Training for the Future

Cybersecurity and data risk management for financial managers

Course Code: CDRMFM

Dates: 11 Mar - 15 Mar | 24 Jun - 28 Jun | 11 Nov - 22 Nov


Duration: 1 Week /s

Duration: 1 Weeks


In an uncertain, complex world with increased risks from societal, environmental and
operational factors the role of a future ready Risk Manager is critical for any
successful business. Gain confidence and control with Hastings Business
Training. The programme is 10 intensive days (two weeks) that will challenge you to
think creatively about finance and risk; it will compel you to overturn existing
patterns; it will ultimately make you and your organisation more competitive and

Who Should Attend?

This short and practical programme is for those seeking to become a more complete
Risk Manager. Senior professionals with data, risk management and financial role
engaged with any aspect of risk management looking to blend technical skills,
quantitative research and intelligent risk strategies with newly developed financial
intuition to broaden their risk management abilities. Participants will be required to
have good quantitative skills.


Evaluate risk management frameworks and practices in an applied industry setting
Critically assess risk management reports and research
Identify the limitations and the positive role of risk management in real-life situations
Examine changes in risk management practices as a result of paradigm shifts in
global banking, insurance and asset management
Analyse the mechanism of corporate governance and its critical relationship to and
with risk
Be able to explain current governance best practices
Investigate the catalyst role that regulation currently plays in the markets

Course Overview

Risk Management
Foundations of Risk Measurement
Concepts and definitions related to Risk Management
Risk Management standards, frameworks and methodologies
Implementation of an Information Security Risk Management program
Risk analysis (identification and estimation)
Risk assessment
Risk treatment
Acceptance of Information Security Risks and Management of residual
Information Security Risk communication
Information Security Risk monitoring and review
Introduction to CRAMM (CCTA Risk Analysis and Management Method)
Introduction to EBIOS (Expression des Besoins et Identification des
Objectives de Sécurité)
Introduction to MEHARI (MÉthode Harmonisée d'Analyse de RIsques)
Introduction to OCTAVE (Operationally Critical Threat, Asset, and
Vulnerability Evaluation)

Cyber Security
The cybersecurity threat landscape; history and evolution;
Security surfaces; intelligence, case studies, trend analysis;
Actors in cyber security; governments, organisations, citizens, criminals;
The multidisciplinary nature of cyber security;
ISPs as intermediaries; DPI;
Principles of secure communications; digital signatures, PKI, encryption,
hashing. Cryptography; crypto-primitives and ciphers;
Introduction to biometrics;
Privacy and anonymity protocols;
Crowds, onion routing, ToR;
Data management - anonymisation and de-anonymisation;
Microsoft Security Risk Management

Market Risk Management
Market Risk Management
Overview of Market Risk Management
Risk measures for different asset classes
Portfolio Risk Measures
Value at Risk (VaR) and Expected Shortfall
Analytical VaR Models
Nonparametric VaR Models
Monte Carlo VaR Models
Modelling complex portfolios
Backtesting and stress testing
Risk measures beyond market risk

Risk Taking and Decision Making
The nature of decision-making and decision modelling
Structuring a decision
Decision models to handle uncertainty
Decision models to handle risk
Risk attitude and utility
Individual differences in risk taking
Group risk taking
Subjective judgments, heuristics and biases
Subjective probability elicitation
The role and value of information in improving decisions
Decision making in a competitive environment

Implementing Cyber Security
Frameworks for implementing cyber security
  • Cyber security standards, and best practices

  • Implementation of secure cryptography (ciphers, hashing, digital
    signatures, PKI)

  • Implementation of authentication (passwords and access control)

  • Posture assessment
  • Penetration testing

  • Web-based systems; OWASP

  • Vulnerabilities and exploitation

  • Security of database applications

  • Injection attacks, cross-site scripting

  • Network security
  • Network security monitoring (NSM) systems

  • Case study: The Domain Name System

  • Introduction to Malware detection and analysis

  • Denial of service attacks, detection and mitigation

  • Implications of pervasive passive monitoring for communicating

  • Book This Course Cancel Top of Page