CPE Credits: 7
Description:
Data is an essential asset of any organization and these assets require continual monitoring and protection. Information Security Governance (ISG) is a subset discipline of Corporate Governance, the focus of which is on information security systems and their performance and overall risk management.
Just having security policies and then simply concentrating on securing your network, is impractical and incomplete. To fully vest security within business processes, all organizations must have a robust information security strategy and mechanism that map to its business drivers, legal and regulatory requirements, as well as its threat profile.
Information security governance is therefore, all of the software, hardware, personnel, infrastructure, and business processes that ensure that security is functionally capable to assist an organization in meeting its strategic objectives. ISG, is simply how technology coupled with security are used and managed so that business needs and goals are supported.
This course provides an overview into the specific criteria, steps and actions necessary to implement and sustain a quality Information Security Governance program.
Audience:
This presentation is intended for:
· Internal and external auditors (IT, financial, operational)
· Company Board members
· Senior management
· Executive management
· Management consultants
· Big 4 Senior Managers/Partners
· General Counsels and attorneys
· C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
· Controllers
· Compliance Officers
· Directors of Human Recourses
· Anyone involved in organizational IT governance
· Educators from academia whose academic institutions are offering corporate governance courses
·
Individuals who may inherit large family businesses having no or little corporate governance experience
Prerequisites:
There are no specific prerequisites for this course.
Objectives:
After completing this seminar, the participant will be able to:
1. Gain further knowledge and understanding about the essential components of a viable information security governance program.
2. Identify the essential differences between corporate governance and IT governance, when and how to apply each.
3. Understand how to build a business case for a comprehensive Information Security Governance (ISG) program
4. Assess specific regulatory requirements and their potential business impact from an information security standpoint
5. Evaluate third party relationships and their impact on information
6. Define the roles, responsibilities and general organizational structure of a comprehensive Information Security Governance (ISG) program
Course Outline:
1. Components of an information security strategy
2. Concepts of corporation and information security governance
3. Budgetary planning strategies and reporting methods
4. Developing the business case for a comprehensive Information Security Governance (ISG) program
5. Regulatory requirements and their potential business impact from an information security standpoint (HIPAA, GLB, SoX, Basel II, etc.).
6. Liability management strategies and insurance options (e.g. crime or fidelity insurance, business interruptions)
7. Third party relationships and their impact on information (e.g., outsourcing, SLAs, etc.).
8. Establishing and operating an information security steering group
9. Roles, responsibilities and general organizational structure of a comprehensive Information Security Governance (ISG) program
10. Generally accepted international standards for information security management