DAY ONE

S/n Time Duration Topic Content Class Activities

1 8.00 am 30 mins Introduction Meet and greet Identification of names, roles and IT background
2   30 mins Threat and About TRA  
Risk Importance of TRA to financial institutions  
Assessments
3   1 hr. CIA Triad Overview of the CIA Triad Give participants a case study involving a security
breach that resulted in a loss of confidentiality within a
Confidentiality financial organization. Participants can analyze the
Definition and examples case study and identify the weaknesses in the
Techniques for achieving confidentiality (encryption, organization's security measures that led to the
access control, etc.) breach. Then, participants can present their findings to
Common threats to confidentiality (social engineering, the class and discuss potential solutions for improving
data breaches, etc.) security
Integrity
Definition and examples
Techniques for achieving integrity (digital signatures,
checksums, etc.)
Common threats to integrity (malware, hacking, etc.)
Availability
Definition and examples
Techniques for achieving availability (backup systems,
redundancy, etc.)
Common threats to availability (denial-of-service
attacks, natural disasters, etc.)
Relationships between the three principles  
Balancing the CIA Triad and its implementation  
withing financial organizations
4   1 Hr 30 Threat Overview of the Threat Landscape in the Banking  
mins Landscape Industry
Threat Actors affecting financial organizations Provide participants with a map of a hypothetical
Types of threat actors (hackers, insiders, etc.) organization, such as a bank or a government agency.
Motivations of threat actors (financial gain, political Have them identify the different types of threat actors
 gain, etc.) that could target the organization, such as insiders,
Examples of attacks carried out by threat actors external attackers, or nation-state actors. Then, have
them map out the likely attack vectors and targets for
each type of threat actor, as well as the potential
impact of a successful attack. After the participants
have completed their maps, lead a discussion about
how the organization can defend against these
threats.
5 Common Attack Methods against Financial Provide participants with a case study of a real-world
Organizations cyber attack, such as the WannaCry ransomware
Phishing attacks attack or the Target data breach. Have them analyze
Malware attacks the attack to identify the attack methods used, the
Denial-of-service attacks vulnerabilities exploited, and the potential impact of
Man-in-the-middle attacks the attack. Then, have them identify the lessons
Insider attacks learned from the attack, including how the
organization could have defended against the attack.
After the groups have presented their findings, lead a
discussion about how the lessons learned can be
applied to other organizations.
6   2 Hrs Security Overview of Security Design Principles  
 design Establishing context pre-sytem design Mock Security Breach:
Principles Understand what the system is for, what is needed to Create a mock security breach scenario in which a
within IT operate it, and which risks are acceptable participant gains unauthorized access to a system or
systems of Understand the threat model for your system file they shouldn't have access to. In groups,
financial Role of suppliers in establishing and maintaining participants can analyze the breach and discuss how
organizations system security implementing a least privilege access control policy
End to End understanding of the system could have prevented the breach from occurring
Govern security risks
Responsibilities Risk Assessment Exercise
Give participants a list of hypothetical scenarios that
require different levels of access to an organization's
systems or data. In groups, participants can assess the
potential risks and benefits of granting each level of
access and make recommendations based on the
principle of least privilege. Then, participants can
present their findings to the group and engage in a
discussion about the importance of implementing a
least privilege access control policy

Group Activity
Divide participants into groups and have them design a
defense in depth strategy for a hypothetical
organization. Provide them with information about the
organization's assets, threats, and vulnerabilities. Each
group should design a strategy that includes multiple
layers of defense, such as firewalls, intrusion detection
systems, access control, and data backups. After the
groups have presented their strategies, lead a
discussion about the strengths and weaknesses of
each approach.
7 Making compromise difficult
What to do with external input
Case Study
Reducing the attack surface
Provide participants with a case study of a real-world
Confidence in crucial security controls
 Least Privilege
Protecting management and operations environments
from targeted attacks
Tried and tested approaches
Authorization and Monitoring
Design for easy maintenance
8 Making Disruption Difficult
System resiliency
Scalability
Bottlenecks and DOS conditions
Dependence of third parties
9   Detecting Compromise
security events and logs
communication flows between components IT security breach that resulted from a failure in
malware command and control communications separation of duty. Have them analyze the case study
Independent Monitoring to identify which tasks and responsibilities should have
Mask Security Logic been separated to prevent the breach. Then, have
Understand 'normal' and detect the abnormal them design a separation of duty policy that could
10     Reduce the impact of compromise have prevented the breach from occurring. After the
zoned or segmented network groups have presented their policy, lead a discussion
unnecessary functionality about how it could be implemented in a real-world IT
management bypass environment and how it could be enforced.
recovering following a compromise
separation of duties
Anonymise data