Course details

Overview ?

The Course

Data security for today's organisations is an ever increasing difficult task, especially with the increasing sophistication and volume of attacks aimed at stealing information. Protecting data becomes an perpetual challenge, with the view of an increased usage of mobile devices, such as laptops and smart phones. Furthermore, disaffected internal employees often have access to sensitive information. As companies expand and acquire more data, the need for a well managed solution that integrates multiple data-protection technologies to provide comprehensive enterprise coverage, along with persistent data protection, becomes a necessity across the enterprise. This can only be achieved with a credible appreciation of risk.

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. An appropriate risk management framework can bring visibility to key business and compliance risks and enable an organisation to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved in focusing on relevant areas of IT risk of data security within the enterprise environment.

Using international standards, an effective risk management control framework and current best practice, the aim of this seminar will advise senior executives and management on how to implement secure safeguards within a virtually borderless environment.

The Goals

During the five day seminar delegates will:

How to take control of Risk Management Programme and learn appropriate methods.
How to identify and address risk and compliance issues as presented within a global economy.
How to design and leverage Risk Management Programme to reduce cost and risk through effective prioritisation and processes.
Appreciate legal, technical and management risk within the Enterprise Environment and how to quantify these effectively.
Appreciate the external risk of cyber crime.
How to measure the financial value of Data Security and Risk Management and communicate these to line executives effectively.
How governance and risk management trends are affecting corporate enterprises.
International Standards for Data Security and Risk Management and best practice for managing compliance for security, crisis management, disaster recovery and high resilience and availability.

The Delegates

This seminar has been designed for individuals involved in, Risk Assessment, Information Security and Management of IT Systems and Enterprise Data Security. It is particular benefit to Application Service Providers, Network Architecture Personnel, individuals in regards to IT Risk, Policy and Compliance in addition to Security Service Vendors and specialist investigators and those with a responsibility for managing and securing information assets.

It is expected that delegates have a reasonable technical understanding of technology, electronic risk and security considerations, both technical and management.

The Process

Participants will gain detailed knowledge by active participation in seminars, group discussions and real life case studies. Delivery will be by presentation, group syndicate investigations, training DVD and interactive seminars.

The Benefits

By the end of this seminar participants will:

The seminar will provide delegates with an understanding of the range of cyber attacks and other relevant risk that are exploited today, and their likely evolution within an enterprise environment.
Using real life case studies, international standards and best practice, delegates will become aware of how to identify, quantify, and mitigate technical and IT risks effectively, using a range of methods of digital and management prevention strategies and techniques.
The seminar will also provide delegates with an overview of key regulations, statutory provisions and the commercial challenges which this brings.

The Results

Organisations will be better educated in relation to formulation of risk management frameworks, technology, legal and enterprise data security risks and associated obligations in regards to identification of a cyber attack, security breaches and appropriate defences that can be considered as a preventative solution.
Appreciation and implementation of Information Security Management Framework, can seek to ensure adequate safeguards are implemented to mitigate identified risks and that resources are apportioned effectively.
Place good reliance on controls which safeguard and utilise data for relevant business processes, and offer a secure framework for expanding and controlling the enterprise data security effectively.
Being able to adapt current best practice will ensure that corporations can understand and mitigate legal risks and challenges which are encountered, both nationally and internationally whilst benefitting from leading and effective solutions.

The Course Content

Day One

Development of Enterprise Architecture

Introduction, Development and Role in Modern Enterprise
Strategic, Tactical and Operational Considerations
Key Considerations in Development of Enterprise Architecture
Enterprise Architecture Project Management Considerations

Objectives of Security and IT Security Management

Day Two

Risk Assessment and IT Risk Management

Categorising and Managing Risk
Risk Analysis and Threat Identification Methodologies
Vulnerability Analysis
Understanding the need for effective Risk Management
Legal and Regulatory Considerations
Key Strategic and Security Considerations

The Need and Benefits for Information Security

Electronic and physical risk
Utilising Information Security to protect business assets
Information and Data Risk Management
Data and asset classification

Day Three

Data Security

Ensuring Information Security in an Enterprise Wide Environment
Vulnerability Assessments
Management and Technical Control Measures with Systems and Network Design

Legal and Regulatory Considerations

Data Protection
Intellectual Property
Contracts and Commercial Liability

Data Sharing and Best Practice

Defining data classification and business ownership
Establishing Memorandum of Understanding/Transfer Agreements
Best Practice Guidance for data sharing
Avoiding common errors and liability

Overview of International Standards and Best Practice

Day Four

Introduction to computer system design and enterprise design security

Types of electronic and management controls for electronic information
- Network, Operating System and Application controls and password schemes
- Ensuring Confidentiality, Integrity, Availability, Authenticity and Accountability
Overview of ISO27002 Code of Practice for Information Security Management and Relevant Controls