This course is designed to introduce information security best practices to the non-information security professional, beginning information security professional or non-technical business professional. It provides a broad overview of information security topics including compliance, governance, network design, application security, security processes and development of an information security program. Information security frameworks are introduced to provide the attendee with the basics of information security controls. Case studies and attack methods are presented to illustrate the importance of the various elements of information security programs.
Information security is a growing issue for the entire enterprise, not just for security and IT teams. Heightened attention to corporate governance, increasing reports of targeted attacks, more legislation and regulation, data leakage, BYOD, cloud, and other cyber security problems are in the media daily, and reports of companies battling the fall-out from breaches have enterprise executives focused on better protecting the business and its assets. Information security can be a minefield of potential disasters waiting to happen if not managed correctly and expertly, or if it’s misaligned with business goals.
During this three-day seminar, attendees will learn how to respond to the increased emphasis on information security by gaining an understanding of how to organize and oversee a risk-based enterprise information security program. We will drill down to the critical building blocks of information security, explore the respective roles and responsibilities of the key players, discover industry best practice, legislation, and professional standards. attendees will leave the course with ideas and strategies for improving the security posture of their organization.
geared to individuals with a little or no general familiarity and working knowledge of information security issues. An understanding of technology and other forms of information risk management and security would be useful but are not essential. Members of IT Audit, Information Security, Quality Assurance, and/or Information Technology disciplines would find the course a useful refresher or conduit for furthering their interest in the subject.
This course is available on-site at your location, or offered through open enrollment 10/19/20 -10/21/20.
Learning Objectives
- Defining the Information Security Environment, the attributes of an information security program, threats to information security and areas of vulnerability, important regulatory requirements for data protection and privacy, essential international requirements, current trends and concerns in information security, areas of concern for auditors
- Security Management: Strategic Components, organizational aspects: roles and responsibilities, the security management cycle, security risk assessment and management - The auditor's role, essential security policies, standards, and procedures, information classification and valuation - what to look for when auditing, evaluating awareness programs
- Criteria for Secure Business Applications, information security's role in system development life cycle (SDLC), Audit issues for identity and access control management, Cryptography: key management, applications
- Business Continuity Planning (BCP), roles and responsibilities, defining the BCP management process, the business impact analysis (BIA), redundancy, backup and fault tolerance, plan management and testing