IT Security Officer

Today the role of the Information Security Officer is more important and challenging than ever.
Define, implement and maintain an appropriate level of information security – fitting with the company’s culture, objectives & strategy and taking into account the growing number of regulatory requirements, emerging new standards, risks and technological evolutions – all this in an effective and efficient way … simply stated.

Security Standards & Frameworks

  • Terminology
  • Why we need standards for?
  • The ISO 17799 standard
  • The ISF standard
  • The COBIT framework
  • The ISO 27000 standards series
  • What standards do you use or plan to use?

Risk – and Compliance Management

  • Terminology
  • Why risk management?
  • Challenges for risk – and compliance management
  • Recommended approach
  • What is your risk approach and/or experienced problems?
  • Risk assessment demonstration
  • An example of an asset-based and ROSI based risk assessment
  • Demonstration

Security Organization & Responsibilities

  • Why do we need company-wide security roles?
  • The information security steering committee
  • The information security officer
  • Local information security coordination
  • Ownership
  • What is your security organization?

Security Policies, Standards & Procedures

  • What are security policies?
  • What are security standards?
  • What are security procedures?
  • What is their importance and contribution?
  • The ISMS policy
  • Practical approach and structure
  • What is your policy approach & structure?
  • Information Security Program Management
  • ISMS introduction – process approach
  • Establish the ISMS
  • Implement and operate the ISMS
  • Monitor and review the ISMS
  • Maintain and improve the ISMS
  • Additional requirements
  • What is your security program management approach?
  • Security Classification
  • Data classification: role and added value
  • Basic model and required processes
  • An appropriate classification approach
  • Budget & planning aspects
  • Data classification & handling guideline example
  • What is your data classification approach?

Security Metrics

  • Role of security metrics
  • What processes are involved ?
  • Some useful security metrics
  • What security metrics do you use or intend to use ?

Security Awareness

  • What is security awareness?
  • Why security awareness?
  • What are the key success factors for effective security awareness ?
  • An appropriate user awareness methodology
  • Awareness metrics
  • What is your security awareness program?

Disaster Recovery Planning

  • Issues with Disaster Recovery Planning (DRP)
  • DRP mission and objectives
  • Major steps in the preparation process
  • Disaster Recovery Plan structure
  • What are your DRP arrangements?

Be the first to comment

Leave a Reply

Your email address will not be published.