In this 5 day class, students will learn best industry security practices for establishing information security governance rules, risk management, security program management, security implementation, security incident managment and security reponse.
Outline:
Lesson 1: Information Security Governance
- Develop an Information Security Strategy
- Align Information Security Strategy with
Corporate Governance - Identify Legal and Regulatory Requirements
- Justify Investment in Information Security
Identify Drivers Affecting the Organization - Obtain Senior Management Commitment to
Information Security - Define Roles and Responsibilities for
Information Security - Establish Reporting and Communication Channels
Lesson 2: Information Risk Management
- Implement an Information Risk Assessment Process
- Determine Information Asset Classification and
Ownership - Conduct Ongoing Threat and Vulnerability
Evaluations - Conduct Periodic BIAs
- Identify and Evaluate Risk Mitigation Strategies
- Integrate Risk Management into Business Life
Cycle Processes - Report Changes in Information Risk
Lesson 3: Information Security Program Development
- Develop Plans to Implement an Information
Security Strategy - Security Technologies and Controls
- Specify Information Security Program Activities
- Coordinate Information Security Programs with
Business Assurance Functions - Identify Resources Needed for Information
Security Program Implementation - Develop Information Security Architectures
- Develop Information Security Policies
- Develop Information Security Awareness,
Training, and Education Programs - Develop Supporting Documentation for Information
Security Policies
Lesson 4: Information Security Program Implementation
- Integrate Information Security Requirements into
Organizational Processes - Integrate Information Security Controls into
Contracts - Create Information Security Program Evaluation
Metrics
Lesson 5: Information Security Program Management
- Manage Information Security Program Resources
- Enforce Policy and Standards Compliance
- Enforce Contractual Information Security
Controls - Enforce Information Security During Systems
Development - Maintain Information Security Within an
Organization - Provide Information Security Advice and Guidance
- Provide Information Security Awareness and
Training - Analyze the Effectiveness of Information
Security Controls - Resolve Noncompliance Issues
Lesson 6: Incident Management and Response
- Develop an Information Security Incident
Response Plan - Establish an Escalation Process
- Develop a Communication Process
- Integrate an IRP
- Develop IRTs
- Test an IRP
- Manage Responses to Information Security
Incidents - Perform an Information Security Incident
Investigation - Conduct Post-Incident Reviews
To Hire an AMS Certified Information Security Manager Subject Matter Expert and Instructor who also teaches this class, call us today at 800-798-3901!