CPE Credits: 7
Description:
Information is one of an organization’s most important assets. Protection of information assets is necessary to establish and maintain trust between the organization and its customers, maintain compliance with the law, and protect the reputation of the organization. Timely and reliable information is necessary to process transactions and support organization and customer decisions. An organization’s earnings and capital can be adversely affected if information becomes known to unauthorized parties, is altered, or is not available when it is needed.
Information security is the process, by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations.
Organizations often inaccurately perceive information security as the state or condition of controls at a point in time. Security is an ongoing process, whereby the condition of an organization’s controls is just one indicator of its overall security posture. Other indicators include the ability of the organization to continually assess its posture and react appropriately in the face of rapidly changing threats, technologies, and business conditions.
The purpose of an information security program is to:
1. Establish an organization-wide approach to ensure the accuracy, security and protection of information in the organization’s custody, regardless of format.
2. Prevent and protect against any anticipated threats and hazards to the security or integrity of organizational information.
3. Ensure organization-wide compliance to applicable laws, regulations, policies and practices.
4. Prevent and protect against the unauthorized access to or use of organization information, including confidential and personal information.
This seminar addresses the ways and means of developing an information security program that enables an organization to meet its business objectives by implementing business systems with due consideration of information technology (IT)-related risks to the organization, business and trading partners, technology service providers, and customers.
Audience:
This presentation is intended for:
· Internal and external auditors (IT, financial, operational)
· Company Board members
· Executive and Senior management
· Management consultants
· Big 4 Senior Managers/Partners
· General Counsels and attorneys
· C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
· Controllers and general accounting managers
· Security and Risk Compliance Officers
· Directors of Human Recourses
· Professionals responsible for assessing or implementing organization-wide information security programs
Prerequisites: There are no specific prerequisites for this course.
Objectives:
After completing this seminar, the participant will be able to:
1. Breakdown information security management strategies into manageable and maintainable plans for implementing information security policies and procedures.
2. Identify activates associated with a vibrant information security program.
3. Recognize needed information security controls
4. Design applicable information security controls, as warranted by the operational environment
5. Construct appropriate tests of selected information security controls
6. Evaluate logical and physical information security architectures
7. Produce information security policies, guidelines, procedures.
8. Assess the integration of information security requirements into organizational processes
9. Understand and recognize appropriate information security metrics
10. Assist in developing a business case for implementation of a viable information security program, across the enterpris
Course Outline:
1. Interpreting ISM strategies into manageable and maintainable plans for implementing information security policies and procedures
2. Information security program – general associated activities
3. Managing the implementation of the information security program
4. Planning, designing, developing, testing and implementing information security controls
5. Methods used to align information security program requirements with those of other assurance functions
6. Identifying internal and external resources and skills requirements supporting the ISM function
7. Logical and physical information security architectures
8. Security technologies (hardware, software) and controls (monitoring tools)
9. Information security awareness - training and education of enterprise personnel, vendors, etc.
10. Identification, development, implementation and maintenance of ISM policies, standards, procedures, guidelines
11. Integration of information security requirements into organizational processes (e.g. change control, mergers and acquisitions)
12. Enterprise contracts (e.g., SLAs, contractors, suppliers, VANs, trading partners, joint ventures, etc.) – managing risk and addressing ISM issues
13. Information security metrics – identification, design, development and implementation
14. Information security controls (e.g. vulnerability testing, assessment tools) - effectiveness and applicability
15. Information security awareness, training and education - effectiveness and relevancy to enterprise operations
16. Growing the information security program across the enterprise