EEGAD: Boardroom Cybersecurity Frequently Asked Questions (FAQ)
Jump to a question:
TL;DR Overview
5 live sessions with the cohort led by the course instructor
12.5 hours of recorded lectures focusing on board director cybersecurity topics
Optional followup “Cybersecurity in the Board Room” curriculum and exam/certification (SecurityScorecard)
access to 30 total hours of graduate-level lectures (including slides and speaker notes)
What is the time commitment required?
This short course is delivered in 5 live sessions of 60 minutes with the cohort over a video conference call. Each week a "pre-read" recorded lecture of 2.5 hours should be viewed in order to come to the live session prepared to discuss that week's topics.
What does the course cover in the five weeks of discussions?
Board-level Cybersecurity Basics
What is risk?
C.I.A. triad, the three pillars of information security
Data classification, the first step in understanding business’ critical assets
Risk quantification and objective measures of security
Risk Management Fundamentals for the Digital Economy
Audits, Assessments and Observability
Change Control and Software Development
Who’s Watching the Watchers?
Threat Intelligence
Compliance Frameworks
SOC2 (Type1 and Type2, US focus) and ISO27001 (international focus)
NIST 800-53 and NIST 800-171
PCI (Payment Card Industry)
HIPAA (Health Insurance Portability and Accountability Act)
GDPR / CCPA (and various state-level copycat legislation)
Budgets and Resource Allocation
People, Process and Tools
Identity & Access Management
Privileged Identity Management
Policy and Practice
Information Security Policy = WISP + SIRP
Social Media Policy
Protecting your Identity, Data and Family (it’s not just at work that we need to be security aware)
Secure Development Initiatives
Tabletop Exercises and Red Teaming
What are the learning outcomes?
Upon completion of this short course, the participant will have gained a high-level understanding and management view of information security: what it is and what drives the requirements for cybersecurity programs.
The primary goal is to cover basic board-level governance, risk and compliance with regard to information security policy management as well as the practice of cybersecurity programs to help boards be effective partners with CISOs and their teams to identify and mitigate risk to their organizations, their customers, shareholders and other stakeholders. The participant will also be prepared to take the “Cybersecurity in the Board Room” exam and demonstrate their accomplishment on their LinkedIn profile.
What previous training or knowledge do I need before participating?
Each live session has a “pre-read” which prepares the cohort for each weekly topic. The EEGAD: Boardroom Cybersecurity content is distilled from an NYU Graduate Course CS-GY 6803 “Information System Security and Management” taught by Adjunct Professor Mike Wilkes as a series of 12 lectures of 2.5 hours each in length. While 5 of these lectures have been selected to form the core of this tailored short course for board executives, participants are encouraged to continue their study of cybersecurity by consuming all 30 hours of instruction. The summer Cyber Fellows offering of the course included 104 students seeking their master’s degree in cybersecurity from the NYU Tandon School of Engineering.
Just to be clear, there is no prerequisite knowledge or coursework for this series of sessions. Professor Wilkes has been teaching the "top" of the org chart for a few years now, creating several cybersecurity and management/innovation courses for NYU. He and the live session leaders carry no expectations for prior understanding of information security.
