IT Management Consulting, Training Services, Audit & Security Reviews Since 1984
Home  >  Services  >  Training Courses  >  Business Automation Consultants, LLC. Course Offerings

: Managing an Information Security Program

CPE Credits: 7

Description:

Management controls involve those safeguards and countermeasures that manage the security of data and the information systems which process those data, along with the associated risk to organization assets and operations.
The overall objective of an information security management program is to ensure that risks to an organization’s data assets are correctly identified and effectively and efficiently managed. This emphasizes that information security is a management issue and as such, includes the proper assessment, evaluation and oversight of people, policies and processes. It is not merely a technical or operational issue.
Identification and assessment of the main risks to an organization’s data assets, enables suitable management objectives, essential policies and individual roles and responsibilities to be established. This process provides the foundation for a viable information security governance framework, and the proper management of an information security program.
This seminar examines the frameworks and processes required to effectively manage an organization’s information security program.

Audience:

This presentation is intended for:
·        Internal and external auditors (IT, financial, operational)
·        Information Security Managers
·        Company Board members
·        Executive and Senior management
·        Management consultants
·        Big 4 Senior Managers/Partners
·        C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
·        Security and Risk Compliance Officers
·        Directors of Human Recourses
·        Non-IT professionals responsible for the management of organizational information security programs

Prerequisites: There are no specific prerequisites for this course.

Objectives:

After completing this seminar, the participant will be able to:
 
1.      Interpret, design, and advocate information security policies.
2.      Recognize and construct process and procedures for effective organization-wide information security management.
3.      Evaluate effectiveness of third-party relationships in their contribution to achieving both IT and organization strategic objectives.
4.      Assess SLAs, TPAs, vendor relationship management with respect to achieving information security goals and objectives.
5.      Define and monitor security requirements in service level agreements.
6.      Evaluate the effectiveness of the information security program investment, through the use of applicable metrics.
7.      Develop testing and validation methods to assess the effectiveness of information security controls.
8.      Measure the effectiveness of change and configuration management activities as a critical process within the organization’s information security management function.
9.      Evaluate the feasibility, cost benefits and risk, associated with the use of external assurance providers to conduct information security reviews.
10. Perform assessment reviews for compliance to accepted standards for managing and controlling access to information.

Course Outline:

1.            Interpreting and Implementing information security policies
2.            Administrative processes and procedures for effective ISM (e.g., access controls, identity management, remote access)
3.            SLAs, contractors, suppliers, VANs, trading partners, joint ventures, security services providers, etc., enterprise contracts - managing information security issues
4.            Right to audit, confidentiality, nondisclosure, non-compete – managing information security related contract provisions
5.            Defining and monitoring security requirements in service level agreements (SLA)
6.            Continuous monitoring enterprise-wide infrastructure and business applications security activities
7.            Validating the information security program investment – applicable metrics (e.g., data collection, periodic review, key performance indicators)
8.            Testing the and validating the effectiveness and applicability of information security controls (e.g. penetration testing, password cracking, social engineering, assessment tools)
9.            ISM - change and configuration management activities
10.        Pros vs. Cons of employing internal/external assurance providers to conduct information security reviews
11.        Due diligence activities, reviews and related standards for managing and controlling access to information
12.        Third-party sources - identifying potential impacts on information security in applications and infrastructure (e.g., pen-testing)
13.        Security base lining - changes effecting information security program elements
14.        Problem management – resolving information security issues

For more information contact Dr. Marcella personally

More Items in Business Automation Consultants, LLC. Course Offerings

Developing an Information Security Program
More Details
Incident Management- Response, React, Recover
More Details
Information Security Management – Domain Expertise – Cyber Forensics
More Details
Forensic Auditing: Implementing Auditing, IT and Accounting Skills to Identify and Mitigate Organizational Fraud
Add Forensic Auditing: Implementing Auditing, IT and Accounting Skills to Identify and Mitigate Organizational Fraud to Cart

Business Automation Consultants, LLC
c/o
ALBERT J. MARCELLA, JR., Ph.D., CISA,CISM
Principal

P.O. Box 461
Ballwin, MO 63022
(636) 529-0129
amarcella@mindspring.com
View Al Marcella, Ph.D., CISA, CFSA, CDP's profile on LinkedIn

 

Other Services: