Artificial Intelligence in Cyber Security
COURSE OBJECTIVE
Advanced course on the use of artificial intelligence to strengthen the cybersecurity of banks. The XOI methodology for measuring cyber risk is briefly explained.
The global vision of CyberRisk, cyberattacks and losses suffered by financial institutions, methodologies and good practices on cybersecurity in business processes are exposed, and some technical standards for management and control are explained, such as NIST, Cobit 5. and ISO 27001.
Cyber Risk Appetite, Cyber Risk Limits and Cyber Risk Tolerance methodologies for the governance and control of Cyber Risk are exposed.
Traditional methodologies such as logistic regression and other, innovative, machine learning methodologies are exposed, such as: decision trees, naive bayes, KKN, LASSO logistic regression, random forest, neural networks, Bayesian networks, Support Vector Machines, gradient boosting tree, etc
The use of artificial intelligence and in particular machine learning and deep learning to strengthen cybersecurity is explained, advanced models are shown to detect anomalies, transactional fraud, phishing, cyber attacks, intrusions and malware.
There are four modules dedicated to advanced deep learning, that of convolved neural networks for facial recognition, the Generative Adversarial Network (GAN) to detect adverse attacks from machine learning algorithms, recurrent neural networks for the classification of CyberRisk events, and multilayer. perceptron for intrusion and anomaly detection.
The exercises have been developed in two powerful languages, Python and R, and are presented in the JupyterLab environment to enhance learning.
WHO SHOULD ATTEND?
This program is aimed at directors, managers, consultants, regulators, auditors and risk analysts, operational risks, cyber risks, as well as those professionals who are implementing cybersecurity measures. Professionals who work in banks, savings banks and all those companies that are exposed to cyber risks. Statistical and mathematical knowledge is required.
Price: 6.900 €
Schedules:
-
Europe: Mon-Fri, CEST 16-20 h
-
America: Mon-Fri, CDT 18-21 h
-
Asia: Mon-Fri, IST 18-21 h
Level: Advanced
Duration: 30 h
Material:
Presentations: PDF
Exersises: Python, Cython, R and Jupyterlab
AGENDA
Artificial Intelligence in Cyber Security
Modular Agenda
Cybersecurity in Basel III
Module 1: Cyber Resilience
-
Cyber risks in banking
-
CyberRisks in Latin America and Europe.
-
Cyber Resilience Standards and Guidelines
-
Case Study 1: Recent Regulatory Initiatives: Australia, Germany and the US Minimum Requirements
-
Cybergovernance
-
cybersecurity strategy
-
Management roles and responsibilities
-
Recognition of the importance of the board of directors and senior management
-
Variety of supervisory approaches regarding the second and third lines of defense (3LD)
-
Case Study 2: Roles and responsibilities of chief information officers (CISOs) in cyber governance
-
Cyber risk awareness culture
-
Architecture and standards
-
Cybersecurity Workforce
-
Case Study 3: Frameworks for professional cybersecurity training and certification programs
-
-
Risk management, testing, and incident response and recovery approaches
-
Methods for monitoring cyber resilience
-
Risk specialists assess information security management and controls
-
Jurisdictions are increasingly engaging with industry to address cyber resilience
-
-
Testing of information security controls and independent assurance
-
Mapping and classification of business services should inform testing and assurance
-
Penetration Test
-
Taxonomy of cyber risk controls
-
-
Response and recovery and exercise tests
-
Service continuity assessment, response and recovery plans, and continuous learning
-
Joint public-private exercise
-
Case Study 4: “Exercise Resilient Shield”
-
-
Cybersecurity and resilience metrics
-
Cybersecurity and resilience metrics
-
Emerging Resilience Indicators
-
-
-
Communication and information exchange
-
Overview of cross-jurisdictional information sharing frameworks
-
Sharing information between banks or peers
-
Case Study 5: FS-ISAC: key features and benefits
-
Sharing from banks to regulators
-
Sharing between regulators
-
Case Study 6 - Bilateral exchange of cybersecurity information between the Hong Kong Monetary Authority (HKMA) and the Monetary Authority of Singapore (MAS)
-
Module 2: Cyber Risks
-
Current Vision of Cyber Risk
-
identification of cyber risks
-
Malware and other threats
-
-
Cyber-Security in practice
-
Security Government
-
Risk management
-
Security politics
-
Safeguards Policy
-
Contingency Plans
-
-
Security Audits
-
Some Cyber risks
-
Exploit Kits
-
Information leakage
-
phishing
-
DDoS attack
-
internet of things
-
infrastructure attack
-
botnets
-
trojans
-
Advanced Malware
-
Ransomware
-
APT's
-
-
Avoidance, Acceptance, Mitigation or transfers of Cyber-Risks (Cyber-Insurance)
-
Incident Response
-
Legal Aspects of Incident Response
-
Computer forensics
-
Digital Compliance
-
Intelligence in Open Sources
-
Brand Defense. Intellectual Property Rights
-
Digital Reputation. Crisis Communication
-
Fraud and Online Identity Management
-
Computer Law and ICT's
-
Procedural Law and Human Rights in Cyber-Space
-
Penal responsibility of juridical persons
-
Cryptography and Authentication Systems
-
Industrial Cyber-Security (IT/OT)
-
Logic Cyber-Security
-
Assurance
-
Cyber risks in banking
-
financial robberies
-
Attacks on banking transactions
-
credit card theft
-
Wholesale Banking
-
Lazarus cyber attack on the SWIFT system
-
Bank resources allocated to cybersecurity
-
Cloud service provider (CSP)
-
Analysis of the main CSP providers
-
Analysis and duration of blackouts in the Cloud service
Module 3: Cyber Risk Management
-
Enterprise Risk Management in cyber risk
-
Involvement of senior management
-
Cybersecurity in business processes
-
Identification of:
-
Critical bank assets
-
critical business functions
-
Critical business partners: customers, suppliers, outsourcing
-
Critical data, critical connections
-
Main threats to the bank
-
Framework for Improving Critical Infrastructure Cybersecurity NIST
-
Main technical standards
-
NIST 800-53
-
Cobit 5
-
ISO 27001
-
-
Policies and control of cyber risk
-
Governance of Cyber Risk in practice
-
Lines of defense
-
risk analysis
-
Probability and impact maps
-
CyberRisk mitigation strategies
-
Identity and access management
-
data protection
-
Security analytics using machine learning
-
NIST CSF pillars
-
safety hygiene
-
Recovery time objective
-
Recovery point goal
-
SSDLC
-
Risk management of third-party technology
-
-
Security architecture
-
Cloud environment and mobile security
Module 4: Measuring Cyber Attacks using XOI Approach: Exposure, Occurrence and Impact
-
Exposure Definition
-
Selection of KRIs
-
Exposure modeling and conditioning
-
Definition of hypothesis
-
Modeling and conditioning of the occurrence
-
Occurrence quantification
-
Impact quantification
-
Types of indicators
-
Indicator predictability
-
Bayesian networks
-
The Bayesian Network Scenario Model
-
graphic interpretation
-
Simulation using Bayesian networks
-
XOI modeling for Cyber risks in banking
-
Cyber Risk Scenarios
-
Banking cyberattacks
-
Exercise 1: XOI modeling in cyberattacks using Bayesian networks in Python and R
Module 5: Cyber Risk Appetite
-
Principles of an effective Cyber Risk Appetite methodology
-
Definitions and analysis:
-
Risk appetite framework
-
Risk Appetite Statement
-
Risk Tolerance
-
Risk Capacity
-
Risk Profile
-
-
Establishment of Limits in Cyber Risk
-
Principles of Effectiveness of the Cyber Risk Appetite Statement
-
Establishment of Limits and Metrics in Cyber Risks
-
Establishment of risk limits and tolerance in CibeRiesgos
-
Incorporation of Cyber Risk Appetite in decision making, new products, new lines of business, etc.
-
Mitigation plans