Cyber Emergency Management (CEM) Lead Implementer

This five-day course provides an overview to the structure of a Cyber Emergency Management System (CEM) based on ISO/IEC 27001 and associated guidance standards of the ISO/IEC 27k family, ISO 22301, NIST SP 800, MITRE ATT&CK, and how to implement this method in an organisation to build up an effective framework for handling Cyber Incidents.

Overview:
The CEM method is a combination of security incident, incident response, emergency, and crisis management. It focuses on cyber threat situations, is modern by applying current standards and best practice and is modular through defined products and processes. The CEM method leads to a functioning and effective cyber defense, implementing only necessary and effective defense measures and thereby reducing the organization’s costs for implementation as well as for possible damage.

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Cyber Emergency Management System.

Participants will also gain a thorough understanding of best practices used to implement cyber emergency processes from the CEM method.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline:
Introduction Cyber Emergency Management Method
Normative, Regulatory and Legal Framework
Information Security Risk and Incident Management
Business and IT-Service Continuity Management
Further Standards, Frameworks and Best Practices Used
Planning and Initiating the CEM Implementation
Gap Analysis, Business Case and Project Plan
Risk Management
Emergency Organisation, Processes and Operations
Implementing the CEM
Implementation of a Cyber Risk Management Framework
Implementation of an Emergency Organisation
Implementation of Emergency Processes and Procedures
Implementation of Emergency Operations
Performance Evaluation and Improving the CEM
Monitoring the CEM with Metrics, Key Performance Indicators (KPI)
Identify Vulnerabilities and Define Corrective Measures
Implementation of a Continual Improvement Program

Objectives:
Completion of this course will enable students to:
Understand the principles of a CEM, including the relationship between its components, e.g. risk management, organisation, processes and operations
Apply concepts, approaches, standards, methods and techniques for the effective operation of a CEM
Advise organisations on CEM best practices
Manage teams implementing the CEM method

Audience:
This course is aimed at students with (future) roles like:

Information Security Risk Management
Information Security Incident Management
Business Continuity Management
IT-Service Continuity Management
(IT) Professionals moving into Incident Response, Business Continuity or ITSCM operation
CxO and senior managers with responsibility for Information Security, Business Continuity and / or Emergency Management

Prerequisites:
General understanding of common business processes and procedures, the required standards and frameworks.

Some exposure to Information Security, Risk Management, Business Continuity, Emergency Management, Security Incident Management, Incident Response are helpful, but not required.

Examination and Certification:
This course is designed by zeroBS in Germany, a leading company in DDoS testing and protection and focussed on security operation and -architecture.

Attendees will receive a certificate of completion.