Managing Cyber Risk
(is your business)

Lead your organization to conquer cyber risk. Learn what you need to do to protect your company, your customers, and your strategic partners in a world at cyber war.

Available as One Day or Two Day Custom Workshop for Your Organization

Participants who complete the workshop will receive a digital badge from St. John’s University.

Workshops will be conducted via St. John’s online collaboration platform.

24 Enrollment limited to 24 to facilitate interaction and breakouts.

Contact a workshop specialist to design a program for your organization.

stjohns-cyber@e2collab.com

“Technology itself is not what is lacking to rectify the offense-defense imbalance. It is leadership thinking holistically about the nature of the cybersecurity challenge and looking for systemic solutions, cooperation among large enterprises facing similar risks, and an awareness in corporate and governmental leadership that cybersecurity is expensive, essential to the operation of any major entity and demanding of a continuous and creative whole-company approach.”

Richard A. Clarke & Robert K. Knake

Businesses need “a risk-oriented, holistic, and validated view of the company that considers the financial and business aspects of cybersecurity” and “captures attributes such as governance, culture, decision making practices” to build a “wider treatment of the company’s cyber risk profile.”

Harvard Business Review

“Though many boards are working to integrate cybersecurity into their overall risk efforts, they have not yet learned to measure these risks consistently and to maximize value for money.”

McKinsey

The Challenge

The rapid digitization of the economy and society is relentless. Businesses are more dependent than ever on internet and cloud technologies to drive hyperconnectedness both within organizations and across customer and supply chain networks. At the same time, the cybercriminal threat to disrupt these networks continues to grow as attacks increase in both frequency and severity. A global, remote workforce of billions makes every home Wi-Fi network a potential starting point for a crippling cyber event.

The numbers are staggering. Cybercrime is expected to cost global businesses $700 billion this year and increase to over $1 trillion by 2023. An estimated 8.4 billion data records were exposed in the first three months of 2020 alone. The average company suffers 145 breaches every year. Ransomware is the #1 cause of loss for small and midsize businesses. In a recent survey of risk management experts, cyber incidents ranked number one among all business risks.

Corporate Boards have taken notice. According to McKinsey, 95% of them discuss cyber risk four or more times a year. Many are appointing cyber experts as Directors or creating special committees focused exclusively on cyber risk. A bill was introduced into Congress last year requiring that companies either have a cybersecurity expert on their board or disclose why they believe they don’t need one. However, challenges remain. Many executives are ill-equipped to have the “board conversation,” leaving them and their organizations vulnerable in the face of ever-escalating threats.

Managing cyber risk is your business. Let’s do something about it.

The Response

Managing Cyber Risk (is your business)

A Holistic View of Cyber Risk and the Technical, Business and Legal Strategies to Manage it

This one or two day synchronous, online workshop:

1
Enables you to understand the risks your organization faces and the strategies you can take to mitigate them.
2
Broadens the aperture, approaching cyber risk from a lens that integrates technical, business, and legal contexts.
3
Integrates academic learning with the practical experience of industry professionals.

When it comes to cyber risk, we are clearly at a learnable moment. It is time for a wake-up call and a recognition that it is an enterprise risk that will only be solved by an entire organization. Conventional cyber education is not up to the task. It is too technology-focused. Organizations fail to see cyber risk as a business challenge, much less empower leaders to do something about it.

Managing Cyber Risk is different. It is designed for non-technical executives to help you develop the know-how to tackle cyber risk holistically and to enable business people to understand and think differently about cyber risk.

This holistic view of cyber risk empowers you to have a conversation with your Board and emphasize to all employees their role in protecting the company against cyber threats.

The Collaboration

Managing Cyber Risk is presented by The Lesley H. and William L. Collins College of Professional Studies at St. John’s University in partnership with the e2 collaborative, a pioneer in the curation and delivery of live-online executive education experiences.

The Lesley H. and William L. Collins College of Professional Studies

The Lesley H. and William L. Collins College of Professional Studies develops well-rounded professionals capable of integrating theoretical knowledge with applied concepts learned through classroom, practice, online activities, local and global service-learning, and academic and career-focused internships.

Innovative and fast-paced professional programs — in administration and economics, analytics, communications, computer science, criminal justice and homeland security, information technology, journalism, media, sport management, and more — embed foundational social sciences topics in the various professions, cultivating both general and specialized competencies.

About e2 Collaborative

The e2 Collaborative curates, designs, and delivers transformative workshops that enable organizations to cultivate the next generation of leaders and maximize their return on people. Our workshops combine advanced diagnostic instruments, proven social science research, and customized experiential content specific to our participants’ industry, objectives, and environment.

The e2 Collaborative is reinventing executive education with an unwavering purpose: helping leaders to foster and drive exponential engagement across their organizations, market ecosystems, and society at large in order to deliver sustainable performance.

The Content

1. Cyber Crime and Cyber Criminals: The Landscape

Cybercrime has evolved from the work of isolated hackers to include that of states and organized groups. Its focus now is less on individual exploits aimed at stealing customer data or trade secrets and more on systemic campaigns with broad impact. We will:

Survey the landscape of cybercriminals. Who are they and who they are becoming?
Consider the range of cyber targets from high-profile individuals to organizations, nation states, and even economic systems.
Explore their motivations. What are they after – confidential information, disruption, ransom?
Drill into two case studies: the very recent SolarWinds Orion exploit as well as the Notpetya attack, the most impactful cyber event on record.

2. The Government’s Role: Regulation, Investigation and Criminal Enforcement

Governments play an important role in regulating and responding to cyber risk. They can, depending on circumstance, be both ally and adversary. We will:

Demystify the complex regulatory and statutory context for cyber risk. What is my organization obligated to do and why?
Evaluate government’s role as partner in monitoring cyber risk and detecting cyber incidents.
Learn what various authorities do after an event. What will they do to catch the bad actors? Will they come after us?

3. The Threat and Its Impact: Breach, Denial of Service, and Ransomware

Large organizations are under constant attack from cyber criminals. A working knowledge of both the principal types of attack and of the methods (vectors) used by attackers is a prerequisite to managing cyber risk. We will:

Survey the principal types of attack considering similarities and differences between data breach, denial of service, malware/wiper, and ransomware events.
Explore attack vectors including social engineering, phishing, software and network vulnerability exploit, and supply chain injections.
Consider in depth the specific challenges of ransomware and the unique dilemmas it poses to enterprises and public authorities.

4. Outside the Firewall: Obligation and Indemnity across the Supply Chain

You are only as strong as your weakest link. Complex supply chains which extend far beyond the organizational firewall bring with them both significant cyber risks and responsibilities. We will:

Evaluate how cyber risk cascades through networks of partners and providers, creating complex mutual obligations to protect and defend.
Explore both commercial and legal implications of these obligations with a particular focus on legal trends regarding liability and indemnification.
Consider cross-national differences and jurisdictional hotspots and their influence on an organization’s cyber risk posture.
Gain hands on experience with tools to measure and evaluation your supply chain partners.

Exercise - With Friends Like These: Real Time Analysis of Your Supply Chain Partners

5. The Race to Protect 1: Processes, Frameworks and Protocols

Managing Cyber Risk requires behavioral change across the organization. Several groups and government bodies have built models and frameworks to codify and institutionalize best practices and processes to protect organizations from cyber criminals. We will:

Explore the concept and operation of cyber control frameworks and their relation to broader approaches to quality (ISO) and audit (SOC) protocols.
Compare and contrast 4 general principal control frameworks (NIST, CIS, ISO and COBIT) along with specific industry extensions like HITRUST for Healthcare and PCI for payments.
Identify key weaknesses across the frameworks and discuss strategies to address them.

6. Adding it Up: Qualifying and Quantifying Enterprise Cyber Risk

Cyber risk is a moving target. The evolving nature of the threat, the diversity of its targets, and the complexity of supply chains, including critical infrastructure, through which attacks often happen makes risk quantification both challenging and error prone. We will:

Survey several case studies to categorize the types of costs organizations face when they are attacked looking specifically at the impact of data loss, system restoration and remediation, business interruption, legal and regulatory consequences, and ransom.
Evaluate frameworks for quantifying your organizations cyber risk.
Develop an approach to quantifying and justifying investments in cyber protection and risk mitigation.
Simulate the impact of cyber events of varying likelihood and severity.

Exercise - How Bad Can It Be: Simulating Likely, Unlikely, and Worst-Case Scenario

7. The Race to Protect 2: Security Technologies

Cybersecurity is the fastest growing segment of the enterprise technology market. According to Gartner, the information security market will reach $170.4B by 2022. We will:

Develop a working knowledge of the principal types of security technology (Authentication/authorization; endpoint protection; network segmentation; SIEM) and their role in protecting organizations from cyber criminals.
Consider the impact of the race to the cloud and how providers like Amazon, Microsoft, and Google impact your organizations cyber risk posture both positively and negatively.
Learn what security teams in your organization do on a daily basis through a simulation that takes you inside a security operations center.

Exercise - The Room where It Happens: Inside the SOC as an incident emerges

8. Spreading the Risk: The Logic and Limits of Cyber Insurance

Cyber Insurance is the fastest growing form of insurance in the market. The scale of recent cyber events, however, have led many to doubt both its effectiveness and viability. We will:

Learn what cyber insurance typically covers and what it doesn’t.
Evaluate its role as part of a holistic cyber risk management strategy.
Consider its uncertain future as well as the role that government may be called to play as backstop in insuring against catastrophic cyber events.

9. When it Happens: Event Response & Forensics

It’s a question of when, not if. Organizations need a holistic approach to manage cyber events across the business to mitigate their impact and maintain the confidence of customers and partners. We will:

Explore the cyber “kill chain” and how it works to respond to the full lifecycle of a cyber event and limit damage.
Consider approaches to the restoration of key systems and business processes, the remediation of vulnerabilities, and management of economic and reputational business consequences.
Drill into forensic methods to identify and prosecute offenders.
Simulate a breach event in a live table-top exercise.

Exercise - Putting the Toothpaste Back in the Tube: Table-Top Exercise after a mock Breach

10. Making a Plan: Strategies to Develop a Business-Focused Cyber Risk Posture

You are now ready for the Board Conversation. What should you say? We will:

Drill into the elements that should be part of your organization’s cyber risk plan and create a template suitable for senior executive review.
Discuss your role as a leader in protecting your organization from cyber criminals.
Revisit the two case studies to evaluate what might have been done differently to have reduced their impact and cost.

The Result

Managing Cyber Risk is a unique, synchronous, online Executive Education experience. Successful completion enables you to:

Become a cyber risk leader within your organization.

Articulate a big picture, holistic perspective ready for the Board conversation.

Incorporate cyber risk considerations in both strategic planning and daily decision-making.

Gain a deepened awareness of cyber risks, their severity, and develop plans to mitigate them.

Understand the investments your organization needs to make in hardening its cyber posture.

Learn to work across your supply chain and with insurers to balance cyber risk effectively.

The Leaders

Suzanna Schmeelk, Ph.D.

Dr. Schmeelk is an Assistant Professor of Cybersecurity and Director of St. John’s University’s Master of Science in Cyber and Information Security degree program. She has more than 14 years of technical information security industry experience.

Seth Rachlin of Capgemini (pictured in brown blazer)

Seth Rachlin, Ph.D.

Dr. Rachlin is Global Insurance Industry Leader for a top 5 global consultancy and a Lecturer at the Harris School of Public Policy at the University of Chicago. He has more than 25 years of experience building and advising companies.

You

Managing Cyber Risk is intended for leaders in business units, functions or processes, and for those keen to ensure your domain is one that is leading the enterprise in proactively identifying and addressing areas of improvement.

The Experience

Live, synchronous, online learning can be just as successful as a traditional classroom model. Online learning can be more inclusive and more intimate, enhancing peer-to-leader, and peer-to-peer education. In no area is this truer than executive education, where you and your fellow learners are located across the world and face the demands of full-time jobs.

Dialing in to a dreary webinar is a thing of the past. At e2 collaborative, we bring our efforts into the digital era in three ways.

Technology

Digital education requires digital tools: high-quality webcams, microphones, and studio lighting. This baseline technology helps our leaders to pick up on and respond quickly to your reactions. A knowing smile may indicate that one of you has a relevant example to share; a glance away may indicate skepticism about a claim being made. With the right technology, we address these responses in real time.

Community

Our experiences are capped at 24 participants, which we’ve learned is the sweet spot of peer-to-peer learning—large enough to offer the benefits of diverse experiences, while small enough to facilitate valuable dialogue. This gives our experiences the feel of a graduate seminar, with smart and impassioned faculty and students embarking on a shared journey. You’ll feel like you’re having a meaningful dinner-table conversation with close friends.

Pedagogy

All of our offerings are experiential learning. Our leaders minimize lecturing. Instead, we blend theory, cases, and exercises. Research-based theory is critical to helping you understand the general principles that can be applied to your business settings. Cases, meanwhile, provide a common set of examples, helping you understand how others have implemented theory. Simulations show you how to apply the lessons learned.

Managing Cyber Risk
(is your business)

Become a cyber risk leader for your organization. Understand what you need to do to protect your company, your customers, and your strategic partners in a world at cyber war.

Contact Us

Name*
First Last
Organization*
Email*
Phone
How can we help?
Name
This field is for validation purposes and should be left unchanged.

Executive Education

Executive Education

Managing Cyber Risk (is your business)

Richard A. Clarke & Robert K. Knake

Harvard Business Review

McKinsey

The Challenge

The Response

Managing Cyber Risk (is your business)

A Holistic View of Cyber Risk and the Technical, Business and Legal Strategies to Manage it

This one or two day synchronous, online workshop:

This holistic view of cyber risk empowers you to have a conversation with your Board and emphasize to all employees their role in protecting the company against cyber threats.

The Collaboration

The Lesley H. and William L. Collins College of Professional Studies

About e2 Collaborative

The Content

The Result

The Leaders

Suzanna Schmeelk, Ph.D.

Seth Rachlin, Ph.D.

You

The Experience

Technology

Community

Pedagogy

Managing Cyber Risk(is your business)

Contact Us

Managing Cyber Risk
(is your business)

Managing Cyber Risk
(is your business)