This course is designed to introduce information security best practices to the non-information security professional, beginning information security professional or non-technical business professional.
It provides a broad overview of information security topics including compliance, governance, network design, application security, security processes and development of an information security program. Information security frameworks are introduced to provide the attendee with the basics of information security controls. Case studies and attack methods are presented to illustrate the importance of the various elements of information security programs.
Information security is a growing issue for the entire enterprise, not just for security and IT teams. Heightened attention to corporate governance, increasing reports of targeted attacks, more legislation and regulation, data leakage, BYOD, cloud, and other cyber security problems are in the media daily, and reports of companies battling the fall-out from breaches have enterprise executives focused on better protecting the business and its assets. Information security can be a minefield of potential disasters waiting to happen if not managed correctly and expertly, or if it’s misaligned with business goals.
During this three-day seminar, attendees will learn how to respond to the increased emphasis on information security by gaining an understanding of how to organize and oversee a risk-based enterprise information security program. We will drill down to the critical building blocks of information security, explore the respective roles and responsibilities of the key players, discover industry best practice, legislation, and professional standards. attendees will leave the course with ideas and strategies for improving the security posture of their organization.
This course is geared to individuals with a little or no general familiarity and working knowledge of information security issues. An understanding of technology and other forms of information risk management and security would be useful but are not essential. Members of IT Audit, Information Security, Quality Assurance, and/or Information Technology disciplines would find the course a useful refresher or conduit for furthering their interest in the subject.