About
Information is the lifeblood to all organisations, without with it would be severally impacted and ultimately cease to function. Information is knowledge and knowledge is power. With an ever changing climate of technology and threats (both technical and human), the need for trained security personnel to protect our information becomes increasingly critical evolutionary task.
Information is at risk from many sources, legal, electronic, physical, internal and external to mention a few. It is paramount that security and related management personnel have an understanding of the risks, controls and countermeasures that are available to secure information and technology within an effective management framework. Furthermore utilising countermeasures, best practice and management techniques will mitigate electronic and physical risks and enhance protection to an organisation.
On successful completion of the seminar, delegates will be able to have:
- Knowledge of the concepts relating to information security management (confidentiality, integrity, availability, vulnerability, threats, risks, counter measures, etc).
- Understanding of current legislation and regulations which impact upon information security management.
- Awareness of current national and international standards such as ISO 27002, frameworks and organisations which facilitate the management of information security.
- Understanding of the current business and common technical environments in which information security management has to operate.
- Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics.
The seminar has been designed for individuals responsible for Risk Management, IT Security and IT Security Auditing, Technical IT Management and those with involvement of systems integration and corporate IT development. Financial controllers with a technical interest may also benefit from the seminar.
Participants will gain detailed knowledge by active participation in seminars, group discussions and real life case studies.
Delivery will be by presentation, group syndicate investigations, training DVD and interactive seminars.
The seminar will provide delegates with an understanding of IT Security Management and the commercial challenges which are faced on a daily basis, and how these are exploited. Furthermore, delegates will be able to appreciate placement of security controls within IT Systems and Networks and how these can be effectively implemented and audited, to ensure full system reliability, scalability and security. At the conclusion of the seminar delegates will be able to appraise risk, recommend security controls and develop an appropriate IT Security Management Approach applicable to their organisation culture and ethos.
Organisations will be better educated in relation to risks and will be able to adopt justified procedures for the security of their systems, within an appropriate Information Security Management Framework. This in turn will allow executives to place good reliance on controls which safeguard information and business processes. Being able to adapt current best practice in accordance with International Standards will ensure that companies benefit from leading solutions.
Day One
Information Security Management - An Overview
- IT Risk Management
- Categorising Physical and Electronic Risk
- IT and Networks
- Computer Systems Design
- Legal and Regulatory Considerations
- Information, Business and Risk – Case Study
Day Two
Information Security Management
- Ensuring Information Security
- Confidentiality
- Integrity
- Availability
- Authenticity
- Non Repudiation of Data
- Ethical hacking and Industrial Espionage
- Where to design and place effective computer and management controls
- Case Study
Day Three
Information Management – International Standards
- Code or Practice for Information Security Management – ISO 17799 / ISO27002
- Best Practice and Implementing Guidance and Controls For ISO27002
- Information Security Management Overview
- Risk Assessment and Controls
- Security Policy Documentation
- Organising Information Security Management
- IT Asset Management
- Personnel and Human Resources
Day Four
Information Management ISO27002
- Best Practice and Implementing Guidance and Controls For ISO27002
- Physical and Environmental Security
- Operations Management and Communications
- Access Control
- Information Systems (Design, Development, Maintenance)
- Incident Management
- Business Continuity
- Regulatory Compliance
- Best Practice and Implementation Guidance for BS ISO/IEC 38500:2008 – IT Management
- Case Study
Day Five
Implementing Effective Information Security Management Frameworks
- Successful steps for IT Security Management
- Audit and Compliance for IT Resources
- Business Process Engineering
- Case Study
Training Methodology
Pathways Training and consulting adopts the newest techniques of human resources Training and consulting and, with the following:
- Theoretical lectures are delivered via PowerPoint and visual displays (videos and short films)
- Making scientific evaluation to the trainee (before and after)
- Brainstorming and role-playing
- Using case studies related to the scientific material being delivered and the trainees' work.
- The participants get the scientific and practical material printed and on CDs and Flash memories.
- Preparing records and reports of the participants' attendance and results, with a general evaluation of the training program.
- A group of the best trainers and experts in all fields and specialties professionally prepares the scientific material.
- After finishing the course, the participants get certificates of attendance signed, certified, and issued by pathways Training and consulting.
- Our training programs start at 9:00 o'clock in the morning and end at 2:00 in the afternoon, with snack buffet during the lectures.
- Providing a lunch buffet during the training program period, with organizing a lunch party on the training program final day for taking some photos and certificate awarding.
