Skill Development Workshop on Cybersecurity

“New Approaches to Assessing Cyber-Risk,
Responding to Incidents, and Raising Awareness”

Download workshop flyer here.

PROGRAM OVERVIEW:

This program examines key aspects of WEF and NIST frameworks for assessing and improving cybersecurity. Using case studies, the program builds on WEF/NIST principles focusing on risk evaluation, and guidelines for mitigating risks and improving incident response plans. Best practices and practical techniques for raising awareness of cybersecurity are addressed. The sessions will be led by renowned experts at the cutting edge of research and training in this field.

PROGRAM DATES: 13th– 15th, August 2015

REGISTRATION FEE (Early-Bird): US$985* (includes Workshop Fee of $290)
For further details and registration, see: http://amcis2015.aisnet.org/registration

LOCATION: El Conquistador Resort, Puerto Rico

CEUs: 1.0

* Registration includes attendance to AMCIS conference sessions and exhibits
   Non-AIS members incur an additional fee of $175 for AIS Professional membership

PROGRAM STRUCTURE: The Skill Development Workshop consists 4 sessions and 3 workshops (as follows). Attendees are also invited to attend the main AMCIS conference and social events.

Thursday, 13th August 2015

Session #1: Assessing Cyber-Risk using Emerging Frameworks

Workshop #1: Risk Evaluation Techniques using Case Studies

Session #2: Enhancing Incident Response Capabilities

Workshop #2: Incident Response Table Top Exercise (TTE)

AMCIS Welcome Reception

Friday, 14th August 2015

Session/Workshop #3: Raising Cybersecurity Awareness

AMCIS Keynote/Optional Workshop: Open Forum

Session #4: Information-sharing Challenges and Benefits

AMCIS Conference Dinner

Saturday, 15th August 2015

See AMCIS Conference Program from details.

CERTIFICATE OF COMPLETION

To receive a Certificate of Participation, attendees must actively participate in all the PD workshops and seminars.

The Certificate of Participation will be awarded by: The Center for Information Security Education (CISE), Kennesaw State University.

EARN CONTINUING EDUCATION UNITS (CEUs)

Participants who attend all the workshops and seminars in the SDW are eligible to receive 1.0 Continuing Education Unit (CEU). CEUs are a recognized means of recording non-credit educational experiences. They are awarded as evidence of competence and professional development and are accepted by many employers and professional associations.

One CEU = 10 hours of participation in an accredited program.


For more information contact:

David Croasdell, This email address is being protected from spambots. You need JavaScript enabled to view it.

Annette Mills, This email address is being protected from spambots. You need JavaScript enabled to view it.



SKILL DEVELOPMENT WORKSHOP ON CYBERSECURITY: MODULE DESCRIPTIONS


Thursday 13th, August 2015

Session #1: Assessing Cyber-Risk using Emerging Frameworks

Learning Objective: Familiarize participants with key concepts and application of NIST and WEF Frameworks.

On February 12, 2013, Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity” directed National Institute of Standards and Technology (NIST), in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks. On February 12, 2014, NIST released v1.0 of the “Framework for Improving Critical Infrastructure Cybersecurity.” On January 19, 2015, the Annual World Economic Forum (WEF) released “Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats” a framework for assessing "cyber value-at-risk."

The Core principles of the NIST Framework represents fundamental “cornerstones” for how an organization should incorporate cybersecurity practices: (1) identifying its most critical intellectual property and assets; (2) developing and implementing procedures to protect them; (3) having resources in place to timely identify a cybersecurity breach; and (4) having procedures in place to both respond to and (5) recover from a breach.

The WEF “cyber value-at-risk” approach aligns with the first core principle of the NIST Framework and proposes a methodology for attaching monetary and non-monetary value to cyber assets.

This session will review key elements of both the NIST and WEF frameworks, assess their applicability to participant’s cybersecurity programs, and will serve as a basis for subsequent workshop activities.

Workshop #1: Risk Evaluation Techniques using Case Studies

Learning Objective: Apply NIST and WEF Frameworks key concepts to risk evaluation using case studies.

This interactive workshop will use a series of case studies to apply the NIST and WEF Frameworks to perform a risk evaluation. Participants will identify Implementation Tiers and Profiles, and provide an assessment of risk based on the “value-at-risk” framework. Case studies will be selected and prepared to provide illustrative examples of key Framework concepts.

Session #2: Enhancing Incident Response Capabilities

Learning Objective: Examine incident response techniques and guidelines for developing incident response capabilities.

NIST core principles #3 “having resources in place to timely identify a cybersecurity breach”, #4 “having procedures in place to both respond to” and #5 “recover from a breach” highlights the need to prepare to respond to a cyber-incident. An effective cyber-incident response plan is a foundational element to any effective cybersecurity program ensuring an organization is prepared to act when a crisis arises. This session will focus on mitigating the risks from cybersecurity incidents by providing practical guidelines for responding to incidents and enhancing incident response capabilities.

Workshop #2: Incident Response Table Top Exercise (TTE)

Learning Objective: The practical application of incident response techniques in an interactive exercise.

The Incident Response TTE workshop will use a discussion-based exercise to identify roles during an incident and consider responses to a particular scenarios or situations. Participants will realistically “talk through” the critical functions during an incident response scenario. The TTE will help participants become more aware of possible weaknesses and gaps in their own incident response plans.

Friday 14th, August 2015

Session/Workshop #3: Raising Cybersecurity Awareness

Learning Objective: Examine and cybersecurity awareness development techniques that can be applied in participants organizations.

This session/workshop aims to provide some tools for developing a corporate cybersecurity awareness program. Participants will take part in small group interaction via an innovative threat identification game, and other interactive program elements. A complementary handbook will be provided to each participant, as well as resources on how to develop cybersecurity awareness programs in their own organizations. In addition, participants will learn about best practices and techniques that can be implemented in their companies to raise cybersecurity awareness.

Session #4: Information-sharing Challenges and Benefits

Learning Objective: Understand the benefits and challenges associated with enhancing information-sharing programs.

Recognized as one of the critical deficiencies in current cybersecurity capabilities, information-sharing is in need of significant improvement. There are many benefits associated with improved information-sharing, and many challenges that prevent or inhibit effective information-sharing. This session will examine the current state, benefits and challenges of information-sharing.

Optional Workshop: Open Forum
An optional workshop (to be determined based on level of interest) will be available to participants to provide an open forum to discuss cybersecurity issues outside of the scope of the program. This Q&A style session will help identify additional areas of interest and foster an open dialogue with participants.

Saturday 15th, August 2015

See AMCIS Conference Program from details: http://amcis2015.aisnet.org/schedule-of-events

PROGRAMFACILITATORS:

 

 1

Herbert J. Mattord, Kennesaw State University, This email address is being protected from spambots. You need JavaScript enabled to view it.

 2

Michelle M. Ramim, Middle Georgia State College, This email address is being protected from spambots. You need JavaScript enabled to view it.

 3

James R. Elste, Cognitive Extension, Inc., This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

 

 

WHY THE AMCIS SKILL DEVELOPMENT WORKSHOPS?

AMCIS Skill Development Workshops offer a unique opportunity to engage in practitioner forums on key topics (e.g. Cybersecurity, Big Data), and network with thought-leaders at the cutting edge of IS research and practice in their respective fields of specialisation. AMCIS is one of two preeminent IS conferences associated with the Association of Information Systems (AIS). With over 3500 members across 99 countries, the AIS aims to advance knowledge and promote excellence in practice and study of Information Systems (IS), and is the premier association of individuals and organisations who lead in research, teaching, practice and study of IS worldwide.