Enterprise Cybersecurity in Digital Business Level III - Course & Certification

You will get a certification in Enterprise Cybersecurity in Digital Business Basic Program from Seton Hall University.

• Internet access
• Mobile phone for two-factor authentication

All labs in this course are focused on using our browser. We recommend Edge or Google Chrome.

• Hands-on lab for cyber risk quantification
• Weekly chats with the chair to ask any questions
• Dedicated program manager to assist with technical issues
• Electronic courseware containing the entire course content
• Course books – available for purchase
• Access to repeatable interactive hands-on labs
• MP3 audio files of the complete course lecture

Module 1: Cyber Risk Management

Module Description

Cyber risk has mystified organizations for the past decade. Many companies do a vulnerability assessment and call it a risk assessment. A vulnerability assessment is an assessment of weaknesses in systems, it is not a risk assessment. Insurance companies gather lawsuit data and call that risk. Lawsuit data is based on incidents. Incidents have a 100% probability and are not risk. Some look at data from the deep and dark web and call spam propagation and botnets risk. They are threats.

This course is based on three years of research with the Fortune 1000 and cyber insurance industry to understand why companies struggle to be cyber resilient. They are looking at the wrong data to make strategic decisions with long term consequences regarding budget, insurance, and cyber tools. Cyber risk is measured with two metrics – exposures and scores using impact and likelihood data. This module provides students that ability to quantify cyber exposures and measure cyber risk scores. It demonstrates the use cases for cyber exposures including crown jewel asset strategies, identification of hidden exposures, vendor exposures, calculation cyber insurance limits and sub-limits, and M&A due diligence.

Students learn how to measure inherent cyber risk, residual cyber risk and the effectiveness of cybersecurity controls and its relationship to risk mitigation. Demonstration of use cases including identifying gaps in the organizations’ cybersecurity program and their vendors programs.

Risk modeling is taught to quantify:

• Data Exfiltration
• Business Interruption from Ransomware
• Business Interruption from DoS
• Regulatory Exposures

This course examines the relationships between inherent risk, security assessments and residual risk and offers strategies to prioritize remediation work. Risk modeling techniques are taught to measure inherent and residual cyber risks based on the digital asset characteristics, how it is used and protected.

 

Module Grade

Each student is expected to satisfy the following requirements:

• Quizzes (30%)
• Policy Assignment (20%)
• Risk Modeling Assignment (50%)

Module 2: Cyber in the Boardroom and Cybersecurity Strategies

Module Description

Cybersecurity has been treated as an IT issue with dismal results. Cyber risk is owned by the board of directors and senior executives. They have the fiduciary duty to protect the digital assets. Effective strategies require the understanding of cyber maturity and useful metrics that are digestible to the risk owners. This module provides students the ability to measure cybersecurity maturity across over 20 different organizational attributes and map them to five categories: Unaware, Tactical, Focused, Strategic and Pervasive.

The module focuses students on how to create an effective and resilient strategy using people, process and tools. Students learn how to translate cyber risk metrics into actionable boardroom strategies to optimize cyber resilience. These include four major areas:

Protecting the digital assets

• What are our most valuable digital assets? Which ones are crown jewels?
• How much financial exposure do we have related to a data breach, ransomware, business interruption and regulatory loss?
• How much hidden exposure do we have?
• How do the digital assets compare in terms of their cyber risk?
• Which digital assets are above their risk thresholds? By how much and why?
• How effective is our cyber program?
• What are the gaps in our cyber program?
• What initiatives should we prioritize to lower risk?
• Do we have enough cyber budget?
• Do we have enough resources and how do we prioritize them?

Cyber Risk Transference

• Do we have enough cyber insurance?
• How much do we need exactly?
• Are our sub-limits on ransomware, business interruption and regulatory loss enough?
• What is our ransomware strategy?

Vendor Cyber Risk

• What relationships do we have with vendors associated to our digital assets?
• How much financial exposure and cyber risk do we have with these third-parties? How can we reduce it?
• How effective are the vendors’ cyber controls?

M&A Cyber Risk

• We are planning to sell the company – how does our cyber resiliency impact our acquisition price?
• We are planning to buy a company – what financial exposure will we inherit? How effective is their cyber program?

 

Module Grade

Each student is expected to satisfy the following requirements:

• Quizzes (50%)
• Maturity Assignment (50%)