Keep safe - ICT and ICT Security First Steps

Prepare and organise your ICT Security Policy

Training Session

Oct 16, 2023
2:00 PM


Oct 16, 2023
6:00 PM
41 A, Avenue John F. Kennedy
L-2082 Luxembourg


Information and Communication Technologies (ICT) security refers to the relevant measures, controls and procedures set up by a company in order to ensure integrity, confidentiality and availability of their data and ICT systems.

The European Banking Authority has published guidelines establishing requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their ICT risks in order to ensure a consistent approach across the European Union. 



At the end of the training session, you will be able to understand important ICT and ICT security concepts and methodologies necessary to prepare and organize your regulated company’s compliance with applicable regulatory requirements in the field of ICT.



  1. Regulatory introduction
    • Main relevant regulatory sources
    • IT hot topics based on our practical experience of CSSF feedbacks
  1. Basics of IT
    • IT infrastructure main concepts
      • On Premise vs Cloud
      • Cloud IT infrastructure (IaaS; PaaS, SaaS, etc)
      • VM vs Container
    • IT networks main concepts
      • Introduction to the OSI model
      • Demystification of the 7 layers: router, lan, http, IP, DNS …
    • IT storage main concepts
      • Databases
      • Data Lake & Data warehouses
      • ETL and ELT


  1. Basics of IT Security
    • ICT risk and security objectives
    • Definition of ICT risk
    • Social engineering and phishing
    • Protection measures
    • Authentication and password, security of mobile devices, remote working and cloud security


  1. Basics of IT project governance & IT frameworks
    • ITIL (IT Service Management) in a nutshell: services IT and best practices.
    • IT project methodologies (e.g. Waterfall & Agile)
      • Principles
      • Main differences
      • implementation
    • Main functions linked to IT activities:
      • Business & Functional analysis
      • IT Developers
      • Testers
      • DevSecOps engineer
  1. IT security audit / assessment: how to conduct a security assessment:
    • Asset inventory
    • CIA criteria
    • Vulnerability and threat definition
    • Risk treatment



Bénédicte d’Allard, Senior Manager, Arendt Regulatory & Consulting

Giuliano Infantino Senior Manager, Arendt Regulatory & Consulting

Omar Derrouazi, Cyber Security Advisory Leader, Arendt & Medernach


Target Group

  • Members of governing/management bodies of regulated entities
  • Compliance officers
  • Other employees






550 €

Related Content

Bénédicte d’Allard
Senior Manager

Regulatory & Consulting

Giuliano Infantino
Senior Manager

Regulatory & Consulting