Trusted Fintech Program
CyberSecurity Trust Label for Fintech startups and scale-ups
After completing this program, key persons of your company will have been immersed in the world of CyberSecurity (just enough, not too much), and equipped with insights and best practices needed to avoid a breach of customer data, intellectual property or trade secrets, and bottom line to protect reputation and brand of your company and the companies you partner with or work for.
The Program will offer you very tangible and immediately applicable tips, tools and techniques in order to improve your cybersecurity skills, processes and technologies. After successful completion of this Program your company will receive the “Trusted Fintech” label that you can use to show your commitment to better CyberSecurity.
Unique about this program is that it goes far beyond traditional classroom-based training by leveraging the B-Hive CyberSecurity community and incorporating our members’ insights and services into the program as well.
By joining this Program, we will have your website/application tested by ethical hackers, research the external attack surface of your business before somebody else does, have feedback on your incident response processes, get insights from a cybersecurity assessor at a large organization tasked with third-party vendor security, you will experience the stress of a cyber incident during a simulated data breach role-play game, etc.
On top, we believe that CyberSecurity isn’t a competitive advantage. If one Fintech get hacked and data is breached, overall trust in the Fintech ecosystem decreases. Combating cybercrime and safeguarding customer information is a shared responsibility, so during the program we will facilitate you to network with the CyberSecurity community and security experts of other Fintechs, so that you can establish long-lasting relationships that will hopefully enable CyberSecurity collaboration and information exchange between your companies.
For technical founders, CTO’s, chiefs of software development, software architects, senior developers, security officers, data protection officers, … of digital companies active in the Financial Services industry: FINTECH (also Insurtech). We welcome all companies ranging from early stage startup to mature scaleup.
The program includes for TWO people of your company to attend the sessions. We believe it is best that the same people consistently attend the whole program, in case you want to send different people for different modules please contact us. The preferred option is to enroll extra people (€ 350,- per extra person added).
Why This Program?
The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition. Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.
As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and by using lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they often try to transfer their risks to their suppliers. In reality, however, most of the often-smaller suppliers don’t have sufficient financial backing to survive in case their end customers’ data would be breached.
You’re not done with CyberSecurity just by assigning the role of “Security Officer” to someone in your team and buying a few tools. Approaches to innovation such as “design thinking” and “minimum viable product” are great, but should never be a reason to “add security much later”. Security should be embedded in the DNA of every software company from day one. The cost of implementing an adequate security program increases exponentially the longer you wait down the product development roadmap.
be assessed on the current state and understanding of CyberSecurity
learn the basics (and shortcuts) needed to run an effective Information Security Management Program
learn about third-party security assessments, how to fill in the lengthy questionnaires, and bottom line accelerate the procurement process by being able to anticipate to imposed requirements
receive the valuable “B-Hive Trusted Fintech” label
WHAT OUR PARTNERS ARE SAYING
Practical Info: Price, Dates and What is included?
The cost for a company to join the program is as follows:
FULL PRICE: € 7.850,-
B-HIVE MEMBER: € 6.950,- (membership paid)
MEMBER OF A PARTNER ORGANIZATION: € 7.450,- (promo code required)
All prices VAT not included
Contact us for special requirements regarding invoice, e.g. split the amount 2018/2019.
Two people of your company to join the training sessions
Theoretical training managed by Prof. Georges Ataya and affiliated top CyberSecurity trainers. Prof. Georges Ataya is Founder and Academc Director of IT Management Education in charge of the executive Master in IT Management, Information security Management, Data Privacy (www.solvay.edu/it) and (solvay.edu/gdpr). Vice President of the Belgian Cybersecurity Coalition. Acted as International Vice President for ISACA and the IT Governance Institute and as President ISACA Belux (www.isaca.be), Founder ISSA BE (www.issa-be.org). Board member at AGORIA DIGITAL Industries, ISACA BE, BECI, and CIONET.
Hand-outs for every session
Access to the Trusted Fintech networking platform
The official ISACA CSX paperback handbook for every participant
A penetration test of your main website/application/app/API’s (by Intigriti)
Latest practical insights into securing API’s, applications, setting up security monitoring and alerting, how to set up the Elastic stack for forensics, and an example of a security incident (by Bitsensor)
A first discovery, analysis and examination on all your internet facing assets? (by Sweepatic)
Deep dive into what assessors at large organizations look for in a security program of their suppliers. (by Digitribe)
A joint Cyber Incident (data breach) Simulation Game, based on Kaspersky KIPS (by NVISO)
A Secure Coding tournament for your developers, and one month of access to a Learning Platform to learn Secure Coding skills (by Secure Code Warrior)
Additional insights and best practices related to Customer Identity (by Onegini)
Insights of the general framework of risk management in a bank (by Febelfin Academy)
The “Trusted Fintech” label, provided you pass the self-assessment at the end of the program, and you have attended at least 80% of the sessions
As a B-Hive Trusted Fintech alumnus you will get access to the Alumni network, where information on CyberSecurity best practices and threats will be shared, as well as additional benefit
In the local program you get access to the co-working space in the afternoon
The ISACA CSX certificate or exam voucher
Hotel and evening activities cost for International Residential program (approximately € 1.500,- per person)
If you like to stay for afternoon co-working in the local program, lunch is not included
OPTIONS and BENEFITS:
One extra person to join: + € 350,-
For people who want to obtain the CSX certificate: + extra half day of exam prep, exam voucher, certificate cost, ISACA membership. Cost: to be discussed during training, depending on number of people interested.
A discount for IT Security courses from Solvay Business School
Discounted offerings from our Content Providers, such as:
A Bug Bounty program
Assistance for attaining NIS Compliance, ISO 27K certification, …
Software to protect your web/API/… environment
Identity, self-enrollment, customer identity, authentication solution
A software code review
Data Privacy Officer (DPO) as a Service
Gamified approach to Secure Coding training and awareness
Regular monitoring of your digital footprint
The program will be offered in two variations: a LOCAL edition and an INTERNATIONAL edition.
The local program consists of 12 contact moments spread over 4 months.
Kick-off in Brussels: 29-11-2018 (full day)
Morning sessions on: 05-12-2018, 11-12-2018, 10-01-2019, 16-01-2019, 24-01-2019, 31-01-2019, 02-02-2019, 20-02-2019, 28-02-2019
Closing ceremony: 21-03-2019 (evening)
The training location is kindly provided and sponsored by: The Crescent, “Business center De Mot”, Motstraat, Mechelen. They provide co-working space, virtual offices and office space for startups and scale-ups.
All sessions, except for the full day kick-off, will be organized as follows:
08.00 - 08.30 : Welcome & croissants
08.30 - 12.30 : Sessions with one coffee break
12.30 - ……. : Free access to the Business Center: there is a restaurant, open office for co-working, Wi-Fi
If needed we can make reservations for additional meeting rooms for the afternoon, at extra cost, and depending availability. The CyberSecurity content providers can be available in the afternoon should you want to get 1-1 advice from them. For each session we have lined up one or more different content providers.
The international program is a residential accelerated program in a hotel: arrive on Sunday, and fly back home on Friday afternoon.
Kick-off via web meeting / conference call
Welcome & networking event on Sunday evening
Classes: Monday - Friday noon
Extra: presentation on benefits and subsidies of opening an office in Belgium, networking with local trade organizations and partners
Closing ceremony: combination of local and webex
Timing: April 2019 (To Be Confirmed soon)
Length: 1 x 1 full day 09.00 - 16.00
The full-day kick-off will take place at the heart of the Belgian Finance community: Febelfin Academy.
Importance of trust
Risk management in banks
Introductions and pitches
Length: 2 x ½ day 08.30 - 12.30
Two half-days will be spent on the CyberSecurity Fundamentals (CSX) curriculum by ISACA.
Attack types and vectors
Length: 4 x ½ day 08.30 - 12.30
Four half-days will be spent on Secure Technology as typically used in a Fintech (SaaS/Cloud)
Application security, secure coding
Web & API security
REGULATION AND CERTIFICATION
Length: 1 x ½ day 08.30 - 12.30
One half-day will be spent on regulation, compliance, certification for companies and practitioners
Compliance versus risk based approaches
Information security frameworks
INCIDENT AND DATA
Length: 1 x ½ day 08.30 - 12.30
One half-day will be spent on what to do in case of a cyber incident with or without data breach
Incident management handling
Frameworks & standards
Incident Response Plan
Data breach simulation role-play game (Kaspersky KIPS)
Length: 1 x ½ day 08.30 - 12.30
Deep dive into what assessors at large organizations look for in a security program of their suppliers.
Purpose of a Security & Data Privacy Third party assessment
How to use Certifications/standards/frameworks (ISO 27001, PCS-DSS, CoBIT, GDPR, SWIFT CSP,…)
Main controls to put in place
Understand and respond to a TPSA questionnaire
How to prepare evidence