* All fees are exclusive of vat ** PREMIUM - Customize your learning experience
Information is the lifeblood of all organizations, without it would be severally impacted and ultimately cease to function. Information is knowledge and knowledge is power. With an ever-changing climate of technology and threats (both technical and human), the need for trained security personnel to protect our information becomes an increasingly critical evolutionary task.
What Do Participants Learn?
• Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc). • Understanding of current legislation and regulations which impact upon information security management. • Awareness of current national and international standards such as ISO 27002, frameworks and organizations which facilitate the management of information security. • Understanding of the current business and common technical environments in which information security management has to operate. • Knowledge of the categorization, operation, and effectiveness of controls of different types and characteristics.
Who Should Attend?
• Risk Management • IT Security • IT Security Auditing • Technical IT Management • Those with the involvement of systems integration and corporate IT development. Financial controllers with a technical interest may also benefit from the training course.
What Will the Learning Experience Include?
Comprehensive pre-program activities include:
Web-based information forms & surveys completed by attendee.
Direct consultation with the attendee about the expectations.
During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
Participants learn from expert trainers who have both academic and business experiences.
Highly applicable training content & instructive activities for adding depth to training topics.
**A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Explore & Practice
Apply & sustain the learning experience by using this ongoing support:
To ensure participant has new skills or behavior progress.
Optional, fee-based mentoring & coaching with the trainer.
Training materials & additional documents (e-books, pdf files, presentations and articles)
Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
Section One: Information Security Management – An Overview
• IT Risk Management • Categorising Physical and Electronic Risk • IT and Networks • Computer Systems Design • Legal and Regulatory Considerations • Information, Business, and Risk – Case Study
Section Two: Information Security Management
• Ensuring Information Security • Confidentiality • Integrity • Availability • Authenticity • Non-Repudiation of Data • Ethical hacking and Industrial Espionage • Where to design and place effective computer and management controls • Case Study
Section Three: Information Management – International Standards
• Code of Practice for Information Security Management – ISO 17799 / ISO27002 • Best Practice and Implementing Guidance and Controls For ISO 27002 • Information Security Management Overview • Risk Assessment and Controls • Security Policy Documentation • Organising Information Security Management • IT Asset Management • Personnel and Human Resources
Section Four: Information Management ISO 27002
• Best Practice and Implementing Guidance and Controls For ISO 27002 • Physical and Environmental Security • Operations Management and Communications • Access Control • Information Systems (Design, Development, Maintenance) • Incident Management • Business Continuity • Regulatory Compliance • Best Practice and Implementation Guidance for BS ISO/IEC 38500:2008 – IT Management • Case Study
Section Five: Implementing Effective Information Security Management Frameworks
• Successful steps for IT Security Management • Audit and Compliance for IT Resources • Business Process Engineering • Case Study