Educational security training for Executive Management and Board of Directors

261

Sector: Energy
Area of expertise: Cyber Security
Service area: Cascading Strategy

THE SITUATION

The Chief Information Security Officer (CISO) of a leading, global energy company had been invited to facilitate two half-day educational sessions for the Executive Management team and Board of Directors, respectively.

Kopenhagen Konsulting was engaged to scope, plan, and develop the material for the educational sessions. The objective of the sessions was to enhance the foundational and sector-specific cyber security knowledge of the members of both the Executive Management team and Board of Directors.

WHAT WE DID

Kopenhagen Konsulting led the development process in close collaboration with the CISO, the direct management team, and Subject Matter Experts. The educational sessions were structured to ensure that the audience received both foundational and sector-specific insights into the cyber security domain and the specific risks to the company. Consequently, several subjects and data points were analyzed by Kopenhagen Konsulting to develop material that covered the following subjects:

  1. State of the nation for cyber-crime and cyber security
  2. Governmental perspectives on the growing threat to critical infrastructure
  3. Threat landscape for the energy sector
  4. A view from the cyber security frontlines on incident response
  5. Cyber- and information security capabilities, organization and strategy required to manage the risk
  6. Preparing for the worst-case scenario and cyber crisis response
  7. Personal advice for the Executive Management team and Board of Directors

The sessions were designed to be highly engaging for the senior leadership audience. This was ensured by applying several dynamic elements throughout the sessions, which among other included:

  • Dilemmas focused on the intersection between business, digitalization, risk management and cyber security for the audience to discuss
  • Guest speakers representing the national and governmental perspectives on cyber threats, as well as leading industry experts within threat intelligence and incident response
  • Walkthrough of recent and relevant internal and external security incidents with highlights of key learnings and potential impacts
  • Live demonstration of hacking by the internal Security Operations Center team
  • A cyber security perspective on the corporate strategy and the core capabilities of the company

The material was prepared, discussed, and rehearsed with the CISO prior to the educational sessions, which were facilitated and presented by the CISO to the two management groups.

THE OUTCOME

The educational sessions were well-received by both the Executive Management team and Board of Directors, where several members expressed gratitude for the in-depth and sector specific knowledge, which not only raised their general awareness of the cyber security domain and risk, but also exemplified the complexity of the task at hand in safeguarding a global company.

In addition, the educational sessions resulted in requests from executive leadership to have cyber- and information security on the management agenda more often going forward, and to commence initiatives for further business resilience related to business continuity management and crisis response.