NICF145: DESIGN PERSONAL DATA BREACH RESPONSE PLAN
DESIGN PERSONAL DATA BREACH RESPONSE PLAN
Course Duration
Mode of Assessment
Participants will be required to complete a one hour written assessment during class.
Who Should Attend
NTUC LearningHub Course Code: NICF146
TP Gateway Code: TGS-2022014913 (VLC) / TGS-2022010684 (F2F)
The participants for this programme are for:
- Compliance Managers or Data Protection Officers (DPOs); and
- Data Protection Executives, or team members assisting Data Protection Officers
- Auditors, Human Resource, IT personnel, Executive / Managers who need to be involved in data protection matters.
This proposed course is suitable for all sectors, regardless of their size. The position of a data protection officer is required in any organisation.
What's In It for Me
Included in this 2 day course is a 3 hour simulation on day 2 where we will deliver an AI based simulation exercise by BEST to better prepare trainees for crisis by automatically optimizing processes, creating customized simulations and provide data driven insights on how to better perform.
Course Overview
NTUC LearningHub Course Code: NICF145
TP Gateway Code: TPG-2021018466
February 2022, the PDPA was amended to make Data Breach Notifications mandatory. There new law established thresholds and timelines. Companies must establish a Data Breach Response Plan as part of their Data Protection Management Programme
- This course teaches the learners what the various components of this data breach response plan is.
- It includes all the necessary requirements as prescribed by the law.
- It also takes into account the business processes of organisations
This 2-day course provides learners with knowledge on how to develop incident management procedures and synthesise incident-related analyses to distil key insights, resolve incidents and establish mitigating and preventive solutions. The course will enable learners to manage the containment of personal data breach incidents, lead the recovery of contained security incidents, establish mitigation and prevention processes and policies. It will also introduce learners on methods of how to test their organisation’s data breach response plans.
Course Schedule
Next available schedule
Course Objectives
Upon completion of this Course, participants will have the following knowledge:
- Mechanics of incident alert triggers
- Incident remediation solutions and strategies
- Incident mitigation strategies.’
- Personal Data Protection Act 2012
- Trends in personal data breaches or incidents that may impact business / IT processes or services.
- PDPC’s Guide to Managing Data Breaches 2.0
With the above-mentioned knowledge, participants will be able to carry out the following:
- Develop mechanisms or threat signatures that trigger incident alerts to relevant parties and systems
- Integrate cyber- and data-related information, alerts and analysis from detection system logs to develop a holistic view of incidents
- Distil key insights and impact from analyses of incidents
- Manage the containment of cyber and data incidents within the organisation
- Lead recovery of contained security incidents
- Establish mitigation and prevention processes and policies
- Drive implementation of mitigation processes and policies
- Develop a data breach management plan that considers business processes and needs, and include defined roles and responsibilities, as well as contingency plans when different breach scenarios occur.
- Establish a process that can effectively respond to data breaches by referencing PDPC’s CARE framework.
- Report the personal data protection breach to senior Management / PDPC that describes the extent of the personal data protection breach (e.g. the number of individuals affected) and the type and volume (number of records) of personal data involved and communicate in the most effective way to individuals affected by the breach incident.
Pre-requisites
Knowledge, Skills & Experience
There are no pre-requisites for this course.
Assumed Knowledge and Experience:
- Understands relevant organisational strategies, objectives, culture, policies, processes and products / services
- Aware of compliance requirements of the organisation
- Assumed Skills:
- Have business writing skills to prepare management report
- Have analytical skills to assess policies and procedures
- Have information gathering skills to gather and collate necessary data
- Have interpersonal and communication skills to interact with relevant stakeholders; and
- Have facilitation skills to ask the right questions to elicit necessary information
Hardware & Software
This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from https://zoom.us/download
System Requirement |
Must Have: Please ensure that your computer or laptop meets the following requirements.
Good to Have:
Not Recommended: |
Course Outline
- Trends in Personal Data Breaches
- Trends in Singapore
- Global Trends
- Incident Alert Triggers
- Purpose of incident alert triggers
- Importance of incident alert triggers
- Best Practices
- Requirements Gathering for the Development of a Data Breach Management Response Plan
- Data Inventory Map
- Data Flow Diagram
- Risk Assessment
- Reporting to Senior Management
- Content of Risk Assessment Report
- Requirements Gathering Tool
- Components of a Data Breach Management and Response Plan
- Defining a data breah
- Reporting the breach internally
- Forming a data breach management response team
- Time to engage the data breach management response team
- Containment of breach
- Scoping incident
- Preservation of Evidence
- Initial Assessment
- Containment Strategy
- Assessing the Risk and Impact
- What and How to assess
- Ease of identifying individuals
- Investigating root cause of breach
- Reporting the data breach
- Incident Report and incident ecord log
- When to report to PDPC
- Reporting breach to affected individuals
- Evaluating Response and Consider Actions to Prevent Future Breaches
- Recommending enhancement or system changes
- Reducing human error risk factor
- Data minimization and minimization of data access
- Securing networks
- Require Vendors to uphold same standards
- Test Personal Data Breach Response Plan
- Methods of testing
- Incident handling scenarios
Certificate Obtained and Conferred by
- Certificate of Completion from NTUC LearningHub
Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a Certificate of Completion from NTUC LearningHub. - Statement of Attainment from SkillsFuture Singapore (SSG)
Upon meeting at least 75% attendance and passing the assessment(s), a Statement of Attainment (SOAs) will be issued by SkillsFuture Singapore (SSG) to certify that the participant has achieved the following Competency Standard(s):
ICT-OUS-4003-2.1 Cyber and Data Breach Incident Management
Additional Details
Medium of Instruction: English
Trainer: Trainee Ratio is 1:20
Mode of Delivery: Virtual Live Class (VLC) via Zoom
As this is a government subsidised programme, the entire training programme will be video recorded for audit purposes by the relevant funding agency. To ascertain their presence, Trainees / Participants are required to
- Turn on web camera to show real-time video, as opposed to using a profile picture / video for the entirety of the training and assessment session.
- Ensure that their faces are fully visible (not just the forehead / eyebrows)
- Use their full name as per NRIC / Passport as their Screen Name on Zoom
Courseware: Design Personal Data Breach Response Plan LG (Learner’s Guide) on Canvas
Labs: NA.
Price
Course Fee and Government Subsidies |
||||||
|
Individual Sponsored |
Company Sponsored |
||||
|
Non-SME |
SME |
||||
Before GST |
With GST |
Before GST |
With GST |
Before GST |
With GST |
|
Full Course Fee
|
$1,440.00 |
$1,569.60 |
$1,440.00 |
$1,569.60 |
$1,440.00 |
$1,569.60 |
For Singapore Citizens aged 39 years and below
|
$720.00 |
$849.60 |
$720.00 |
$849.60 |
$432.00 |
$561.60 |
For Singapore Citizens aged 40 years and above |
$432.00 |
$561.60 |
$432.00 |
$561.60 |
$432.00 |
$561.60 |
*After 70% funding for SME-sponsored Singaporeans and PRs under Enhanced Training Support for SMEs (ETSS) scheme
Funding Eligibility Criteria:
Individual Sponsored Trainee |
Company Sponsored Trainee |
|
|
Remarks:
Individual Sponsored Trainee |
Company Sponsored Trainee |
SkillsFuture Credit:
UTAP:
PSEA:
|
Absentee Payroll (AP) Funding:
|
Terms & Conditions apply. NTUC LearningHub reserve the right to make changes or improvements to any of the products described in this document without prior notice.
Prices are subject to other LHUB miscelleanous fees.
Batch ID | Course Period | Course Title | Funding Available |
Duration (Hours) |
Session (Hours) |
Venue | Available Seats |
Online Payment |
---|