Week (50 Contact Hours)

  • Week 1 Introduction to Cybersecurity for Small Businesses
  • Week 2 Governance
  • Week 3 Risk Management
  • Week 4 Program Management
  • Week 5 Incident Management
  • Week 6 Implementation

Weekly Highlights

Week Domain Topic Description
Week 1 Introduction to Cybersecurity for Small Businesses Participants will be introduced to cybersecurity and its significance to small businesses, including the cost and consequences of inattention to cybersecurity within an organization. Common types of cybersecurity threats such as malware, viruses, ransomware, phishing and password hacking will be discussed. Participants will also learn about best practices as well as strategies to protect businesses, including cybersecurity insurance.
Week 2 Governance In week two, participants will explore the need for and various types of frameworks associated with cybersecurity, including the relationships between data governance, information technology governance, information governance, and corporate governance.
Week 3 Risk Management Participants will receive an introduction to the main types of cybersecurity risks and threats faced by businesses. The week will then build upon these topics and examine risk drivers, risk measurement and prioritization, followed by risk mitigation and action plans.
Week 4 Program Management In week four, key activities related to establishing a cybersecurity program will be discussed. Topics include threat reviews, risk evaluations, control reviews, policy Reviews, incident tracking, training program validation, vulnerability management, security monitoring, issue remediation, facility assessment, application assessment, system assessment and baseline assessments. Participants will learn about processes such as application security testing, authentication, DDoS mitigation, domain name service attack response, encryption, firewalls and IoT security.
Week 5 Incident Management Week five will cover tasks related to incident management such as preparation for incidents, team creation and development (both internal and external teams), as well as follow up actions such as after-action reviews and documentation. Additionally, a communication strategy will also be discussed, including key stakeholder mapping to keep everyone informed.
Week 6 Implementation During the final week of the program, participants will come prepared to discuss the development and implementation of a cybersecurity plan as a part of their organizational strategy and business continuity plan.