7:30 am-9:00 am  Coffee and Registration

9:00 am-9:15 am  Introductory Briefing and  TTX Guidelines and Objectives Assumptions & Constraints Incident Response Process Overview
Overview of the workshop including guidelines, objectives, assumptions, and constraints of the scenario.

9:15 am -10:10 am  Scenario-Ransomware Event 
Your higher education institution has been hit with a ransomware attack. In teams with a facilitator, you will gather and evaluate information, and explore and develop potential responses.

10:10 am -10:30 am   Scenario 1-Debrief 
Teams share their approaches, strategies and lessons learned.

10:30 am-10:45 am   Break

10:45  am-11:15 am  AWS Security Presentation and  AWS Cloud Security Overview 
A review of the NIST Cybersecurity Framework to identify, protect, detect, respond, and recover from events. Overview of the AWS services you can use to help you achieve the prescribed NIST security controls. 

11:15 am - 11:50 am  Scenario 2 - Advanced Threat Scenario 
You’ll explore how your institution should respond to this advanced threat with your team and facilitator.

11:50 am -12:00 pm  Closing 

12:00 pm-1:00 pm  Lunch

1: 00 pm-2:00 pm  Is Your Organization Prepared For a Cyber Crisis? 
Michael Gioia, CISM, CISSP, CISO, Babson College

Cyber crisis planning encompasses more than just incident response; it involves a comprehensive and proactive approach to address potential cyber threats and their potential consequences. It involves conducting risk assessments, developing preventive measures, implementing robust security controls, and continuously monitoring potential vulnerabilities. Effective cyber crisis planning also includes training and educating stakeholders about cybersecurity best practices, fostering a culture of vigilance, and establishing clear lines of communication and collaboration among key stakeholders. This holistic approach ensures that organizations and individuals are better prepared to navigate the complex and rapidly evolving cyber landscape, thereby reducing the likelihood and impact of cyber crises.

2:00 pm-3:00 pm Data Breaches: How to Weather the Storm Gracefully
Jason Pufhal, Vancord (NERCOMP Solutions Partner)
Steve Maresca, Vancord (NERCOMP Solutions Partner)

Institutions most able to overcome a data breach or security incident have usually acquired hard-won experience from earlier crises. Without inviting calamity as a learning experience, how can an organization prepare effectively and maximize success? Incident response is more than containing a threat and restoring services; it begins long before a crisis and often concludes long after. Using a real-world incident as framing, Vancord will share incident and

breach response strategies, key data and decision points, critical actions often overlooked, and guidance to reduce impact. Preparation through planning, drills, and data will be underscored. Critical communications, privacy concerns, notification requirements, and cyber liability insurance interactions
will be especially emphasized. This discussion will apply to a board audience, from leadership to technical roles alike.

3:00 pm End