Cybersecurity Strategy Online Certificate
Boston College Continuing Education, in collaboration with Kevin Powers, Director of the M.S. in Cybersecurity Program at Boston College, is launching a new, online, non-credit certificate program.
The Cybersecurity Strategy Certificate provides you with advanced knowledge in cyber threats and vulnerabilities, cybersecurity policy and law, incident response development and implementation, cyber risk management and resiliency, and cloud security.
The certificate consists of five online courses (approximately 90 minutes each in length). You may complete the courses in any order you choose and at your own pace. There is no obligation to complete the certificate; you may take any course(s) without committing to completing the certificate.
Some courses are approved for CLE credit in CA, CT, FL, NJ, and NY. Reporting requirements vary by state and we recommend that you check with your state's bar association for their guidelines on reporting requirements.
Who should attend: attorneys, paralegals, accountants, business and government executives, managers and employees, human resources professionals, compliance and privacy officers, IT and project managers, and individuals seeking knowledge of cybersecurity.
To maximize learning and build on information in previous courses, courses should ideally be taken in the order they are listed below.
This course offers an overview of cyberspace and the ever-changing threat landscape. It provides an understanding of the evolving threats from bad actors, including phishing, ransomware, cryptojacking, and the use of social engineering tactics. The course briefly reviews the history of cyber crime and recent major breaches, and addresses key changes and trends in cyberspace today. The course covers corporate, government, and consumer responses to growing challenges.
- You will understand the application of cybersecurity in a corporate (and government) culture and the varying risks in the cyber ecosystem.
- You will understand cloud computing, mobility, and the Internet of Things (IOT), and the security implications and challenges involved with these important trends.
- You will understand effective technologies and responses necessary to secure data and connected devices.
This course broadly examines the key laws, regulations, and Executive Orders concerning data protection and privacy. The course focuses on the roles of Federal, state, and local regulators and law enforcement officials in cybersecurity and examines data protection and national security issues governed by various Federal agencies (e.g., SEC, FTC, DOJ, DHS, NSA). Additionally, the course addresses intellectual property protection, best practices (e.g., NIST Cybersecurity Framework), the role of an attorney (in-house and outside counsel) in cybersecurity, and the development of a proactive security strategy.
- You will understand the major legal concepts and laws relative to cybersecurity, including privacy, financial services, business concerns, national security and law enforcement concerns, and international law.
- You will understand the legal and regulatory requirements pertaining to cybersecurity and will be able to identify the varying Federal regulatory bodies overseeing same.
- You will be able to identify legal issues pertaining to cybersecurity and understand the role of the attorney in cybersecurity, including the varying types of litigation and liability for data breaches.
Incident Response and Planning
Course Fee: $300
This course provides an overview of requirements and best practices governing incident response and incident response planning that can help companies mitigate downstream enterprise risk. The course will explain the potential consequences of a significant cybersecurity incident, which effective incident response and incident response planning are designed to reduce. The course will examine the obligations a company has or may have when it discovers a potential incident, including an overview of potential notification obligations and considerations on whether to involve law enforcement. The course also will address the need to develop, in advance of an incident, an incident response plan and discuss legal criteria and best practices in developing a plan that facilitates effective incident response.
- You will understand the major legal risks presented by significant cyberattacks.
- You will understand the current legal requirements governing response to cybersecurity incidents.
- You will understand incident response plan requirements and best practices in developing and implementing such plans that can help mitigate enterprise risk.
Managing Cyber Risk
Course Fee: $300
This course provides a broad understanding of the fundamentals of risk management and applies them to the cybersecurity and digital risk management environments. It addresses methodologies for comparing digital risks and deciding between acceptance, mitigation, risk transfer, and avoidance. The course compares popular methodologies for quantifying, comparing, and categorizing digital risks, including Risk and Control Self-Assessment (RCSA), Risk Appetite Statement (RAS), Risk Tolerance metrics, Three Line Defense Model, Risk Register, Third-Party Risk Management, and quantitative methodologies for evaluating cost-benefit associated with mitigative investments.
- You will understand cybersecurity threats, risk assessment methodologies, sufficiency standards, and risk management options.
- You will understand corporate risk management functions, best practice organizational models, and management tools in common use.
- You will understand the importance of cybersecurity and risk management practices and why each must be integrated with data protection processes.
This course provides a broad understanding of basic cloud development models, including private, public, hybrid, and community, and the various service platforms (e.g., SaaS, PaaS, IaaS). Security topics include traffic hijacking, data isolation/storage segregation, identity management, virtualization security, continuity, data recovery, logging, notification, and auditing. The course addresses governance control and responsibility for cloud security and current best practices utilized by private industry and governments.
- You will understand the basic cloud service platforms (e.g., SaaS, PaaS, IaaS) and security topics and terms pertaining to cloud security.
- You will be able to identify applicable service provider standards and cloud adoption models and understand the current best practices utilized by private industry and governments for cloud security.
- You will understand which policy and contract measures to consider in a cloud adoption strategy.
All sales are final; no refunds. Registrations may not be transferred to another person or to another course, workshop, or program.