WIXLIB

CYBERSECURITY FORMANAGERS: A PLAYBOOKBUILD YOUR ACTION PLAN FORA MORE CYBER RESILIENT ORGANIZATION.Delivered in collaboration with

OVERVIEWWhen a security breach happens, the disruption and damage can varywidely. But one thing is for certain: the effects ripple through the entireorganization, often having significant operational and financial implications.Creating a cybersecure organization is a necessary goal today. Decisionsabout cybersecurity have implications throughout your organization—notonly for technology-focused teams, but for every team. Sophisticated phishing schemes, ransomware, and data breaches are on the rise, and theirlevel of complexity is increasing. Therefore, all of us have a role to play inkeeping our organization secure.In this program, you will learn:How to select and use the right frameworks to enhance cybersecuritydecision-making in your organizationSTART DATEDecember 19, 2019PRICE 2,800*DURATION6 week, excluding orientation5-6 hours/weekHow to assess risk, improve defenses, and reduce vulnerabilities in yourorganizationHow to speak the language of cybersecurity to enable informedconversations with your technology teams and colleagues, and ensureyour organization is as cybersecure as possible01*GST applicable to Singapore residents.

IMPACTUpon completion of the program, participants will be equipped with:A framework that provides a strategic view of an organization’scybersecurity risk management, including management mechanismsyou can put in place immediatelyA playbook with actionable next steps for improving a culture of cyberawareness within your organizationThe language and vocabulary to support informed conversation withyour CISO, CTO, and other technology leadersAn appreciation of how decisions made by technologists may affect thebusiness landscape within your organization“PAUL MCDONAGHSMITHDigital Capability Leader atMIT Sloan“In MIT Sloan online programs,we aim to build both capabilityand confidence. Insights aresupported by real-worldexamples and opportunities toapply what you are learning.”An awareness of the leading approaches to managing cybersecurity,including 'defense in depth' and the National Institute of Standards andTechnology (NIST) Cybersecurity FrameworkA practical interpretation of the tradeoffs between security and privacy,and a method for understanding your organization's prioritiesWHO SHOULD ATTENDThis online program is for business leaders, general managers, andexecutives looking to build an action plan for a more cyber resilientorganization. Technology and business consultants and others acting asliaisons between technology and business units will also benefit.Industry examples cited in the program include:TechnologyFinancial servicesInsurance nment organizations02

PROGRAM HIGHLIGHTSCybersecurity for Managers: A Playbook is an engaging, interactive, and personalized learning experience,built upon learning tools which include:A Personalized Cybersecurity Playbook:Bring together key concepts and insights fromTest out different budget scenarios forthe program modules to build an action plan—aprevention, detection, and response –playbook—of what you will do nextand learn how each affects profitabilityCase Studies and Examples:Industry Perspectives:Insurance case study on creating a culture ofIn depth interview with a cloudprevention and awarenesscybersecurity industry expertManufacturing case study featuring the NISTCybersecurity frameworkEthics considerations in cybersecurity exploredthrough a case study involving Apple Inc.03Interactive Cybersecurity Simulation:

PROGRAM MODULESThis program integrates rich, interactive media including videos and a simulation, as well as traditionalcomponents such as individual assignments. The program design facilitates collaborative learning throughdiscussion forums and live office hours. This results in an enhanced peer network that delivers value long afterthe program ends.ORIENTATION MODULEWelcome to Your Online CampusReceive an overview of the learning platform, including how to access videos, engage in discussion groups,submit application exercises, and contact your delivery support team.MODULE 1MODULE 2Understanding the ThreatLandscapeOrganizing Cyber ManagementPriorities: The NIST frameworkGain an overview of the key concepts andpractices in cybersecurity.Use the High-Tek Sensors case to learn about theNIST Cybersecurity Framework and apply keyconcepts to individual organizations.Dispel common myths such as 'cybersecurityis just an IT problem'Cyber safety: applying accident research toprevent cyber incidentsIoT: how expanding connectedness opens thedoor to cyber threatsMODULE 3Measuring Risk ExposureIdentify risk and use frameworks for measuringrisk.Overview of risk management practicesQualitative and quantitative frameworks formeasuring riskCyber insurance: risk transferInteractive case study: High-Tek Sensors(manufacturing)NIST Cybersecurity FrameworkApplying NIST to your organizationMODULE 4Improving Defenses withSystems and TechnologyLearn the basics of cybersecurity resourceallocation and the concept of ‘defense in depth’.Vulnerabilities and securitySimulation of cybersecurity funds budgetingInterview with a cloud cybersecurity expert on‘defense in depth’04

MODULE 5MODULE 6Building a Culture ofCybersecurityExploring Ethics inCybersecurityLearn about management mechanisms forinfluencing cybersecurity culture withinorganizations.Understand important tradeoffs betweensecurity and privacy.The Cybersecurity Culture ModelInteractive case study: insurance companyPractical steps for achieving organizationalsecurityConsiderations of ethics in cybersecurityusing the Apple-FBI controversy as anexampleFaculty roundtable discussionYOUR PLAYBOOKDeveloping an Action Plan for Your OrganizationIn this program, we will cover a number of itemsto assist in the management and leadership ofcybersecurity in organizations. We bring togetherkey concepts from the learning modules to createan action plan—a playbook—of what you will donext. This will enable you to have more informedconversations with your CISO or othertechnology leaders.Each module includes an exercise designed toallow you to apply key concepts and insights toyour own situation.By using the playbook, you will be able to:Apply concepts from the program to yourorganization.Create a list of actionable activities to implementin your work, teams, and organization from thispoint forward.05Note: Participants can print their playbook at the end of the program to have atakeaway resource.

PROGRAM FACULTYStuart MadnickJohn Norris Maguire (1960) Professor of Information Technology;Professor, Information Technology and Engineering Systems;Co-Director, PROFIT ProgramStuart Madnick is the John Norris Maguire Professor of Information Technologies atthe MIT Sloan School of Management, a Professor of Engineering Systems at the MITSchool of Engineering, and the Founding Director of Cybersecurity at MIT Sloan: theInterdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity.Madnick’s involvement in cybersecurity research goes back to 1979, when hecoauthored the book Computer Security. Currently he heads the Cybersecurity at MITSloan initiative, formerly called the Interdisciplinary Consortium for Improving CriticalInfrastructure Cybersecurity, aka (IC)3.Keri PearlsonExecutive Director, Cybersecurity at MIT SloanKeri Pearlson is the Executive Director of Cybersecurity at MIT Sloan and has heldpositions in academia and industry including Babson College, The University of Texasat Austin, Gartner’s Research Board, CSC, and AT&T. She founded KP Partners, aCIO advisory services firm and the IT Leaders’ Forum, a community of next generationIT executives. She is the founding director of the Analytics Leadership Consortium atthe International Institute of Analytics. Pearlson began her career at Hughes AircraftCompany as a systems analyst.Dr. Michael SiegelDirector of Cybersecurity at MIT Sloan (CAMS) and PrincipalResearch ScientistDr. Michael Siegel is a Principal Research Scientist at the Sloan School ofManagement, Massachusetts Institute of Technology. He is also the Director ofCybersecurity at MIT Sloan (CAMS). Dr. Siegel’s research focuses on themanagement, strategy, technology, and organizational issues related to cybersecuritywith specific interest in vulnerability markets, cyber risk metrics, dark web businessmodels, IoT endpoint security, cybersecurity workforce development, and educatingmanagement in cybersecurity. He also has done research in the intelligent integrationof information systems, risk management, insurgency and state stability, data analytics,healthcare systems, and systems modeling. Dr. Siegel has published articles on suchtopics as simulation modeling for cyber resilience, cyber vulnerability markets, datamanagement strategy, architecture for practical metadata integration, heterogeneousdatabase systems, and managing and valuing a corporate IT portfolio using dynamicmodeling of software development and maintenance processes. His research at MIThas continued for over 30 years and includes a wide range of publications, patentsand teaching accomplishments.06

WHAT PARTICIPANTS SAY“I have a much better understanding of the types of threats I need to considerfor my company, including some jargon I didn't previously understand. I lovedthe sections on building a culture of security and I am actively implementingsome of those ideas.”- Sarah Taylor, General Manager at Research SquareUSA“I really liked the simulation of applying costs for cybersecurity, and thediscussion about the Apple case. It makes one realize the number of layersaffected when such incidents happen.”- Bruno Schmid, Senior Security Engineer at AvectrisSWITZERLAND“The best part is the videos and especially discussions. Applying what you havelearned at the same time as learning from other students' points of view.”- Simon Mzaouakk, VP- Technology Officer at Watertown Savings BankUSA“Interactions with the class participants and simulations helped me understandwhat like-minded professionals face in their cybersecurity related challenges.”- Heng Chye Carter Tan, Enterprise Solutions Architect atKeppel Enterprise ServicesSingapore07

PARTICIPANT PROFILEPast participants come from a wide range of industries, job functions, and management levels—frommore than 33 countries around the world.Participants by Years of Experience18% 2% 26 yrsParticipants by Industry7% 5%1-5 yrs17%6-10 yrsHealthcareConsulting7%22%IT ServicesIT Products14%21-25 yrs31%18%41%Others*18%Banking & FinancialServices11-15 yrs16-20 yrsOthers* - includes E-commerce, Education, Electronics /Hardware, Energy, Industrial Goods, Media, Real Estate,Retail, Telecommunications and more.Participants by Job FunctionParticipants include entrepreneurs, intrapreneurs, individual contributors, and cross-functional teams.Representative job functions and titles include:08CEO & FounderHead of Risk ManagementChief Technical OfficerChief TechnologistCISOGlobal Security ManagerCTONetwork Infrastructure ManagerSenior Principal DirectorSecurity and Infrastructure ManagerDirector of Enterprise Information SecurityCybersecurity EngineerDirector of Emerging TechnologiesEnterprise Solutions ArchitectDirector of Cloud OperationsCloud Solution ArchitectAssociate Director, ITInformation Security AnalystVP- Technology Officer