CADMUS Course Code: CADMUS- BTCMP-17
ECSF Proficiency Level: Intermediate
EQF Level: EQF Level 6 (Bachelor's degree equivalent)
Training Type: Cross-skilling
Delivery Method: Online self-paced
Additional Delivery Method : Online instructor-led
Duration: Total duration is between 12 hours and 13 hours 55 minutes, delivered over 2 weeks, depending on (i) diagnostic routing and (ii) whether remediation/retake is required after the final quiz. This total includes LMS preparation and consolidation, three (3) live instructor-led sessions, and a table-top exercise.
Trainee Group Size: 12-20
ECSF Skills Covered: · Analyze and comply with cybersecurity-related laws, regulations and legislations
· Assess and enhance an organization’s cybersecurity posture
· Collaborate with other team members and colleagues
· Communicate, present and report to relevant stakeholders
· Define and apply maturity models for cybersecurity management
· Design, apply, monitor and review an Information Security Management System (ISMS) either directly or by leading its outsourcing
· Enable business asset owners, executives and stakeholders to make risk-informed decisions to manage and mitigate risks
· Identify and solve cybersecurity-related issues
· Influence an organization’s cybersecurity culture
Target Audience : · Managers and decision makers
· Sector focus: public sector and SMEs
Prerequisites Entry Requirements : · Basic cybersecurity awareness, no advanced technical skills required.
· Basic cybersecurity awareness. No advanced technical skills required.
Learning Objectives:
|
· Evaluate and govern enterprise-wide cybersecurity efforts by aligning policies and practices with organizational strategy and regulatory requirements.
· Strengthen executive decision-making through strategic insights into risk management, threat landscapes, and emerging challenges in cybersecurity.
· Lead and influence organizational culture by fostering cross-functional collaboration, accountability, and resilience in cybersecurity initiatives.
· Practice executive-level cyber crisis decision-making (governance, communications, regulatory response) through a Table-Top Exercise.
|
Suggested Learning Objective Sets – LOS :
|
Primary
- LOS 14 – Security Strategy & Business Alignment: Align security with corporate KPIs, craft multi-year roadmaps, and brief boards.
Secondary
- LOS 5 – Risk Management: Identify, analyze, and treat risk; quantify risk; draft and present mitigation plans
- LOS 17 – Security Consulting & Risk Communication: Articulate technical risks in business language; brief executives; draft risk-mitigation roadmaps.
- LOS 18 – Stakeholder Relationship Management: Coordinate multi-party security work (vendors, CERTs, legal) and nurture cyber-culture.
|
Learning Outcomes: After successful completion of the course the participants will be able to:
· Apply governance frameworks to analyze a case study and recommend enterprise-wide cybersecurity policies.
· Demonstrate strategic decision-making by evaluating risk scenarios and presenting prioritized mitigation strategies.
· Model executive leadership by outlining approaches to drive organizational culture change and cross-functional cybersecurity collaboration.
· Lead an executive-level cyber incident coordination process (roles, escalation, decision logging)
· Produce an executive briefing (situation, impact, options, decision, next actions).
· Choose and justify a response strategy balancing legal, reputational, operational, and financial risk.
· Demonstrate stakeholder communication choices appropriate to regulators, media, customers and internal staff.
Course Structure (Learning Nodes):
- Cybersecurity in the Executive Agenda
· Why cybersecurity is a board-level issue
· Cybersecurity as a business enabler, not just an IT function
· The evolving regulatory and geopolitical landscape
- Governing Enterprise-Wide Cybersecurity
· Cybersecurity governance frameworks (NIST, ISO, CIS, etc.)
· Roles of the Board, Chief Information Security Officer (CISO), Chief Information Officer (CIO), and executive leadership
· Accountability and reporting structures
· Executive oversight metrics and Key Performance Indicators (KPIs), reporting cadence
- Risk Management and Strategic Decision-Making
· Identifying and prioritizing enterprise risks
· Translating cyber risk into financial, operational and reputational impact
· Scenario planning and stress testing
· Decision-making under uncertainty: balancing cost, security and innovation
- Crisis Management and Executive Response
· Executive role in the “first 72 hours”
· Incident response planning and tabletop simulations
· Stakeholder communications: board, regulators, media, customers
· Case study: executive missteps and best practices
· Capstone Table-Top Exercise (TTX): decision log, communications artefacts, One-page After Action Review
- Building a Resilient Cybersecurity Culture
· Executive influence on culture and employee behavior
· Organization-wide awareness and accountability
· Change management strategies for embedding cybersecurity in operations
- Emerging Trends and Strategic Foresight (Executive Implications)
· Artificial intelligence and machine learning: risk, governance, investment choices
· Cloud, supply chain, and third-party risks
· Digital transformation (Internet of Things, 5G, quantum): executive risk outlook
· Preparing for the next decade of executive cyber risks
|
Certificates Offered : Attendance certificate: participation in ≥90% of total workload (regardless of score).
Attendance evidence (online): videoconferencing attendance logs & LMS activity/submission records for required team/individual artefacts.
Successful completion certificates (require attendance ≥90% AND overall Pass):
- Completion: 50 ≤ GPA ≤ 64.9
- Very good performance: 65 ≤ GPA ≤ 84.9
- Excellent performance: 85 ≤ GPA ≤ 100
Micro-credential badge: Awarded when GPA ≥70, attendance ≥90%, and no critical TTX criterion is graded below minimum.
1 Chief Information Security Officer (CISO): Yes
2. Cyber Incident Responder: No
3. Cyber Legal, Policy & Compliance Officer: Yes
4. Cyber Threat Intelligence Specialist: No
5. Cybersecurity Architect: No
6. Cybersecurity Auditor: No
Cybersecurity Educator: No
Cybersecurity Implementer: No
Cybersecurity Researcher: No
Cybersecurity Risk Manager: No
Digital Forensics Investigator: No
Penetration Tester: No
SMEs: Yes
Cybersecurity Professionals: Yes
LMS : No
Cyber Range : No
SG/TTX: No
Bootcamp : Yes
Hackathon : No
1 Analyse and comply with cybersecurity-related laws, regulations and legislations: Yes
2 Analyse and consolidate organisation’s quality and risk management practices: No
3 Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks: No
4 Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls: No
5 Anticipate cybersecurity threats, needs and upcoming challenges: No
6 Anticipate required changes to the organisation’s information security strategy and formulate new plans: No
7 Apply auditing tools and techniques: No
8 Assess and enhance an organisation’s cybersecurity posture: Yes
9 Assess the security and performance of solutions: No
10 Audit with integrity, being impartial and independent: No
11 Automate threat intelligence management procedures: No
12 Build a cybersecurity risk-aware environment: No
13 Build resilience against points of failure across the architecture: No
14 Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organisational processes, finance and business strategy: No
15 Collaborate with other team members and colleagues: Yes
16 Collect information while preserving its integrity: No
17 Collect, analyse and correlate cyber threat information originating from multiple sources: No
18 Collect, evaluate, maintain and protect auditing information: No
19 Communicate, coordinate and cooperate with internal and external stakeholders: No
20 Communicate, explain and adapt legal and regulatory requirements and business needs: No
21 Communicate, present and report to relevant stakeholders: Yes
22 Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements: No
23 Conduct ethical hacking: No
24 Conduct technical analysis and reporting: No
25 Conduct user and business security requirements analysis: No
26 Conduct, monitor and review privacy impact assessments using standards, frameworks, acknowledged methodologies and tools: No
27 Configure solutions according to the organisation’s security policy: No
28 Coordinate the integration of security solutions: No
29 Decompose and analyse systems to develop security and privacy requirements and identify effective solutions: No
30 Decompose and analyse systems to identify weaknesses and ineffective controls: No
31 Define and apply maturity models for cybersecurity management: Yes
32 Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles: No
33 Design, apply, monitor and review Information Security Management System (ISMS) either directly or by leading its outsourcing: Yes
34 Design, develop and deliver learning programmes to cover cybersecurity needs: No
35 Develop and communicate, detailed and reasoned investigation reports: No
36 Develop code, scripts and programmes: No
37 Develop codes, scripts and programmes: No
38 Develop cybersecurity exercises including simulations using cyber range environments: No
39 Develop evaluation programs for the awareness, training and education activities: No
40 Develop, champion and lead the execution of a cybersecurity strategy: No
41 Draw cybersecurity architectural and functional specifications: No
42 Enable business assets owners, executives and other stakeholders to make risk-informed decisions to manage and mitigate risks: Yes
43 Establish a cybersecurity plan: No
44 Explain and communicate data protection and privacy topics to stakeholders and users: No
45 Explain and present digital evidence in a simple, straightforward and easy to understand way: No
46 Follow and practice auditing frameworks, standards and methodologies: No
47 Generate new ideas and transfer theory into practice: No
48 Guide and communicate with implementers and IT/OT personnel: No
49 Identify and exploit vulnerabilities: No
50 Identify and select appropriate pedagogical approaches for the intended audience: No
51 Identify and solve cybersecurity-related issues: Yes
52 Identify needs in cybersecurity awareness, training and education: No
53 Identify non-cyber events with implications on cyber-related activities: No
54 Identify threat actors TTPs and campaigns: No
55 Identify, analyse and correlate cybersecurity events: No
56 Implement cybersecurity recommendations and best practices: No
57 Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards: No
58 Influence an organisation’s cybersecurity culture: Yes
59 Integrate cybersecurity solutions to the organisation’s infrastructure: No
60 Lead the development of appropriate cybersecurity and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties: No
61 Manage and analyse log files: No
62 Manage cybersecurity resources: No
63 Model threats, actors and TTPs: No
64 Monitor new advancements in cybersecurity-related technologies: No
65 Motivate and encourage people: No
66 Organise and work in a systematic and deterministic way based on evidence: No
67 Perform social engineering: No
68 Practice all technical, functional and operational aspects of cybersecurity incident handling and response: No
69 Propose and manage risk-sharing options: No
70 Propose cybersecurity architectures based on stakeholder’s needs and budget: No
71 Provide training towards cybersecurity and data protection professional certifications: No
72 Review and enhance security documents, reports, SLAs and ensure the security objectives: No
73 Review codes assess their security: No
74 Select appropriate specifications, procedures and controls: No
75 Think creatively and outside the box: No
76 Understand legal framework modifications implications to the organisation’s cybersecurity and data protection strategy and policies: No
77 Understand, practice and adhere to ethical requirements and standards: No
78 Use and apply CTI platforms and tools: No
79 Use penetration testing tools effectively: No
80 Utilise existing cybersecurity-related training resources: No
81 Work ethically and independently; not influenced and biased by internal or external actors: No
82 Work on operating systems, servers, clouds and relevant infrastructures: No
83 Work under pressure: No
