Shielding Your Portfolio: Strategies for Surviving a Cyber Attack for Investment Professionals

.

In today's digital age, the risk of cyber threats is ever-present, and it is crucial for investment professionals to be vigilant and prepared. Your business holds a vast amount of confidential and sensitive information, which makes you a prime target for cybercriminals. As members of the IA, you have a responsibility to protect your clients' assets and information, and investing in cybersecurity training is a critical step in ensuring that your firm remains secure.

That is why we are pleased to offer you the "Shielding Your Portfolio: Strategies for Surviving a Cyber Attack for Investment Professionals” training course. This course is specifically designed for IA members, and it covers the essential cybersecurity fundamentals, risk management, data privacy, and incident response strategies you need to keep your business safe from cyber threats.

Key Learning Objectives:

By attending this course, you will learn:

• How to respond effectively to cyber incidents
• How to minimise the fallout and associated costs
• What advanced preparation you can do to make that response easier
• Which cybersecurity controls to apply, for your needs and means

13.00 Opening of Registration

13.10 - Game: Information Management Fails

The first activity of the course is a game designed to highlight common mistakes in information management that can lead to cybersecurity vulnerabilities. Through this game, attendees will learn crisis management and how to respond to highly technical attacks despite not having a highly technical background.

13.55 - Lecture: How to Prioritise Crisis Management in Technology Risk

After the first activity, the course will move on to a lecture that highlights the lessons from the game. Major points covered will be:

• How to Respond to an Incident
• How to Prepare your Response
• What Controls to Put in Place

14.25 - Activity: Cards Against Incident Response

The second activity of the course is a game called "Cards Against Incident Response." It is a team-based activity that will challenge attendees to think critically about different scenarios related to incident response and recovery. Through this game, attendees will learn about different approaches to incident response, best practices, and common mistakes to avoid. This activity emphasises the importance of incident response planning and reinforces the key concepts introduced in the previous lecture.

15.10- Lecture: Surviving a Cyber Attack

The second lecture of the course will focus on best practices for incident response. Attendees will learn about the importance of data classification, data retention, incident response planning, and communication strategies. They will also learn about the latest trends in cybersecurity threats and how to mitigate them. The lecture will emphasise the importance of protecting their clients' assets and information and the potential consequences of a cyber attack.

15.40 - Exercise: Building the Ideal Incident Response Framework

The fourth activity of the course is an exercise designed to give attendees a practical understanding of the challenges involved in creating and implementing an effective incident response framework. Attendees will work together to identify the key elements of an ideal incident response framework, including incident detection, response, containment, and recovery. Through this exercise, attendees will gain a deeper understanding of incident response best practices and how to apply them to their organisations.

16.10 - Closing Remarks and Feedback

The course will conclude with a closing session that allows attendees to ask questions, provide feedback, and discuss the key takeaways from the course. The session will provide attendees with an opportunity to reflect on what they have learned and how they can apply their knowledge and skills to their organisations.

16.30 END

• Directors at Investment Firms
• Compliance Officers
• Risk Managers
• Information Security Officers
• IT Professionals
• Operations Managers
• Legal Counsel
• Chief Information Security Officers (CISOs)
• Chief Risk Officers (CROs)
• Chief Compliance Officers (CCOs)

The course is suitable for both seasoned professionals and those who are new to the industry. It is particularly relevant for those who work in firms deal with sensitive financial information. Regardless of your job title, if you are responsible for ensuring that your firm's information and assets are secure, this course is essential for you to attend.

Geoff Leeming, Co-Founder, Pragma

Geoff has over 30 years of experience in cyber security, having led audit and security teams for multinational companies and advised clients at Pragma. Prior to Pragma, he worked at Credit Suisse, Barclays Capital, and Royal Bank of Scotland, managing regional and global teams in Security Engineering, Technology Risk, and Information Security. Geoff has also conducted multinational fraud investigations, network security incident response engagements, and compliance audits across various industries. He specializes in operational risk areas, such as cryptography, network security, data analysis, and control process design.

Geoff holds a Master’s degree in information security and is a certified Cloud Architect. He is a frequent speaker at operational risk conferences in Asia and has research interests in cloud security, FinTech security, and maritime cyber security.

Mark Bird, Head of Incident Response, Pragma

Mark brings a wealth of experience and expertise to his role as the leader of Pragma UK's incident response division. With seventeen years of experience in UK law enforcement, including five years as a Detective on the West Midlands Regional Organised Crime Unit Cyber Crime team, Mark has led numerous successful investigations resulting in the convictions of many highly sophisticated attackers. His extensive background in law enforcement and cybercrime investigations has equipped him with the technical knowledge and skills needed to navigate complex cyber threats.

After leaving law enforcement in 2019, Mark transitioned into the private sector, focusing on incident response in the UK area. In this capacity, he has investigated a wide range of incidents, including cases involving sophisticated ransomware infections in large multinational companies. Mark's ability to prepare detailed technical reports and provide compelling witness evidence in UK court cases demonstrates his expertise in clear communication and attention to detail. His combination of law enforcement experience and private sector incident response work makes him a valuable leader in Pragma UK's incident response division, ensuring that clients receive top-notch expertise and support in managing and mitigating cyber threats.

IA Member £395.00 +VAT
Non-Member £545.00 +VAT

Pay using a credit card online, or if you wish to be invoiced please email your full details to: Training@theia.org

PLEASE NOTE: Full payment for the course must be made prior to the course commencement date.

• Any cancellation must be made in writing.
• For all cancellation received 15-30 days prior to the course start date, 50% of the course fee is still payable.
• No refund is given for a cancellation made 14 days or less prior to the commencement of a course.
• Transferring from one course to another is treated as a cancellation. You can substitute one delegate for another at no additional cost. In this instance, please give two business days’ notice.

Hybrid Training Courses:

Hybrid deliveries of our training allows participants on our courses the option to attend in-person here from our offices at Camomile Court, or you can attend virtually via MS Teams.

Please be advised a training course could change from hybrid delivery to solely virtual delivery. In such an event, we will inform delegates at least one week prior to the course delivery date.

There are a limited number of in-person spaces available on this course and this will be allocated on a first come first served basis.