| Event Details: | Overview
Information security has become a critical issue within organizations, and a key success factor for businesses. In order to effectively maintain the integrity and security of an organization’s information infrastructure an organized information security strategy must be developed and implemented. This workshop will introduce the concepts of an information security program, threat and vulnerability management, and metrics for effective information security governance. This workshop will highlight the key functional areas, processes and methodologies, and organizational concepts that should be included in order to implement and maintain an effective information security strategy and program. Key functional areas will be discussed in depth and will be highlighted for their importance to the strategy, activities that they will perform, and their associated key performance indicators (KPI’s). This workshop will utilize interactive discussions and case studies to highlight operationally capable models and solutions.
Syllabus
1. Introduction of an Information Security Program
- Functional elements of an Information Security Program
- Organizational Structure of Information Security Program
- Key dependencies and linkage points
- Key Performance Indicators (KPI’s) of key functional areas
- Key competencies and staffing models
- Case studies of Information Security Program Deployments
- Individual Element Exploration
2. Threat and Vulnerability Management
- Overview of Threat and Vulnerability Management Programs
- Asset Identification
- Threat Analysis Who, What, When, Where, and How
- OSI+ Methodology
- Intelligence Gathering and Assessment
- Vulnerability Management
- Risk Mitigation Strategies
- Countermeasure and Control Development
3. Developing Metrics for Effective Information Security Governance
- Defining the Measurement
- Business Goal Alignment
- Baseline Framework of Metrics
- Organizational and Performance Metrics
- Operational Metrics
- Technological Metrics
- Business Process Metrics
- Business Metrics
- Compliance Metrics
- Meaningful Reporting
- Benchmark Reporting
4. Final Thoughts
Who Should Attend
- Individuals who have the responsibility to provide data security and privacy service within their organization
- Business executives and who have the responsibility of designing, implementing, and operating information security programs within their organization
- Business executives who would like to understand how to implement an effective information security program within their organization
- Information security auditors who are responsible for providing oversight to enterprise information security solutions
Prerequisites
- Familiarity with basic information security technologies, concepts, policies, procedures, and techniques. No security background or technical background required.
|
