Keep safe - ICT and ICT Security First Steps

Prepare and organise your ICT Security Policy

Training Session

Monday
Oct 16, 2023
2:00 PM

To

Monday
Oct 16, 2023
6:00 PM
Where?
41 A, Avenue John F. Kennedy
L-2082 Luxembourg
Who?
Speakers

Context

Information and Communication Technologies (ICT) security refers to the relevant measures, controls and procedures set up by a company in order to ensure integrity, confidentiality and availability of their data and ICT systems.

The European Banking Authority has published guidelines establishing requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their ICT risks in order to ensure a consistent approach across the European Union. 

 

Objective

At the end of the training session, you will be able to understand important ICT and ICT security concepts and methodologies necessary to prepare and organize your regulated company’s compliance with applicable regulatory requirements in the field of ICT.

 

Content

  1. Regulatory introduction
    • Main relevant regulatory sources
    • IT hot topics based on our practical experience of CSSF feedbacks
  1. Basics of IT
    • IT infrastructure main concepts
      • On Premise vs Cloud
      • Cloud IT infrastructure (IaaS; PaaS, SaaS, etc)
      • VM vs Container
    • IT networks main concepts
      • Introduction to the OSI model
      • Demystification of the 7 layers: router, lan, http, IP, DNS …
    • IT storage main concepts
      • Databases
      • Data Lake & Data warehouses
      • ETL and ELT

 

  1. Basics of IT Security
    • ICT risk and security objectives
    • Definition of ICT risk
    • Social engineering and phishing
    • Protection measures
    • Authentication and password, security of mobile devices, remote working and cloud security

 

  1. Basics of IT project governance & IT frameworks
    • ITIL (IT Service Management) in a nutshell: services IT and best practices.
    • IT project methodologies (e.g. Waterfall & Agile)
      • Principles
      • Main differences
      • implementation
    • Main functions linked to IT activities:
      • Business & Functional analysis
      • IT Developers
      • Testers
      • DevSecOps engineer
  1. IT security audit / assessment: how to conduct a security assessment:
    • Asset inventory
    • CIA criteria
    • Vulnerability and threat definition
    • Risk treatment

 

Speakers

Bénédicte d’Allard, Senior Manager, Arendt Regulatory & Consulting

Giuliano Infantino Senior Manager, Arendt Regulatory & Consulting

Omar Derrouazi, Cyber Security Advisory Leader, Arendt & Medernach

 

Target Group

  • Members of governing/management bodies of regulated entities
  • Compliance officers
  • Other employees

Duration

4h

Language

English

Price 

550 €

Related Content

Bénédicte d’Allard
Senior Manager

Regulatory Consulting

Giuliano Infantino
Senior Manager

Regulatory Consulting