Course Code: cyberlaw
Duration: 21 hours
Overview:

Program Name

Cyber Law & the Legal Landscape

Target Audience

Legal Affairs Staff Members / other Members of the Legal Affairs Community

Total number of delegates

25

No. of training sessions

1

Duration of Training Session

3 days

Number of hours per day

5 hours (4 hours of lectures and 1 hour for practical exercises, Q & A, discussion of Use Cases)

Training Location

In House / Remote (Virtual Videoconferencing)

Training Language

English and/or Arabic (1 or 2 trainers per session)

Training dates

August – September 2020
Course Outline:

Cyber Resilience

Understanding the concept of Cyber Resilience

Cyber Governance Strategy & Framework

Risk Management & Ancillary Components:

  • Governance
  • Identification
  • Protection
  • Detection
  • Recovery
  • Testing & Auditing
  • Situational Awareness
  • Learning & Evolving

Data Privacy & Data Protection

Understanding the concepts of data, information, categories of data, privacy, personal data protection

Data Governance and Compliance

Introduction to and Understanding the concept of Governance and Compliance, as well as the essential elements thereunder

Information Technology

Introduction to and Understanding the concept of Information Technology

Information Security / Cybersecurity

Introduction to and Understanding the concept of Information Security / Cybersecurity

Situational Awareness and Threat Intelligence

Introduction to and Understanding the concept of Situational Awareness and Threat Intelligence

Responsible persons within Organisations

Understanding the Roles and Responsibilities of an Organisation’s members, concerning cyber activities:

  • Board of Directors
  • Executive Members
  • CISO – Chief Information Security Officer
  • CTO – Chief Technology Officer
  • CRO – Chief Risk Officer
  • CDA – Chief Data Officer
  • DPA – Data Protection Officer (or equivalent)
  • Other responsible persons

The Cyber Legal and Data Protection Landscape of the KSA
  • National Transformation Plan
  • Vision 2030
  • HH King Salman bin Abdul Aziz Al Saud royal decree dated 23 July 2018/10 Dhul Qada 1439
  •  KSA’s Anti-Cyber Crime Law
  • National Cyber Security Strategy of Saudi Arabia
  • Saudi National Cybersecurity Authority and legislation
  • Anti cyberbullying initiative
  • The Presence of Women in Cybersecurity Industry Initiative
  • Global Cybersecurity Forum
  • Electronic and Audiovisual Publishing Disputes Committee
  • Shari'a principles which afford protection of privacy and personal data of individuals
  • Industry / Sector Specific regulations (i.e. SAMA Cyber Security Framework)
  • NCA: Cloudcomputing Cybersecurity Controls
  • NCA: Essential Cybersecurity Controls
  • Communications and Information Technology Commission (CITCO)
  • Controls of the Use of Computers and Information Networks in Government Entities (Government Mandate number (81) - 191430/3/H)
  • the Information Security Policies and Procedures Development Framework for Government Agencies
  • the Royal Order number 57231 dated 10/11/1439 H (Royal Order)
  • Cybersecurity Guidelines for E-Commerce Service Providers
  • Regulations to use Information and Communication Technologies in Government Agencies

Forms of Cyber-attacks and cyber crimes
  • Categories of Cybercrimes: Property, Individual, Government
  • Malware explained
  • Espionage
  • Eavesdropping attack
  • Terrorism
  • Pornography
  • Cyber Stalking
  • Online Scams/Spamming
  • Ransomware
  • Password attack
  • Phishing and spear phishing attacks
  • Botnets
  • Denial of service Attack / Direct Denial of service Attack
  • Virus Dissemination
  • Hacking
  • Defamation on Social Media
  • Prohibited/Illegal Content
  • Unauthorized picture taking or recording by a camera-equipped mobile device
  • Drug-related crimes

(Narcotics or hallucinatory materials)

  • Identity theft & Fraud
  • Social Engineering
  • Privacy attack / invasion
  • Potentially Unwanted Programs (PUPs)
  • Exploit Kits

Statistics and the cost of Cybercrime in KSA, the Gulf region and Globally

Understanding the stakes of monetary and other costs

The Cyber Legal and Data Protection Landscape of the GCC
  • UAE
  • Bahrain
  • Kuwait
  • Oman

The Cyber Legal and Data Protection Landscape globally
  • Oversight of global Cyber Laws
  • Introduction to GDPR and related Data Protection Laws
  • KSA Government, law enforcement, reporting / supervisory and legal authorities;
  • cyber initiatives
  • Educational Institutes
  • Police
  • Saudi Bureau of Investigation and Public Prosecution (BIPP)
  • Saudi National Cybersecurity Authority
  • Data Security Supervisory Council
  • Electronic and Audiovisual Publishing Disputes Committee
  • Judicial Courts – Civil & Criminal
  • Ministry of Internal Affairs
  • National Centre for Electronic Security
  • Communications and Information Technology Commission (CITCO)
  • The Saudi Federation for Cyber Security and Programming (SAFCSP)
  • National Data Security Centre (Computer Emergency Response Team)
  • Ramadan ‘Cyber Nights’ initiative
  • Saudi Cyber Security, Artificial Intelligence and Programming Academy
  • Payment Card Industry Security Standard Council

Global Government, law enforcement, reporting / supervisory and informational authorities
  • In example: Interpol; FBI
  • ISACS
  • CERTS
  • CSIRT

Use cases of Cyber Criminal Activities within the KSA

In depth case study(ies) with demonstrations of tools and methods of extrapolation of evidential information and data

Use cases of Cyber Criminal Activities within the GCC

In depth case study(ies) with demonstrations of tools and methods of extrapolation of evidential information and data

Cyber safety and security checklist and guidelines
  • Organisations
  • individuals