This program aims to provide resilience professionals and security leaders with the strategic and practical knowledge to design, implement, and test an integrated Business Continuity and Cyber Resilience framework:

• Business Continuity Planners and Coordinators.
• Disaster Recovery Specialists.
• CISO and Security Directors.
• Incident Response Team Leads.
• IT Operations and Infrastructure Managers.
• Enterprise Risk Managers.
• Audit and Compliance Professionals.

• Group activity conducting a Business Impact Analysis (BIA) for a key business process.
• Mandatory tabletop exercise simulating a full-scale cyber disaster recovery scenario.
• Case studies on major cyber attacks that resulted in successful or failed recovery.
• Discussions on the cost-benefit analysis of different DR recovery solutions.
• Individual assignment creating a ransomware recovery playbook.

Unit 1: Foundations of Organisational Resilience

• Defining Business Continuity Management (BCM), Disaster Recovery (DR), and Cyber Resilience.
• The relationship and integration points between IR, DR, and BCM.
• Review of resilience standards and frameworks (e.g., ISO 22301, NIST CSF).
• The strategic imperative of resilience for long-term business viability.

• Methodology for conducting a comprehensive, risk-driven Business Impact Analysis.
• Identifying and prioritizing critical business processes and dependencies.
• Defining and setting clear Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
• Calculating Maximum Tolerable Downtime (MTD) for critical functions.

Unit 2: Disaster Recovery and Technical Recovery Planning

• Designing DR solutions: hot sites, warm sites, and cold sites.
• Leveraging cloud services (AWS, Azure, GCP) for scalable and cost-effective DR.
• Data backup, replication, and restoration strategies for various system types.
• Securing the DR environment and ensuring its isolation from the primary environment.

• Specific challenges of recovering from crypto-locking ransomware attacks.
• Designing an 'air-gapped' or immutable backup strategy.
• Secure restoration process to prevent re-infection.
• Decision matrix for negotiating or paying a ransom (if legally and ethically feasible).

Unit 3: Cyber Resilience Integration

• Integrating resilience requirements into system design and architecture (Resilience by Design).
• Microsegmentation and zone isolation for containing cyber incidents.
• Designing fault-tolerant and highly available infrastructure.
• The role of deception technologies in detecting and diverting attacks.

• Establishing a formal Crisis Management Team (CMT) and decision-making hierarchy.
• Developing pre-approved communications for employees, customers, and the public.
• Coordination with PR, Legal, and executive leadership during a crisis.
• Managing media and social media narratives during a cyber incident.

Unit 4: Testing, Maintenance, and Assurance

• Designing a progressive testing program (walkthroughs, simulations, full failover).
• Conducting periodic Business Continuity (BC) and Disaster Recovery (DR) tests.
• Running integrated Incident Response and Crisis Management tabletop exercises.
• Measuring and reporting on test results and plan effectiveness.

• Establishing a formal review and update cycle for all BCM/DR documentation.
• Change management integration to ensure plan accuracy after system changes.
• Auditing the resilience program and control effectiveness.
• Securing the budget and resources for continuous program maturity.

Unit 5: Emerging Threats and Future Resilience

• Assessing the resilience plans of critical third-party vendors.
• Developing continuity strategies for reliance on cloud and SaaS providers.
• Managing concentration risk in the supply chain.
• The role of cyber insurance in resilience planning.

• Resilience planning for Operational Technology (OT) and Industrial Control Systems (ICS).
• The impact of AI/ML on both attack and defense strategies.
• The shift to a Continuous Cyber Resilience model.
• Integrating deception and moving target defense into resilience strategy.