Cyber Risk - 1st Advanced training week

Dates

27/02/2023 - 02/03/2023

Location

Florence

Approach

Regulatory

Delivery mode

Residential

Course materials

The advanced course on cyber risk is developed within the EU Supervisory Digital Finance Academy (EU- SDFA) organised by the European University Institute (EUI) – Florence School of Banking and Finance together with the European Commission (DG REFORM and DG FISMA) and the European Supervisory Authorities (EBA, EIOPA and ESMA). The advanced courses delve deeper into the topics covered in the EU-SDFA foundational training weeks, applying a holistic and cross-sectoral approach which covers banking/payments, insurance, and securities. Moreover, the advanced courses reflect the current supervisory needs flagged to EU-SDFA’s partners by beneficiary National Competent Authorities (NCAs).
The advanced course on cyber risk generally deals with cyber risk management, exploring different approaches and focusing on supervising strategies to assess and mitigate cyber risk. There are indeed multiple dimensions of cyber risk: cyber risk of financial entities and cyber risk of network and information systems. In addition to the EU dimension, there are national as well as global dimensions of cyber risk.
The advanced course on cyber risk (through presentations, interactive presentations, classroom discussions, and panel discussions) deals with the main developments in the cyber threat landscape; development and implementation of cyber resilience strategies; ICT risk management; ICT-related incident management, classification and reporting; cyber testing; management of risks related to the use of third-party providers; public-private partnerships and information sharing; how cyber incidents can become systemic, and what approaches can be taken to address systemic risk. The final panel discusses future prospects, exploring whether innovative technology could increase or decrease cyber risk. Group activities, followed by interactive discussions with the instructors, engage participants in the solutions to problems, providing them with the opportunity to share their knowledge, skills and understanding. Group activities allow participants to benefit from cooperative learning and evaluation.

“Sufficiently balanced and well-organized course which is useful for both the experts dealing with cyber risk agenda as well as for the ones keen to acquire a deeper understanding of this area, related challenges and get access to the useful channel for future self-development.”

Karel Bartak

CNB - Ceska Narodni Banka (Czech National Bank)

Describe the different approaches to the regulation of cyber risk and their main objectives.
Compare different approaches to the regulation of cyber risk.
Analyze and critically assess different rules on cyber risk management.
Identify, within the different approaches, the main principles for the regulation of cyber risk.
Interpret and implement in a certain context the main principles for the regulation of cyber risk.
Produce documents based on the main principles for the regulation of cyber risk.

Session 1 – Introduction: Multiple dimensions of cyber risk
Session 2 – Presentation: Cyber threat landscape and outlook
Session 3 – Presentation: Developing and implementing a cyber resilience strategy for the financial sector
Session 4 – Interactive presentation and classroom discussion: ICT risk management
Session 5 – Interactive presentation and classroom discussion: ICT-related incident management classification and reporting
Session 6 – Presentation: Cyber testing – Threat intelligence based ethical red-teaming – how and why
Session 7 – Group activity: Developing a set of core principles for ICT and security risk management
Session 8 – (continued). Interactive discussion: Presentation of the outcomes of the Group activity
Session 9 – Panel discussion: Third-party providers’ oversight
Session 10 – Presentation: How to design public-private partnerships and building trust: information sharing arrangements
Session 11 – Panel discussion: Can cyber incidents become systemic and what approaches can be taken to address systemic risk?
Session 12 – Group activity: Building a cyber strategy for the financial sector of a fictitious country
Session 13 – (continued). Interactive discussion: Presentation of the cyber strategy for the financial sector a fictitious country
Session 14 – Panel discussion: Looking to future, is innovative technology increasing cyber risk or decreasing it?
Session 15 – Wrap-up

General experience in banking and finance
A prior exposure to cyber risk would be an asset

Cyber Risk – 1st Advanced training week