Judge the Defence

Weigh a password, map a control to three standards at once, read a policy for the gap everyone missed, and run an incident from detection to lessons learned.

Day 2 · 2026 08:30 – 15:30 Institute of Banking Studies, Kuwait

Workshop brief

Where Day 1 was about recognising the threat, Day 2 is about judging the defence. You'll test what actually holds — how quickly a weak password falls, why one control can satisfy ISO 27001, NIST and PCI DSS together, where a tidy-looking policy leaves a door open — and finish by running a live incident end to end in a scored tabletop.

Run of show

A guide, not a script — timings flex to the room.

1
Session 1 — Open, crack-time meter & password strength08:30
Watch a weak password fall in seconds and a passphrase outlast the universe, then crack a real hash and see why length wins.
Break10:00
2
Session 2 — Standards · Security policy & its gaps10:15
ISO 27001, NIST and PCI DSS mapped to one control set, then reading a policy the way an auditor does — straight to the gap.
Lunch & prayer11:45
3
Session 3 — Incident response, phase by phase12:15
Detect, contain, eradicate, recover, learn — what each phase actually demands, building toward the capstone.
Break13:45
4
Session 4 — The scored tabletop & wrap-up14:00
A live, scored incident run table-by-table, a debrief on what each team would do differently, and the two-day close.

What you'll leave able to do

Judge whether a password or control actually holds.
Map one control to ISO 27001, NIST and PCI DSS at once.
Read a policy for the gap everyone missed.
Run an incident from detection through to lessons learned.

What we'll cover

Password strength Hashing ISO / NIST / PCI Security policy Incident response Capstone tabletop

Day 2 slides

The full interactive deck — analogies, live demos, and the scored exercises, exactly as run in the room.

Open the slides →

Resources & links

Day 2 slide deckSlides Day 1 slide deckSlides Day 1 · Recognise the threatDay plan All workshopsOverview