This 5-day course takes an operational approach to implementing and managing effective cybersecurity in highly networked enterprises. Topics include an evaluation of government and commercial security management models; security program development; risk assessment and mitigation; threat and vulnerability analysis and risk remediation; cybersecurity operations; incident handling; business continuity planning and disaster recovery; security policy formulation and implementation; large-scale cybersecurity program coordination; management controls related to cybersecurity programs; information-sharing; and privacy, legal, compliance, and ethical issues.
WHO SHOULD TAKE THIS COURSE
Students should have taken a Cybersecurity Fundamentals course like a CompTIA Security+ course or have equivalent skills and experience.
WHY YOU SHOULD TAKE THIS COURSE
This course builds upon the skills and knowledge gained in the prior courses and moves into the heart of the ISSO role as it relates to the overall security operations of the enterprise. As such, this is perhaps the most important course in the ISSO program.
COURSE OUTLINE
Day 1:
- Describe the role of governance in creating value for the enterprise.
- Explain the importance of information security governance in the context of overall enterprise governance.
- Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.
Day 2:
- Identify the relevant legal, regulatory and contractual requirements that impact the enterprise.
- Describe the effects of the information security strategy on enterprise risk management.
- Evaluate the common frameworks and standards used to govern an information security strategy.
Day 3:
- Explain why metrics are critical in developing and evaluating the information security strategy.
- Outline the components and resources used to build an information security program.
- Distinguish between common IS standards and frameworks available to build an information security program.
Day 4:
- Explain how to align IS policies, procedures and guidelines with the needs of the enterprise.
- Describe the process of defining an IS program road map.
- Outline key IS program metrics used to track and report progress to senior management.
Day 5:
- Explain how to manage the IS program using controls.
- Create a strategy to enhance awareness and knowledge of the information security program.
- Describe the process of integrating the security program with IT operations and third-party providers.
- Communicate key IS program information to relevant stakeholders.