Today the role of the Information Security Officer is more important and challenging than ever.
Define, implement and maintain an appropriate level of information security – fitting with the company’s culture, objectives & strategy and taking into account the growing number of regulatory requirements, emerging new standards, risks and technological evolutions – all this in an effective and efficient way … simply stated.
Security Standards & Frameworks
- Why we need standards for?
- The ISO 17799 standard
- The ISF standard
- The COBIT framework
- The ISO 27000 standards series
- What standards do you use or plan to use?
Risk – and Compliance Management
- Why risk management?
- Challenges for risk – and compliance management
- Recommended approach
- What is your risk approach and/or experienced problems?
- Risk assessment demonstration
- An example of an asset-based and ROSI based risk assessment
Security Organization & Responsibilities
- Why do we need company-wide security roles?
- The information security steering committee
- The information security officer
- Local information security coordination
- What is your security organization?
Security Policies, Standards & Procedures
- What are security policies?
- What are security standards?
- What are security procedures?
- What is their importance and contribution?
- The ISMS policy
- Practical approach and structure
- What is your policy approach & structure?
- Information Security Program Management
- ISMS introduction – process approach
- Establish the ISMS
- Implement and operate the ISMS
- Monitor and review the ISMS
- Maintain and improve the ISMS
- Additional requirements
- What is your security program management approach?
- Security Classification
- Data classification: role and added value
- Basic model and required processes
- An appropriate classification approach
- Budget & planning aspects
- Data classification & handling guideline example
- What is your data classification approach?
- Role of security metrics
- What processes are involved ?
- Some useful security metrics
- What security metrics do you use or intend to use ?
- What is security awareness?
- Why security awareness?
- What are the key success factors for effective security awareness ?
- An appropriate user awareness methodology
- Awareness metrics
- What is your security awareness program?
Disaster Recovery Planning
- Issues with Disaster Recovery Planning (DRP)
- DRP mission and objectives
- Major steps in the preparation process
- Disaster Recovery Plan structure
- What are your DRP arrangements?