OVERVIEW
Defence Cyber Regulatory Controls as a requirement and a strategic advantage. This seminar will look at the current cyber threat environment and provide an understanding of how and why the cyber environment is like it is. It will cover impacts relevant to SMEs.
WHO SHOULD ATTEND
- Those entering the market and wanting to know more about it.
KEY DETAILS
Mode
Virtual
SEMINAR STRUCTURE
- Virtual workshops x 6
- Podcasts x 1
Duration
6 weeks
WHAT TOPICS WILL BE COVERED?
This virtual workshop bundle is intended to provide participants with an introductory understanding of cybersecurity from a defence supply chain perspective.
Importantly, it will highlight the many differences between the commercially applicable regulatory environment compared to the regulatory frameworks deemed necessary in supporting defence.
Participants will be provided with case studies that support and highlight the more important aspects of cybersecurity. These case studies will be pertinent to the threat environment that is predominant in the supply chain.
Participants will be provided with strategies and tools to immediately apply in their workplaces at no cost.
Due to the complex nature of the information to be presented, it has been decided to proceed with a ‘flipped-classroom’ model.
In this model, participants are given materials to familiarise themselves with before each session. During the session, participants will be led deeper into that material, to gain a better understanding, along with insights on how they may utilise this knowledge.
At the end of the session, participants will have access to post-session materials that will enable them to actively apply the insights they’ve gained during the session.
It’s expected that participants can immediately apply session insights to securing their enterprises. They will also gain insights they may immediately apply to their own personal security.
EXPECTED OUTCOMES
- An understanding of the threat environment faced in the supply chain, both in terms of the threat nature and the unique intentions driving the threat-actors
- An understanding of the geopolitical nature of the threat environment
- A conceptual framework employable in their lives/workplaces to better adapt to cybersecurity threats
- Three case studies that typify how threat actors can effect massive disruption and the consequent outcomes for the victims
- An understanding of how defence regulations are different to commercial regulations, particularly with regard to the imminent changes that are being driven in some of our major allies supply-chains
- An understanding of the intent behind the most common regulations they’re likely to encounter
- Discussions on DISP and US-DOD’s CMMC regulations as provocative starting points in hardening their organisations against threat-actors
- An insight into the nature of cyber risk in the supply chain:
- How the defence definition is different from common vernacular definitions
- How it applies to what they do
- Who their opponents are and how those actors ‘play the game’:
- Methods for protecting credentials
- Educational materials on social engineering
- Significantly raise their defences against personal/organisational email compromise and credential theft
- Increased awareness of the fundamental coercions used in social engineering
- Ability to employ tactics to limit the impact of surveillance
- Capitalism on the personal and professional digital footprint
- Ability to design, customise and review basic security roadmaps for themselves and their organisations
- Ability to de-link their various online personas and identities to make data harvesting more difficult
SEMINAR MODULE OUTLINES
TIMING
On Demand
LEARNING MODULE
- Introduction to seminar and facilitator
- Description of seminar bundle incl learning outcomes
FORMAT
Podcast
EST. TIME TO COMPLETE
30mins
TIMING
Week 1
LEARNING MODULE
Our first workshop will give participants a background into the why and how of cyber, addressing why this subject is so very important.
- The Rise of Supply-Chain Cyber Security - Introduce participants to the forces driving focus on Cyber…and why they matter
- Changed Strategic Imperatives - Provide an overview of the strategic reality driving the threat environment
- Cyber Security, People And Game Theory - Discuss the role of human behaviour in cyber security
- Visit the theoretical “Event Zero” that triggered change
FORMAT
Virtual Workshop
EST. TIME TO COMPLETE
30min bump in, 60mins, plus 30mins optional chat room participation
TIMING
Week 2
LEARNING MODULE
Regulatory Frameworks can be confusing. In this session, we’ll take some time to examine the essential goals of regulation to understand its importance…and the resulting opportunities.
- The (Evolving) Regulatory Environment - a dive into the specific frameworks guiding cyber
- Defence Regulatory Goals – What are frameworks trying to achieve?
- Regulatory and Non Regulatory Frameworks in
FORMAT
Virtual Workshop
EST. TIME TO COMPLETE
30min bump in, 60mins, plus 30mins optional chat room participation
TIMING
Week 3
LEARNING MODULE
Everybody knows what risk is, right? Wrong. This week we’ll look at risk as it is measured in the supply chain…and how to reduce it.
- “Risk” In The Supply Chain – Defence Industry Risk Definition
- The Cyber Risk Environment – Who are the opponents, what do threats look like?
- Internal Threats – not all of the bad guys are outside the business!
FORMAT
Virtual Workshop
EST. TIME TO COMPLETE
30min bump in, 60mins, plus 30mins optional chat room participation
TIMING
Week 4
LEARNING MODULE
Data breaches keep growing every year. In this session we’ll tackle some of the simple ways to reduce our exposure.
- Why Breaches Keep Happening – no…it really is you…and how you think.
- Compromised Credentials – how we leave the front door wide open for attackers.
- Email As An Attack Vector – Email is the oldest attack vector, and it shows. Here’s how to strengthen defences against it.
- Social Engineering – cyber security isn’t a technology problem, it’s a people problem.
- Multi-Factor Authentication – what it is and why you should use it.
- Passwordless Authentication – the latest technology.
FORMAT
Virtual Workshop
EST. TIME TO COMPLETE
30mins bump in, 60mins, plus 30mins optional chat room participation
TIMING
Week 5
LEARNING MODULE
This week’s topics address some inevitable consequences of living in a connected world. Each of these threats need to be considered in light of how they might be used to compromise staff and the programs they contribute to.
- Identity Theft – the inevitable consequence is compromise to the supply chain
- Tech Giant Business Models – you’re the product…but who’s buying?
- Surveillance Capitalism – has collected around a gigabyte of behavioural data on each of us…enough for psychometric profiling.
- Deep Fakes – the latest assault on reality, have consequences for warping reality, recruiting and Insider Threats.
- Compromising Privacy – to be observed in all things is to be constantly under threat of influence campaigns designed to compromise.
- Mosaic Intelligence Gathering – sits at the centre of certain Foreign Intelligence activity. We will examine how each of the previous topics contributes to Mosaic Intelligence operations
FORMAT
Virtual Workshop
EST. TIME TO COMPLETE
30mins bump in, 60mins, plus 30mins optional chat room participation
TIMING
Week 6
LEARNING MODULE
In this last session, we’ll look at how to bring together all of the elements we’ve discussed
- Creating A Security Culture In Your Organisation – cyber security is not a technology problem…it’s a ‘people’ problem. Fixing it requires learning to work with people.
- Identifying Risk – before you can fix it, you need to know what’s broke. Correctly identify your risks, then apply fixes.
- Maintaining Cyber Posture – as we’ve learned, cyber is an infinite game. Build tools and training to support long-term change.
FORMAT
Virtual Workshop
EST. TIME TO COMPLETE
30mins bump in, 60mins, plus 30mins optional chat room participation
TOTAL COURSE DURATION
12.5 hours instruction
FACILITATORS
Ray Harvey is the Internal Threat Business Development Manager for Cider House ICT, a Goal Group member. Ray is passionate about ensuring that Australian businesses are protecting themselves from evolving cyber threats and are as competitive as they can be in the competitive Defence market.
COURSE SCHEDULE
EOI cut-off: 27 December
Successful applicants notified: 28 December - 4 January
Course joining instructions issued: 4 January
Course timing: 18 January – 22 February 2022 – Weekly 1-hour workshops on a Tuesday / Time TBC.
The Defence Ready Seminar Series is being delivered thanks to funding and collaboration with the Centre for Defence Industry Capability (CDIC) and, for each seminar, forty (40) funded places are being made available to SMEs.
The Defence Department has set very clear guidance around the criteria for access to one of the forty funded places within each of the thirteen courses, and priority will be given to Hunter and regional-NSW based SMEs, building capability to potentially partner on Defence projects in the future.
With the full seminar series rolling out over the next twelve-months, Hunter Defence will be scheduling ongoing communications as each course gets close to commencing. If your organisation has been successful in achieving a funded place in one of these courses, Hunter Defence will let you know three (3) weeks before your selected seminars(s) of interest are due to start.
STAY INFORMED.
Sign up to our Hunter Defence mailing list to learn about all upcoming events and industry updates.
