Strategic Information Security Management

po

pu

Ba

c lar k b de y ma n

Strategic d Information Security Management

Key Learning Objectives: • Understand information security needs and learn about risk management essentials • Recognise standards and best practices in information security management • Upgrade and enhance your existing IT security policies, standards, procedures and guidelines for competitive advantage • Manage Business Continuity as an essential element of information security • Identify controls to manage security and be able to measure security management effectiveness

Organised by:

Strategic Career Partner:

Follow us on: www.twitter.com/iirmiddleeast www.facebook.com/iirmiddleeast www.youtube.com/iirmiddleeast

Please bring your laptop

15 – 18 December 2013 Hyatt Regency Hotel, Dubai, UAE

www.iirme.com//securityIT

Strategic Information Security Management

15 – 18 December 2013 Hyatt Regency Hotel, Dubai, UAE

Course Timings Registration will be at 07:30 on Day One. On each day, the course will commence at 8.00 and conclude at 14.30 followed by lunch. Refreshments will be served at appropriate intervals. • Risk Management In Information Systems Control – Part Three - Determine IT strategy – security as part of planning process not an add on – strategic intent - Project and program management - Acquisition, development, maintenance - Change management - Third party service management - Continuous service assurance - Information security management - Configuration management - Data management

Day One • Definitions: - Security - Information, data asset - Standards, best practices - Characteristics of information as defined by COBIT - Business Continuity (BC) – what can impact it? • Does trust play a role in security? • Accountability, responsibility for security and risks

• Security Policies - Essentials - Controls - Awareness - Training

• Information security governance • PTP of security management – processes, technology, people • Process approach – SIPOC, ETVX, PDCA

• Elements Of Information Security Controls – One - People - Physical security - Environmental security - Asset management

• Pragmatism vs bureaucracy in implementing security • Compliance vs conformity • Laws – basic needs – information act, privacy, intellectual property • Risk Management – Part One - Risk culture of an organisation - Asset recognition - Risk recognition - Risk evaluation – qualitative and quantitative Exercises 1. Recognise key information security requirements in your organisation 2. Recognise risks to information security on requirements of exercise 1 3. Recognise which laws are applicable to your organisation

Day Two • Risk Management – Part Two - Risk response process – defining residual risks - Risk prioritisation - Essentials of risk monitoring - Risk management considerations - Risk treatment plans - Risk response process - Information systems control design and implementation

+971 4 335 2437

+971 4 335 2438

Exercises 1. Define a policy to suit your organisation requirements in SDLC 2. Define controls to suit the policy

Day Three • Elements Of Information Security Controls – Two - Access control - Change control - Operations management - Availability planning - Capacity planning - Third party service management • Recognising Controls To Manage Security Risks – SOA perspective of ISO 27001 • Measuring Security Implementation - Critical success factors - KPIs - Metrics • Technology - Perimeter – firewalls, proxy, honey-pots - Internal – IPS, IDS, network security, virus control - Storage – encryption - Communication and business – PKI keys, cryptography - Data loss prevention – content management

register@iirme.com

www.iirme.com/securityIT

• Business Continuity Planning (plan beyond availability management) – One - It’s a business call - Business impact analysis - IT service continuity planning – parameters for consideration - How much, how fast - RTO / RPO Exercises 1. Define measurements that help understanding effectiveness 2. Do a business impact analysis on any critical process of your organisation 3. Define recovery options

Day Four • Business Continuity Planning (BCP) (plan beyond availability management) – Two - Implementation - Testing – different types of testing BCP - Maintaining BCP plans • Define security incident • Define an incident response process • Security incident recognition awareness, recognising security incidents • Stakeholders in security incidents • Incident Response – Three Elements - Containment - Eradication - Recovery • Problem Management • Documentation - Documents vs records - Document control, record control - What to maintain? - How much is necessary? Exercises 1. Define an incident handling plan for your organisation 2. What kind of security incidents have taken place in your organisation? Can you categorise them? 3. Define a current incident in your organisation and work out a plan if you were to handle it differently

Meet Your Expert Course Leader Rohinton Dumasia ITIL V3 Expert, PRINCE2 Practitioner, CISA, COBIT, CGEIT, CISM, CISSP, ISO 27001, ISO 9000-2008 LA – Consultant & Trainer A graduate in mathematics and physics from Bombay University in 1973 and a Post-Graduate in operations research and statistics from Mumbai University in 1977. He has over 35 years of experience in information systems planning, design, operations, control and management domain having tackled various assignments in the areas of service support, service delivery, software development and implementation, project management and training. His career ranges from computer operations and software development, to being a CIO and now an independent consultant and trainer. He has been associated with implementing ITIL processes since 1999. His assignments include COBIT implementation for an oil refinery, ISO 20000 implementation for a finance company, and defining processes for a software development company, and defining architecture for a shipping company. He is a trainer for ITIL up to Expert level, ISO 27001 and COBIT certification programmes. He also conducts training in Essential Project Management, Business Analysis, Requirement Engineering and Information Security Framework. He has been taking ITIL training since ITIL V2 and now ITIL V3. He has conducted trainings in India, Philippines, Malaysia, and other countries in the Far East. He is a regular speaker at various forums and conferences. He is Ex-Chairman and an active member of Computer Society of India and contributes to their activities, seminars and conferences. He has worked in various domains – manufacturing, FMCG, shipping, IT services and consulted for software development, airlines and oil refineries.

Would you like to run this course in-house?

The in-house training division of IIR Middle East Tel: +971 4 407 2624 • Email: CTS@iirme.com www.iirme.com/cts

+971 4 335 2437

+971 4 335 2438

register@iirme.com

www.iirme.com/securityIT

Strategic Information Security Management 15 – 18 December 2013 • Hyatt Regency Hotel, Dubai, UAE FIVE WAYS TO REGISTER IIR Holdings Ltd. P.O Box 9428 Dubai, UAE

+971 4 335 2437 +971 4 335 2438 register@iirme.com

www.iirme.com/securityIT

DISCOUNTS AVAILABLE FOR 2 OR MORE PEOPLE CALL – +971 4 335 2483 E-MAIL – a.watts@iirme.com WEB BC5164 Event

Course Fee Before 29 September 2013

Course Fee Before 20 October 2013

Final Fee

US$ 3,895

US$ 4,395

US$ 4,695

Strategic Information Security Management 15 – 18 December 2013

WOULD YOU LIKE TO RUN THIS COURSE INͳHOUSE?

Course fees include documentation, luncheon and refreshments. Delegates who attend all sessions will receive a Certificate of Attendance.

DELEGATE DETAILS Name: .............................................................................................................................................................................................................. Job Title: ......................................................................................................... Email: ..................................................................................... Tel: ..................................................... Fax: .................................................... Mobile: ..................................................................................

All registrations are subject to our terms and conditions which are available at www.iirme.com/terms. Please read them as they include important information. By submitting your registration you agree to be bound by the terms and conditions in full.

Payments Job Title: ......................................................................................................... Email: ..................................................................................... Tel: ..................................................... Fax: .................................................... Mobile: ..................................................................................

Name: .............................................................................................................................................................................................................. Job Title: ......................................................................................................... Email: ..................................................................................... Tel: ..................................................... Fax: .................................................... Mobile: ..................................................................................

COMPANY DETAILS Company: ............................................................................................................................................................................................................ Address: ................................................................................................................................................................................................................ Postcode: ................................................................................. Country: ........................................................................................................... Tel: .............................................................................................. Fax: ................................................................................................................. No. of employees on your site: . 1000+ 500-999 250-499

50-249

0-49

Nature of your company's business: ..........................................

YES, I would like to receive information about future events & services via e-mail .................................................................

To assist us with future correspondence, please supply the following details: Name of the Department Head: ..................................................................................................................................................................... Department: ........................................................... Mobile: .......................................... Email: ....................................................................... Training Manager: ............................................................................................................................................................................................. Department: ........................................................... Mobile: .......................................... Email: ...................................................................... Booking Contact: .............................................................................................................................................................................................. Department: ........................................................... Mobile: .......................................... Email: ......................................................................

A confirmation letter and invoice will be sent upon receipt of your registration. Please note that full payment must be received prior to the event. Only those delegates whose fees have been paid in full will be admitted to the event. You can pay by company cheques or bankers draft in Dirhams or US$. Please note that all US$ cheques and drafts should be drawn on a New York bank and an extra amount of US$ 6 per payment should be added to cover bank clearing charges. In any event payment must be received not later than 48 hours before the Event. Entry to the Event may be refused if payment in full is not received. Credit card payment If you would like to pay by credit card, please tick here and a member of our team will contact you to take the details

Cancellation If you are unable to attend, a substitute delegate will be welcome in your place. Registrations cancelled more than 7 days before the Event are subject to a $200 administration charge. Registration fees for registrations cancelled 7 days or less before the Event must be paid in full. Substitutions are welcome at any time.

Avoid Visa Delays - Book Now Delegates requiring visas should contact the hotel they wish to stay at directly, as soon as possible. Visas for non-GCC nationals may take several weeks to process. All registrations are subject to acceptance by IIR which will be confirmed to you in writing. Due to unforeseen circumstances, the programme may change and IIR reserves the right to alter the venue and/or speakers.

Event Venue: Hyatt Regency Hotel, Dubai, UAE Tel: +971 4 209 1234 Accommodation Details We highly recommend you secure your room reservation at the earliest to avoid last minute inconvenience. You can contact the IIR Hospitality Desk for assistance on: Tel: +971 4 407 2693 Fax: +971 4 407 2517 Email: hospitality@iirme.com © Copyright I.I.R. HOLDINGS B.V.

TK/ST CP0503

LR

Name: ..............................................................................................................................................................................................................

Turn static files into dynamic content formats.

Create a flipbook