| |
This track addresses management concerns regarding the overall information security management for businesses and organisations. This responds to information security concerns that have evolved from a technical perspective to a business one. Key success factors are areas such as security or corporate governance that take into account the adoption of security frameworks, information security standards, security policies, best practices, guidelines and risk management.
Organisations of today are exposed to more complexities and uncertainties with the increasing use of technology and the pace at which the organisation’s risk environment is changing. As every business assets and processes are exposed to both internal and external threats, internationally accepted information security standards, best practices and controls must be implemented to identify, manage and mitigate these threats. Organisation-centric approaches to security management considering the impact of risks and their effect on the organisation determines best security activities and practices are most suitable for them to remain resilient.
| ISO/IEC27001 Information Security Management (ISMS) Implementation |
Course Objective
Recent high-profile information security breaches and increased awareness of the value of information are highlighting the ever-increasing need for organisations to protect their information assets. An information security management system (ISMS) is a risk management approach to maintaining the confidentiality, integrity and availability of the organisation’s information. This four day course leads participants through a series of exercises following the requirements of ISO 27001:2005 for ISMS implementation. Key implementation exercises are supplemented by case study examples of techniques using both simple office tools and specialised information risk management software
Target Audience
This is not a technical IT security course; rather, it concerns information security management and is suitable for managers from a wide range of disciplines. Attendees should have a basic knowledge of business information systems, and competence in using normal office software tools (i.e. word processors, spreadsheets and presentation software).
Course Duration
The course duration is 4 days
Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.
|
|
Good corporate governance and the adoption of internationally recognised standards for implementing security controls are keys to securing any organisation. Information Assurance is achieved by the successful management and assessment of security controls alongside implemented processes. This enables stakeholders to gain information on the current security posture of an organisation’s IT infrastructures.
The Security Audit course is an intensive training framework led by experienced Information Assurance and audit professionals, using proven and effective auditing methodologies. Participants will learn the internationally recognised information security standards and their audit requirements for security compliance.
| ISO/IEC 27001 Information Security Management System (ISMS) Lead Auditor |
Course Objective
Information Security Management System Lead Auditor teaches the fundamentals of auditing information security management systems to ISO 27001:2005 (BS 7799-2:2002) standards. This five days intensive course trains students on managing audits for certification bodies and facilitating the ISO 27001:2005 registration process. The auditing exercises and lectures are based on ISO 19011:2002, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those wishing to conduct external assessments or internal audits to ISO 27001:2005 standards.
Target Audience
IT Security Officers, IT managers, Auditors interested in 27001:2005 or ISO/IEC 17799:2005, Information Security Consultants
Course Duration
The course duration is 5 days
Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.
| Legal and Policy Framework |
Hackers today target businesses and governments with the intent of committing fraudulent and malicious activities for financial gain. Accessing information or computer systems without authorisation puts the organisation - particularly the critical sectors - at great business risk. This can create rife damage when the information falls in the hacker’s hands. Law enforcement agencies and personnel often face challenges when dealing with cyber criminals, where the source of attack can be from any part of the world. Additionally, laws governing cybercrime must be understood. Having keen knowledge in cybercrime laws and the aspects of investigating and prosecuting cybercrimes, along with the legal considerations in assisting with investigations as well as tracing cyber criminal activities is the key for any successful prosecution.
| Combating Cyber Crime: Laws and Legal Considerations |
Course Objective
Cyber crime involves criminal activities that are traditional in nature such as, theft, fraud, forgery, stalking, and defamation. Cyber space has created a borderless world, where a person can break into an online banking site or web based system residing in another country, with complete disregard for jurisdictional boundaries. As many businesses, governments and people communicate and conduct transactions across borders, laws and legal provisions must be identified, developed and communicated to all parties. This course will introduce the various forms of cyber crime and legal provisions to address them.
Target Audience
Law Enforcement Officers and Law Enforcement Support staff.
Course Duration
The course duration is 5 days
Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.
|
|
