Training Session
To
L-2082 Luxembourg
Context
Information and Communication Technologies (ICT) security refers to the relevant measures, controls and procedures set up by a company in order to ensure integrity, confidentiality and availability of their data and ICT systems.
The European Banking Authority has published guidelines establishing requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their ICT risks in order to ensure a consistent approach across the European Union.
Objective
At the end of the training session, you will be able to understand important ICT and ICT security concepts and methodologies necessary to prepare and organize your regulated company’s compliance with applicable regulatory requirements in the field of ICT.
Content
- Regulatory introduction
-
- Main relevant regulatory sources
- IT hot topics based on our practical experience of CSSF feedbacks
- Basics of IT
- IT infrastructure main concepts
- On Premise vs Cloud
- Cloud IT infrastructure (IaaS; PaaS, SaaS, etc)
- VM vs Container
- IT infrastructure main concepts
-
- IT networks main concepts
- Introduction to the OSI model
- Demystification of the 7 layers: router, lan, http, IP, DNS …
- IT storage main concepts
- Databases
- Data Lake & Data warehouses
- ETL and ELT
- IT networks main concepts
- Basics of IT Security
- ICT risk and security objectives
- Definition of ICT risk
- Social engineering and phishing
- Protection measures
- Authentication and password, security of mobile devices, remote working and cloud security
- Basics of IT project governance & IT frameworks
-
- ITIL (IT Service Management) in a nutshell: services IT and best practices.
- IT project methodologies (e.g. Waterfall & Agile)
- Principles
- Main differences
- implementation
-
- Main functions linked to IT activities:
- Business & Functional analysis
- IT Developers
- Testers
- DevSecOps engineer
- Main functions linked to IT activities:
- IT security audit / assessment: how to conduct a security assessment:
-
- Asset inventory
- CIA criteria
- Vulnerability and threat definition
- Risk treatment
Speakers
Bénédicte d’Allard, Senior Manager, Arendt Regulatory & Consulting
Giuliano Infantino Senior Manager, Arendt Regulatory & Consulting
Omar Derrouazi, Cyber Security Advisory Leader, Arendt & Medernach
Target Group
- Members of governing/management bodies of regulated entities
- Compliance officers
- Other employees
Duration
4h
Language
English
Price
550 €