About the Course:
Effective security management for any organisation must take into account their people, process and technology to run their business operations effectively and efficiently, while remaining resilient. In order to preserve the confidentiality, integrity and availability, a formal methodologies and best practices must be adopted and implemented at all levels of management, according to business and stakeholder requirements.
This course aims to inculcate the key concepts, principles and methodologies for information security management for those involved in information security enhancement for their organisation. This course will cover the key concepts, and principles of information security covering both the management and technological aspects.
This course focuses on information security principles, risk management, international standards such as ISO/IEC 27001, security policies, current cyber threats, defence through the implementation of proper security mechanisms, access control models and more. This course will also cover the best practices with guidance on information security design, implementation and management.
Information Security Officers and Managers from private and public sector organisation particularly those from the CNII sector, Regulatory Bodies, ISPs, Law Enforcement Agencies.
Basic knowledge in Information Security is recommended but not essential.
Classroom style lectures and discussion with case studies. Participants will be required to complete group activities.
Participants are required to bring their own notebook.
- Defining and Principles of Information Security
- Defence in Depth
- Types of Hackers
- Current Threat Landscape
- Risk, Threats and Vulnerabilities
- Information Assets
- Information Classification
- Information and System Ownership
- Security Controls
- Access Control Models
- Designing Security Requirements based on ISO 27001 Security Policy
- Organizing Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control Management
- Systems Development and Maintenance
- Incident Management
- Business Continuity Management
- Compliance Management
- Security Best Practices
- Information Security Risk Management