Course Description
Information is the lifeblood of all organizations, without it would be severally impacted and ultimately cease to function. Information is knowledge and knowledge is power. With an ever-changing climate of technology and threats (both technical and human), the need for trained security personnel to protect our information becomes an increasingly critical evolutionary task.
What Do Participants Learn?
• Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc).
• Understanding of current legislation and regulations which impact upon information security management.
• Awareness of current national and international standards such as ISO 27002, frameworks and organizations which facilitate the management of information security.
• Understanding of the current business and common technical environments in which information security management has to operate.
• Knowledge of the categorization, operation, and effectiveness of controls of different types and characteristics.
Who Should Attend?
• Risk Management
• IT Security
• IT Security Auditing
• Technical IT Management
• Those with the involvement of systems integration and corporate IT development. Financial controllers with a technical interest may also benefit from the training course.
What Will the Learning Experience Include?
Phase: 1
Introduce
- Comprehensive pre-program activities include:
- Web-based information forms & surveys completed by attendee.
- Direct consultation with the attendee about the expectations.
- During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
- Participants learn from expert trainers who have both academic and business experiences.
- Highly applicable training content & instructive activities for adding depth to training topics.
- **A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Phase: 2
Explore & Practice
Phase: 3
Apply
- Apply & sustain the learning experience by using this ongoing support:
- To ensure participant has new skills or behavior progress.
- Optional, fee-based mentoring & coaching with the trainer.
- Training materials & additional documents (e-books, pdf files, presentations and articles)
- Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
- Participant's Evaluation
- Trainer's Evaluation
Phase: 4
EVALUATE
Section One: Information Security Management – An Overview
• IT Risk Management
• Categorising Physical and Electronic Risk
• IT and Networks
• Computer Systems Design
• Legal and Regulatory Considerations
• Information, Business, and Risk – Case Study
Section Two: Information Security Management
• Ensuring Information Security
• Confidentiality
• Integrity
• Availability
• Authenticity
• Non-Repudiation of Data
• Ethical hacking and Industrial Espionage
• Where to design and place effective computer and management controls
• Case Study
Section Three: Information Management – International Standards
• Code of Practice for Information Security Management – ISO 17799 / ISO27002
• Best Practice and Implementing Guidance and Controls For ISO 27002
• Information Security Management Overview
• Risk Assessment and Controls
• Security Policy Documentation
• Organising Information Security Management
• IT Asset Management
• Personnel and Human Resources
Section Four: Information Management ISO 27002
• Best Practice and Implementing Guidance and Controls For ISO 27002
• Physical and Environmental Security
• Operations Management and Communications
• Access Control
• Information Systems (Design, Development, Maintenance)
• Incident Management
• Business Continuity
• Regulatory Compliance
• Best Practice and Implementation Guidance for BS ISO/IEC 38500:2008 – IT Management
• Case Study
Section Five: Implementing Effective Information Security Management Frameworks
• Successful steps for IT Security Management
• Audit and Compliance for IT Resources
• Business Process Engineering
• Case Study