Course Syallabus

Information Security Governance

• Develop information security strategy to align with business strategy and direction
• Obtain senior management commitment and support for information security across the entire enterprise
• Define information security governance roles and responsibilities
• Establish reporting and communication channels regarding information security governance activities

Risk Management

• Develop a systematic, analytical, and continuous risk management process
• Understand and implement risk identification, analysis, and mitigation activities
• Define and prioritize risk mitigation strategies
• Appropriately report changes in risk to the correct levels of management on a periodic and event-driven basis

Information Security Program Management

• Create and maintain plans for implementing a carefully designed information security governance framework
• Develop information security baselines from organizational needs, as well as international standards
• Develop guidelines and procedures for integrating security risk management into business processes
• Develop procedures and guidelines for the IT infrastructure that comply with senior-level information security policies
• Ensure security is effectively incorporated into the organizations established change management processes
• Effectively integrate information security policies, guidelines, procedures, and accountability into the organization's culture

Legal Issues

• Manage security risk from contracts; transfer risk with contracts
• Understand information security compliance issues resulting from Sarbanes-Oxley

Information Technology Deployment Risks

• Properly align IT strategic planning with organizational strategic planning
• Control risk within software development or acquisition projects

IT Management Risks

• How to position information security management within the organization
• Control IT security risk relating to IT funding

IT Networks and Telecommunications Risks

• Manage risk associated with social engineering, physical infrastructure threats, malicious code, and software vulnerabilities

Integrating Information Security into Business Continuity, Disaster Recovery, and Incident Response

• Develop and implement processes for identifying, detecting, and analyzing security-related events, procedures
• Organize, train, and properly equip response teams