Cyber Resilience Management System (CRMS) Lead Implementer

This five day course provides an overview to the structure of a Cyber Resilience Management System (CRMS) based on ISO/IEC 27001 and associated guidance standards of the ISO/IEC 27k family, ISO 22301, NIST SP 800, MITRE ATT&CK, and how to implement this method in an organisation to build up an effective framework for handling Cyber Incidents.

Overview:

The CRMS methode is a combination of security incident, incident response, emergency, and crisis management. It focuses on cyber threat situations, is modern by applying current standards and best practice and is modular through defined products and processes. The CRMS method leads to a functioning and effective cyber defense, implementing only necessary and effective defense measures and thereby reducing the organization’s costs for implementation as well as for possible damage.

This five day course enables participants to develop the necessary expertise to support an organisation in implementing and managing a Cyber Resilience Management System.

Participants will also gain a thorough understanding of best practices used to implement cyber emergency processes from the CRMS method.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline:

Introduction to Cyber Resilience Management System

• Normative, Regulatory and Legal Framework
• Information Security Risk and Incident Management
• Business and IT-Service Continuity Management
• Further Standards, Frameworks and Best Practices Used

Planning and Initiating the CRMS Implementation

• Gap Analysis, Business Case and Project Plan
• Risk Management
• Emergency Organisation, Processes and Operations

Implementing the CRMS

• Implementation of a Cyber Risk Management Framework
• Implementation of an Emergency Organisation
• Implementation of Emergency Processes and Procedures
• Implementation of Emergency Operations

Performance Evaluation and Improving the CRMS

• Monitoring the CRMS with Metrics and Key Performance Indicators
• Identify Vulnerabilities and Define Corrective Measures
• Implementation of a Continual Improvement Program

Objectives:

Completion of this course will enable students to

• Understand the principles of a CRMS, including the relationship between its components, e.g. risk management, organisation, processes and operations
• Apply concepts, approaches, standards, methods and techniques for the effective operation of a CRMS
• Advise organisations on CRMS best practices
• Manage teams implementing the CRMS

Audience:

This course is aimed at students with (future) roles like

• Information Security Risk Management
• Information Security Incident Management
• Business Continuity Management
• IT-Service Continuity Management
• (IT) Professionals moving into Incident Response, Business Continuity or ITSCM operation
• CxO and senior managers with responsibility for Information Security, Business Continuity and / or Emergency Management

Prerequisites:

General understanding of common business processes and procedures, the required standards and frameworks.

Some exposure to Information Security, Risk Management, Business Continuity, Emergency Management, Security Incident Management, Incident Response are helpful, but not required.

Examination and Certification:

This course is designed by Detlef Hösterey, Team lead Resilience & Compliance Advisory at Cyfidelity Security Services GmbH in Bielefeld, Germany.

Attendees will receive a certificate of completion.