Objectives and scope of the Course

> To provide an overall comprehension of the risks and challenges on organizations resulting from an increasingly digital economy concerning cybersecurity leveraged in terms of speed and deepness by the COVID-19 pandemic.

​

> To provide insights from leading experts of the industry and reference academics concerning the implications of cybersecurity risks in terms of the organizations' Business, Governance and Compliance.

> This program aims to be the best international cybersecurity short/medium term course for executives and decision makers in Europe.

> Members of the Management Board of companies/organizations from the private and public sectors

​

> Members of the Supervisory Board of companies/organizations from the private and public sectors

​

> Members of the Management Board and the Supervisory Board of Banks, Fintechs, and Insurance companies

​

> Decision makers of organizations on the areas/committees of Internal Control and Risk, Internal Audit, Inspection, and Compliance and Legal

​

> Armed forces decision makers

​

> Law enforcement decision makers

​

> Charted Accountants/Statutory Auditors (Revisores Oficiais de Contas)

​

> Lawyers on decision making positions

 Classes Format

> The course will be held in hybrid format (in person + online) at Faculdade de Ciências da Universidade de Lisboa

​

> Participants are free to choose to attend any class in person or online

​

> Starting date: February 16th, 2023

​

> 30 hours (12 modules)

​

> Tuesdays and Thursdays, from 16:30 to 17:50 and 18:00 to 19:20

> Certificate to be issued by the Faculty of Sciences of University of Lisbon after the completion of the course

Module 1

Macro perspective on cybersecurity (3h)

Contra-Almirante António Gameiro Marques

General Director

Gabinete Nacional de Segurança (GNS)

• The strategic perspective of Cybersecurity at national level - Resilience, sovereignty, and Leadership

• What the C level needs to ask to assess the organization’s cybersecurity level

• Major challenges for organizations and citizens

• New technologies leveraged by the pandemic

• The need for a common knowledge concerning cybersecurity

• EU Cybersecurity Strategy and its relationship with the National Cyberspace Security Strategy

• EU Cybersecurity Certification. What is due to occur in Portugal and the impact in the economy

• Cybersecurity incidents in Portugal – The National Cybersecurity Observatory

• Operational Capability to prevent, deter and respond

• New strategic initiatives

• Self-evaluation Quiz

Module 2

Introduction to cyber security concepts (3h)

Eng. José Alegria

CISO, Head of CyberSecurity & Privacy (DCY)

ALTICE Portugal

• Cyber Security definition

• Importance of security at different layers (from physical to information)

• Fundamental information security properties: confidentiality, integrity, availability

• Types of vulnerabilities

• Types of attacks

• Motivations of attackers

• Phases of an attack

• Attack-Vulnerability-Intrusion (AVI) model

• NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, Recover

• Self-evaluation Quiz

Operational Technology Security (OT)
(1.5h + 1.5h)

Module 4

Minsait/SIA CESCE (to be confirmed)

• Resources

• Information flows and dependencies

• Security policies and responsibilities

• Risk identification

• Risk assessment

• Risk analysis

• Risk management

• Control strategies

• Cost-benefit analysis in InfoSec

• Self-evaluation Quiz

Funding Programmes for the Cybersecurity Economy
(1.5h)

Module 5

Dra. Marco Barros Lourenço

Research and Innovation Lead

European Union Agency for Cybersecurity (ENISA

• The European Strategy for the Digital de Decade

• Cybersecurity Policy Context in Europe

• The EU Cybersecurity Market – The road to a Strategic Autonomy

• The Digital and Horizon Europe Programmes and the European Cybersecurity Competence Centre

• European Funding for Cybersecurity - A practical approach

• Self-evaluation Quiz

Identification of assets
and risk concepts
(1.5h)

Module 6

Prof.ª Ana Respício

Assistant Professor of Informatics

Faculty of Science of the University of Lisbon

• Information flows and dependencies

• Risk identification

• Risk assessment

• Risk analysis

• Risk management

• Self-evaluation Quiz

Module 7

Reaction & Recovery
(3h)

Eng. Marcelo Rodrigues

Director of Cybersecurity & Privacy

PwC Portugal

Eng. Pedro Santinhos

Risk Assurance Director

PwC Portugal

• Response plans (legal frameworks)

• Incident management (CERT/CSIRT teams)

• Analysis of incident impacts

• Contingency plans

• Disaster recovery

• Business continuity

• Image recovery and communication

• Self-evaluation Quiz

Cybersecurity Law
(3h)

Module 8

Dra. Magda Cocco

Head of Practice of Information, Communication & Technology

VdA - Vieira de Almeida

• The importance of the legal dimension

• Cybersecurity legal and regulatory framework – main trends 

• The legal impacts of a cyber incident   

• A strategic approach to cybersecurity regulatory framework (general and sector-specific legislation) 

• Self-evaluation Quiz

Module 9

Cybercrime
(1.5h)

Dr. Rogério Bravo

Chief Inspector of UNC3T - National Unit for Combating Cybercrime and Technological Crime of Portuguese Judiciary Police

• Modus Operandi and terminology of the main cybercrimes

• Incident and Crime: practical aspects of legislation

• From the preparation to the mitigation of cyber-incident: the legal action

• Self-evaluation Quiz

Module 10

a. Economic Evaluation of Cybersecurity Investments (1,5h)

Prof. Telmo Vieira

Managing Partner

PremiValor Consulting

Certified Public Accountant - ROC

• Cybersecurity Due Diligence in Mergers & Acquisitions (M&A) processes

• The economic evaluation of Cybersecurity Investments:

  •  The financial model

  • Key assumptions

  • Key Economic and financial indicators (KPIs):

    • ​ALE – Annual Loss Expectancy

    • ROSI – Return on Security Investment

• Self-evaluation Quiz

Module 10

b. Cybersecurity risks and challenges on Banking and Fintech sector (1,5h)

Eng. Pedro Silva

Head of Unit - Cybersecurity

Banco de Portugal

• Major trends and Cybersecurity concerns in the financial sector

• Cooperation, Proactivity and Systemic Approaches to Cyber Threats

• Cybersecurity Governance: Engaging the Executive Boards

• Narrowing the Cyber Language GAP between Operational/ Tactical and Executive Boards

• Self-evaluation Quiz

Module 12

Case studies and Tabletop exercise (3h)

Contra-Almirante António Gameiro Marques

General Director

Gabinete Nacional de Segurança (GNS)

• Target and MAERSK case studies – to be first discussed by students and then in class with the professor/lecturer as a way to cement the knowledge obtained throughout the course

• Tabletop exercise to stimulate leaders in the decision associated with a crisis originating in cyberspace

• Final remarks on the program

Eng. Pedro Santinhos
Risk Assurance Director
(PWC Portugal)

Dra. Magda Cocco
Head of Practice of Information, Communication & Technology
(VdA - Vieira de Almeida) 

Prof. Telmo Vieira
Manging Partner (PremiValor Consulting)
Certified Public Accountant / Statutory Auditor (CPA)

Eng. Luís Gonçalves
Head of Cybersecurity, IT Risk and Compliance
(Banco de Portugal)

Tenente-Coronel André Castro
Cyber Defense Chief (Portuguese Air Force) INFOSYS and INFOSEC Officer for NATO Networks for 11 Years

Dr. Marco Barros Lourenço
Research and Innovation Team Lead
(European Union Agency for Cybersecurity (ENISA))

Dr. Rogério Bravo
Chief Inspector
(UNC3T - National Unit for Combating Cybercrime and Technological Crime of Portuguese Judiciary Police)