This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
Master the tools & techniques for effective information & network security.
Discover how to create a complete & sustainable IT security architecture.
Gain knowledge on how to develop sound security policy together with your security architecture.
Learn how to perform an IT governance assessment using CoBIT 4.0
Learn how to perform smart security risk assessment within your organization.
Gain valuable insights on implementing a proactive & robust security management system.
Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
2. COURSE
CONTENT
DAY1 INFORMATION SECURITY MANAGER
LEADERSHIP WORKSHOP
Information Security Leadership Workshop is a special one-day course
designed to teach information security professionals how to become an
effective information security manager. In addition, you will learn tips
and techniques that will increase your competence and confidence when
influencing information security in your organization.
WHY THIS EVENT
The role of the Information Security Manager The aim of this interactive workshop is to provide
- The challenge of managing an IT department you with the skills critical to developing your IT
- How to promote information security to the organization Security Architecture & Policies.
- Concepts of security management
- Promoting security awareness After attending this workshop, you will leave
fully armed with the knowledge needed to
Managing 101 design and maintain a strong & secure IT
- Difference between managers and leaders infrastructure.
- Skills needed for excellence in management The combination of interactive presentations,
- Developing your management style hands-on exercises and open discussion groups
- Using Emotional Intelligence along with real case studies, ensures you will
obtain maximum value from attending.
Effective Team Management
- Organizing and developing effective teamwork
- Developing and leveraging team synergy COVERAGE
- Enhancing team communications IT Security Concepts & Principles
- Motivating technical teams Roles & Responsibilities
Security Awareness
How IT security integrates with the Organization Layered Security approach
- The ideal IT security reporting structure Security Policy Implementation
- How to effectively work with others in the organization Risk & Vulnerability Assessment
- Selling the IT security solutions to Upper Management Threat Identification
- An action-plan checklist for Information Security Managers Penetration testing
IT Network & System Security
IT Security Architecture
Security Design & Maintenance
Security Control Frameworks
ISO 27001 Security Standard
Laws & regulations
DAY2 IT SECURITY - CONCEPTS & PRINCIPLES
We will cover the main concepts, principles, structures, and standards
used to design, monitor, and secure operating systems, equipment,
networks, applications and those controls used to enforce various levels
of confidentiality, availability, and integrity.
Laying the foundation
- The relationship between people, process and technology
- The information security triad: confidentiality, integrity and availability
- Concepts of security management
- Creating policies, standards, guidelines and procedures
- Promoting security awareness
Protecting our assets
- Where attacks come from
- Protecting from internal attacks
- Protecting from external attacks
- Threats and vulnerabilities overview WHO SHOULD ATTEND
Security Architecture Basics Vice Presidents, Directors, General Managers
- Security as an design goal Chief Information Officers
- Security models Chief Security Officers
- Authentication methods Chief Information Security Officers
- Authorization Chief Technology Officers
- Models for access control Heads of Departments in Information Security
Management Information Systems, IT
The Objectives of Security Infrastructure, IT Architecture, Network
- The active defense approach to security Operations, IT Operations, IT Data Center,
- Using the Defense in Depth concept DataBase Management, IT Deployment
- Layered approach including perimeter security, network security, host
based security, and human awareness IT Business Enterprise, IT Risk Management,
IT Quality Assurance, IT Audit, Risk Management,
Internal Audit, Business Continuity Planning
2
3. COURSE
CONTENT
DAY3 ESTABLISHING YOUR SECURITY POLICY
We will discusses the value of the information and what we need to do to
protect it. Effective security architecture begins with the establishment of
a security policy. Organizations should also perform a risk assessment in
order to better understand the important areas in their security
architecture.
Developing a Security Policy Latest TESTIMONIALS
- The overall “plan of attack/defense” 1 “Session well org nized The trainer is very
“Session well organized.. The trainer is ver
S i ll orga ized trainer
- Declaration of intent
conversant with the subject matter. Well delivered
- Characteristics of a good policy
and would definitely recommend to anyone else.”
- Policy examples
- Habil Mutende, Manager Information Security & Change
Management, Central Bank of Kenya
Objectives of Risk Management
- Benefits of performing a risk assessment 2 “Excellent presentation, excellent attitude to
- Prioritizing vulnerabilities and threats answer our questions & to share his experience.”
- Identifying the risk impact and determine acceptable risks - Senior Manager, IT Department, Deloitte
- Creating a risk matrix
3 “The programme is good for IT professionals...
The value of information [who] would like to setup ISO function or improve
- Why you need to classify levels of information ISO.” - G. Ramgopal, Head IT Security, Bank Muscat Oman
- Managing data at rest and in transit
- Understanding data access controls 4 “I have used Mark in key roles with high visibility
- The value of knowing where your data resides clients. Without hesitation I would highly
recommend Mark for any and all IT audit
Basic security threats and principles engagements. His professionalism, deep
- Vulnerabilities, threats and countermeasures knowledge, and results oriented work style are
- Hacker probing and attack deeply valued by not only myself, but more
- LAN, WAN, and wireless network technologies and protocols importantly by the all those who are lucky enough
to use his services.” - Russ Aebig, Director at Artesient
5 “We have used Mark Edmead on several projects in
the past few years including SOX readiness for
publicly traded companies and IT vulnerability
DAY4 THREAT, RISK & VULNERABILITY assessments for major financial institutions. He
always delivers professional and detail-oriented
ASSESSMENT workpapers on-time and within budget. Mark is
We will discuss the vulnerabilities, threats, and risks to the system and highly recommended and we will continue to use
network environment. We will discuss practical application of risk him on other projects.” - Brenda Piazza, Director at CBIZ MHM
assessment to an organization, how to conduct an assessment, and how
to use this information to improve the security posture.
Vulnerability and Penetration testing
- Why performing vulnerability and penetration testing is important
- Tools and techniques used in penetration testing
- Review of sample penetration testing report
- How to correct problems identified in the vulnerability and penetration
testing report
Protecting the network
- Firewalls and other perimeter security devices
- Intrusion detection systems
- Using a scanner to discover vulnerabilities
- Understanding network management tools
Business continuity and disaster recovery
- What are BCP and DR plans
- How to begin the business continuity planning process
- Performing a business impact assessment (BIA) COURSE SCHEDULE
- Understanding the various disaster recovery options 8.00 Registration & Coffee/Tea
8.30 Workshop commences
Cloud security
10.10 - 10.30 Morning coffee/tea
- Protecting your data in cloud
- Pros and cons of cloud computing 12.00 - 13.00 Lunch
- Understanding how cloud security 14.40 - 15.00 Afternoon coffee/tea
- The difference between cloud and virtualization 16.00 End of day
3