanding of the current threat landscape
• Protecting company reputation/brand in the media
• Securing financial and operational assets
• Safe Guarding /retention of customer base/supply chain
• Learn to Identify the details of the breach - includes attribution
• Effective handling of 3rd Party Supply Chain Management
• Develop world class playbook contents
• Understanding Management reporting & compliance matrix
• Developing Cyber Breach response plan

Plan/Playbook Contents

• Threat Scenarios
• Start to build your breach playbook
• Assess your external exposure - no unknowns
• Detail all the ways in which your business could face cyber threats
  o Social media
  o Defaced website
  o Applications attacked and customer data leaked o Your own examples…

Communications and initial work streams

• How and when do you convene?
• What the running order should be in the event of a breach being identified.
• Initial press statements
• Parallel processing of investigations and forensics
• Management of external and internal stakeholders
• What CAN you do in the event of a breach plan initiation? - No ambiguity!
• Press briefing pack
• Website statement/holding page
• Social media statement
• All hands staff statement

Mobilizing the plan

• Who to involve
• RASCI matrix to define roles and responsibilities
• Call trees and escalation plan
• How to choose the leader?
• Terms of reference for response group
• Video conference and telephone dial-in options
• How many members constitute an operational quorum?
• Board Mandate

Work Streams

• Identify the details of the breach - includes attribution
• Contain the breach
• Eradicate the threat from your environment
• Document Improvements to prevent a similar breach in the future

3rd Party Supply Chain Management

• SLAs – Your right to conduct a zero-notice audit
• Collaboration in public statements in the event of a breach

Group Exercise: Plan your own table-top exercise for your company

• Start to put together elements of your own plan to re-enact your very own playbook

Live Simulation

An exciting, insightful and captivating climax to the day. With each course delegate playing a key role, the group will undergo a simulated, accelerated real-time incident complete with the ‘twists and turns’ of real life scenarios, arming you with the necessary experience and tools to conduct your own dry-run/plan testing and to give you a great level of confidence that you can avoid some of the common mistakes in breach handling.

Q & A

Certificate Distribution with Ending Ceremony

Phil is regarded as one of Europe’s leading information security experts. He has held several CISO (Chief Information Security Officer) roles spanning five different industry sectors.

With over 28years’ experience gained in a variety of high-profile technology and security management roles, he offers a unique insight to the world of information security, cyber-threats, and risk management. He is a regular speaker at UK, Middle Eastern and European conferences. As national publicity on the subject of ‘Wireless security’ peaked in 2002, Phil became somewhat of a cyber-security celebrity with appearances on Sky TV, BBC News and in national and industry press. Phil remains highly technical with a hands-on security capability not normally present with someone of his seniority in the industry.

• Runner-up in the SC Awards 2017 CISO of the year category 
• Runner-up in the SC Awards 2017 CISO of the year category 
• Voted Cyber Security Awards Personality of the Year – July 2015 
• Former non-executive director for a Scottish investment company - 2016 
• Head of Information Security for TNT Express ICS – Oct 2012 to January 2014 – interim role to  structure the information security across 64 global regions 
• Virtual (interim) CISO for two UK Airports and a mobile network operator – 2014/2015 
• Global Director of Security for Yell Group plc.  from April 2010 to August 2012 
• Significant cyber-intelligence experience with UK Intelligence Services (1993-1995 and 2001-2003) and consulted for recent government cyber-crime initiatives 
• From 1998-2000 Phil was the Global CISO for Japanese investment banking giant Nomura 
• Phil has worked extensively with UK government departments and CESG on the design, implementation and operations of new connections to the government network (GSI/PSI) and ISO 27001 compliance and HMG standards 
• Phil was the director of the Security Consulting Practice for Capgemini UK- 2006 and then Deloitte in 2007/8 – 2006-2008 
• Sept 2006 – Appointed UK President of the ISSA 
• 2008-9 –  Based in Luxembourg, Phil became Skype’s as Head of  
• 2009-10 – Phil worked as Head of Information Security for King Abdullah in Thuwal, Jeddah in Saudi Arabia. 
• Guest lecturer at Oxford University (June 2013) for the Cyber-security course 
• Guest lecturer at Royal Holloway on Fred Piper’s Information Security Degree course for several years