The United States Cyber Consequences Unit


Cyber Security for Senior Management


The kinds of cyber attacks that are now possible could cause massive liabilities for almost any company. These liabilities could be so great that the company would be threatened with bankruptcy. The competitive environment in which companies operate is also enormously influenced by the constant presence of cyber attacks. Senior managers are making decisions every day that will affect their company’s vulnerability to cyber attacks. They frequently launch programs that will succeed or fail, based on the reliability and security of the information systems being employed.

Yet very few executives have any deep understanding of cyber attacks and their implications. They delegate responsibility for cyber security to technical specialists who have only a limited understanding of the business being protected. When executives hear a report or proposal involving cyber security, they usually have little idea of what questions to ask. They have no way of knowing whether their company’s cyber security policies make sense from a business standpoint.

This course will teach you how to tell which cyber risks are real and which are mostly hype. It will explain how computers and networks actually operate, without confusing and irrelevant technical details. It will outline the biggest business opportunities companies have in front of them and how the right kind of cyber security can help a business to seize those opportunities. It will explain how cyber risks can be analyzed and quantified. It will show how a risk-based approach to cyber security can be implemented.

The course will be taught by Scott Borg, the Director of the U.S. Cyber Consequences Unit. He is widely regarded as the world’s leading authority on the economics of cyber security, as well as certain technical topics. He originated many of the concepts currently used to understand the implications of cyber attacks in business contexts.

The topics that will be covered in this course include:

  • The nature of contemporary malware, how it operates, and what it can do

  • Why malware can be so hard to identify and stop and what can be discovered about the authors of malware by analyzing it

  • The kind of “unrestricted competition” that cyber attacks foster and how it is changing the role of the military, police, and government

  • The eight major business opportunities that depend on cyber security

  • The kinds of cyber attacks that aren’t being reported and why these may be the most important

  • The four features of computer instructions that are the key to understanding information technology

  • How it is possible to use an analysis of cyber threats, consequences, and vulnerabilities to generate credible estimates of the annualized expected loss from cyber attacks

  • How to estimate the ROI for different cyber-security measures and policies

  • The kind of practical program needed to implement a risk-based approach to cyber security

  • What corporate and national cyber-security policies need to look like

Cost of each course: $1,200 for corporate attendees, or $1,000 for government or academic attendees. (Payable by credit card over the phone.)

Venue (in Washington, DC): Carr Workplaces, 12th Floor, Potomac Building, 1001 N. 19th Street in Rosslyn (Arlington), two and a half blocks from the Rosslyn Metro stop and just across the bridge from Georgetown.

Arrangements can also be made for the courses to be taught to groups and at other locations.

Additional information: Please contact the course administrator through email.

Top of Page
  Copyright © 2004- U.S. Cyber Consequences Unit. All Rights Reserved.