Issuu on Google+

Bradburys GLOBAL RISK

Cyber / Information Security Training and Consultancy

COMMERCIAL IN CONFIDENCE


Bradburys GLOBAL RISK

CYBER / INFORMATION SECURITY TRAINING AND CONSULTANCY

1. PERSONAL CYBER SECURITY SURVIVAL 2. CYBER SECURITY ESSENTIALS FOR BUSINESS 3. INSIDER THREAT MANAGEMENT 4. NON-TECHNICAL CONSULTANCY 5. TECHNICAL ADVISORY

In order to ensure that our training and consulting services meet the client’s needs and expectations, it is crucial that a representative from B-GR’s Cyber Security Division, most logically the consultant writing and delivering the material, meets with the potential client in order to fully understand their specific requirements and associated threats. This will also allow the consultant to tailor the services, focusing on those areas that best meet the client’s needs and will also determine whether or not the client requires additional support in auditing an extant information security regime or advice in establishing a formal information security framework from scratch. A service contract including non-solicitation covenants will be entered into to safeguard the interests of all involved parties.


Bradburys GLOBAL RISK

1

PERSONAL CYBER SECURITY SURVIVAL

DURATION: One-day (six hours)

FORMAT: Classroom based lectures and practical technical surgery

AUDIENCE: This course is aimed at either non-technical individuals, or those with limited knowledge or understanding of cyber security. It is of limited use to IT or security professionals already experienced or qualified in this arena. The course content can be tailored depending on where the client operates, the sector and which threat actors are considered to be a risk.

DESCRIPTION: A one-day course consisting of four, one hour long presentations, appropriate refreshment breaks between each session, and a final Q&A session, totaling six hours. The delivery format is via PowerPoint slides and lecture-based, delivered in a classroom or conference room. Upper limit of audience numbers is 20 people. Handouts are available at the end of the day for delegates to take away.

OBJECTIVES: The objective of the course is to improve the audience’s awareness and understanding of cyber security across four elements including: 1. Describing the spectrum of threat actors, their capabilities, motivations and targets. 2. Describing the attack methodologies employed by cyber threats. 3. Describing how threat actors gather information to conduct their operations. 4. Describing a variety of mitigation measures that can be taken by the audience to improve their cyber security.


Bradburys GLOBAL RISK Parts 1-3 aim to last one hour each including time for questions. Part 4 will last approx 90 mins (depending on the client's risk profile, where they operate and the threats against them). A final Q&A session is an option should the audience desire.


Bradburys GLOBAL RISK

2

CYBER SECURITY ESSENTIALS FOR BUSINESS

DURATION: Five-days

FORMAT: Classroom based lectures and exercises

AUDIENCE: This course is aimed at client employees involved directly in the management and delivery of security, information technology and business continuity. Client employees working under the auspices of organisational CISO/CIO, Legal, IT or HR, and therefore directly involved in the delivery of security, information technology, personnel and business continuity. Also aimed at individuals who have had no formal training in this area (i.e. CISSP, CLAS, CISM, etc.). The course content can be tailored depending on where the client operates, the sector and which threat actors are considered to be a risk.

DESCRIPTION: A five-day course consisting of a series of presentations, appropriate refreshment breaks between each session, and a final Q&A session.

OBJECTIVES: The objectives of the course are to deliver training to employees in order to raise and improve awareness and to explain in some detail the essential requirements of an information security framework and to educate delegates in the essentials required to deliver a cyber/information security programme within their company. 1. Risk Management. 2. Information Security regime. 3. Education and awareness for employees. 4. Personnel security. 5. Asset management.


Bradburys GLOBAL RISK 6. Access control. 7. Physical and environmental control. 8. Information security incident management. 9. Supplier/business partner relationships. 10. Business continuity and resilience. 11. Compliance. 12. Cyber Threat Intelligence/Managed Security Services


Bradburys GLOBAL RISK

3

INSIDER THREAT MANAGEMENT

DURATION: Three-days

FORMAT: Classroom based lectures and exercises

AUDIENCE: Client employees / departmental leads directly involved in the delivery of an Insider Threat Management Programme (i.e. HR, security, legal, IT). The course content can be tailored depending on where the client operates, the sector and which threat actors are considered to be a risk.

DESCRIPTION: Part one: Day one: The Insider Threat - An Overview Audience: Client employees

OBJECTIVES: 1. What is the Insider Threat? 2. How can it damage the organisation? 3. What should we be looking for? 4. How do you mitigate against it? 5. Reporting/monitoring. 6. Legal issues.

Part two: Day two and three: Insider Threat Management Programme Audience: Client employees/departmental leads directly involved in the delivery of an Insider Threat Management Programme (i.e. HR, security, legal, IT). How to deliver an Insider Threat Management Programme Content: 1. Initial Planning 2. Identify Stakeholders


Bradburys GLOBAL RISK 3. Achieve & sustain leadership buy-in 4. Risk Management Process 5. Detailed Project Planning 6. Develop governance structure, policies, procedures 7. Comms, training and awareness 8. Establish detection indicators 9. Data and Tool requirements 10. Data fusion 11. Analysis and incident management 12. Management reporting


Bradburys GLOBAL RISK

4

NON TECHNICAL CONSULTANCY

Depending on client requirements (E.g. whether there is an established risk management regime or an information security programme), B-GR can deliver a series of follow up consulting tasks which may incorporate the following:

1. Design and development or review of Information Security/Personnel Security policies. 2. Review/audit of Information Security/Insider Threat programmes. 3. Conduct a Risk Review of organisation. 4. Design and develop a Risk Management policy. 5. Conduct a Risk Assessment of an organisation. 6. Review/audit of Risk Management regime – maturity model.

Additionally, non-technical services might include the conduct of a Digital Footprint Assessment of an organisation or individual in order to: 1. Demonstrate availability of personal information on internet. 2. Demonstrate how threat actors could use information against individual/company. 3. Identify potential security vulnerabilities and/or reputational concerns. 4. Explain mitigation measures.

Costs and duration of the above will vary dependent on the scale of the task and size of organisation.


Bradburys GLOBAL RISK

5

TECHNICAL ADVISORY

The range of technical advisory services may include: 1. Network security 2. Operation security 3. Incident Management 4. Monitoring systems and networks. 5. Establishment of Information Assurance / Security Programme

Costs and duration would be considerably greater given the level of detail required to be delved into and the size and scale of the organisation.


Bradburys GLOBAL RISK

Bradburys Global Risk is a Security Risk Management consultancy and Global Assistance partner. The company protects and enhances the brand identity and operating capabilities of some of the worlds most respected organisations and individuals. Our staff come from various backgrounds including the armed forces, intelligence sector, government, law enforcement, politics, finance, academia, media and law. OUR CORE AREAS OF EXPERTISE: 

Security & Protection

Crisis Management Support

Investigations & Due Diligence

Global Travel Risk Management

Consultancy & Advisory

Political, Operational & Country Risk

Cyber Security

Private Client Lifestyle Management

www.bradburys.co.uk


Cyber security traning and consultancy