8/13/2019 Information Security Managers Academy

1/4

5 day course

19-23 May 2014

Singapore

Course Director

Charles PaskMr. Pask has over 25 years

experience in IT, IT audit and

IT security

Who should attend

Information Security and IT

Managers

Information Security Analysts

Security Architects Security Administrators (wanting

to move to management)

Risk Personnel

System Administrators

Network Administrators

IT Auditors

Internal Auditors

Earn 40 CPEsby attending

Prerequisite:None

Advanced Preparation:None

Learning Level:Intermediate

Field of Study:Specialized

Knowledge and Application

Delivery Method:Group Live

InformationSecurity ManagersAcademy

Explore the various aspects of InfoSec management in a changing ICT

environment

Discover how to make a dierence in your organisation by examining

a number of proven techniques for gaining support for your InfoSec

program

Gain insight into the building blocks for success for your program

Work with an InfoSec professional who has walked the walk

CISSP & CISM exams how to prepare for these

Why do we need controls?

Web Email Tel

www.mistiasia.com misasia@misti.com +852 2520 1481

A step-by-step guide to establishing and managing an

information security program that works

SAVE

UP TO 50%

WITH IN HOUSE

TRAININGDetails inside

Each delegate will receive up to 2GB of additional

documentation, research, policies, awareness programme posters

and education tips.

PLUS

PLEASE REGISTER EARLY

Due to recent changes in VISA processing, delegates are strongly advisedto obtain relevant VISAs up to one month prior to the course.

A division ofThe Global Leaderin Audit, Risk, Fraudand Security Training

8/13/2019 Information Security Managers Academy

2/4

Course focus and features

Information risk management has become a serious priority. New legislation

and the best practice set forth in ISO27000 (old BS7799 and ISO-17799) point

to information risk analysis as the foundation of any program designed to

safeguard information assets.

If you have inherited a program that needs to be improved/benchmarked, this

course will be your step-by-step guide to establishing and managing a workable

information security program. If you are auditing the security environment, this

course will help you identify the essential elements that need to be in place for

your organisation to have effective controls.

The Course Director is a proven InfoSec Senior Manager with over 25 years

experience in managing an InfoSec team and running IT Audits. The course

begins with the building blocks of an Information Security Management System

(ISMS), using real-life scenarios and case studies to reinforce what you learn.This is not a technical course. Industry statistics show that over 70% of an

organisations InfoSec problems revolve around ill-advised staff or ineffective

InfoSec programs.

The course will cover:

The planning and management of the security program

Understanding internal and external threats to success

Establishing eective security policies

Disaster recovery and business continuity planning

Getting the business more involved with information security

Developing an enterprise security architecture

Identity and access control management Cryptography

Physical protection of your business and computing facilities

Employee privacy issues

The legal and regulatory aspects of information security, including

awareness programs

Copyright Euromoney Training2014

Day 1

Defining the information security business

case

Dening and delineating the attributes of

an information security program

Assessing threats to information security

and areas of vulnerability

Global legal and regulatory requirements

for data protection and privacy

International requirements (SOX, Basel, etc)

Current concerns in information security

Dening an enterprise information security

architecture

How our views on computer security have

changed

NIST, CERT, FIRST, DISA and other great

resources for information security

Security management: Strategic

components

Dening the information security

department charter Organising for success: Roles and

responsibilities

The security management cycle

Risk assessment and management

Strategic steps to security management

Overall management vs day-to-day

administration

Gaining management and organisational

support

Security policies, standards, and

procedures

Information classication and valuation

Creating awareness programs

Metrics, maturity models, and return on

security investment

Useful standards/guidelines for

information security: ISO, IETF, COBIT, NIST/

FISMA, NSA/DISA, OWASP, ISF, SANS, etc

InformationSecurity ManagersAcademy

5 day course

19-23 May 2014

Singapore

The course wasfascinating. Itcovered all the

areas and topics ofInfo. Security at amanagerial level. Itprovided me witha great guidanceand assurancein achieving myprogram

Info. Sec. Manager,

FALCOM Financial Services

EMPS5505 - TCOURSE CODE

MIS Training Institute provides specic, tailor-made in-house training on a wide varietyof internal audit, IT audit and information security topics. Clients can determinethe content, duration, and level of expertise of the course, creating a unique and

customised programme. All our in-house consultants are professional trainers anddraw on many years of practical experience in the audit and information security areas.

To nd out more about the special benets of in-house training, please contact:

Yvonne LimIn-house ManagerTel: +852 2520 1481 Email: inhouse@misti.com

Save time andmoney with IN-HOUSE TRAINING

You may use your attendance at courses held by MIS TrainingInstitute to qualify for CPD points with The Law Society of HongKong. If you wish to claim CPD Hours for your registered course,please inform us of this upon registration and pay one month in

advancein order for your CPD application to be processed. For further information onCPD accreditation please email us on misasia@misti.com

CONTINUING

PROFESSIONAL

DEVELOPMENT

8/13/2019 Information Security Managers Academy

3/4

Day 2

Legislation and standards

Privacy protection laws

Anti-hacker legislation

Emerging international security standards

Common methods of identity theft

Emerging law

Best practice protections to prevent loss of

privacy

Creating a strong foundation through

policy

Examining your environment and business

drivers to create eective policies

Tips for quickly creating policies: Printed

and Internet resources

Tools and techniques for examining your

computing environment

Case study/class exercises: Developingorganisational policies

Examing delegates own policies and makingimprovements

Day 3

Information risk analysis

The risk analysis cycle and its components

Identifying assets in an information risk

analysis

Determining asset values

How the information risk management

process ts into the information protectionprogram

Integrating risk management into an

enterprise-wide process

Partners in the information risk management

process and their specic roles

Types of information risk analysis:

Quantitative vs qualitative approach

Software tools for performing the

information risk analysis process

Identifying asset categories: IT, business

processes, or business functions

Dening information risk analysis targets

and scope

The information owners role in the

information risk analysis process

Risk management

Arriving at an acceptable level of risk

Uncovering information vulnerabilities

There will be case studies and opportunitiesto assess delegates own risk processes

Business impact analysis (BIA)

BIA process: Components and denitions

BIA as the key to a successful data security

program

Partners in the business impact process

and the role each one plays

Day 4

Physical, hardware and environmental

security

Physical security

Hardware security

Media security

Environmental controls in the distributed

environment

Protecting the network perimeter: network

and workstation security

Network security management primer

Firewalls

Intrusion detection and incident response

Virtual private networks

Workstation security

Wireless and mobile device security

Day 5

Tools that can help create awareness

Methods for selecting eective tools,

techniques, and trinkets

Gaining management support

Video examples and cost-eective sources

for awareness

Roles and responsibilities

Dening the BCP management process

Using the business impact analysis (BIA)

Redundancy, backup, and fault tolerance

System and organisation-wide recovery

Plan management and testing

Levels of preparedness

Testing your plan

The future of information security in the

organisation

Management support

Relating security to the business

Nurturing the security and audit

relationship

Funding, stang and know-how

Keeping current

12-point plan for success

Bonus: You will receive the Swiss Army KnifeReference Guide-Security Managers editionthat includes sample security policies, job/role descriptions, security review checklists,bibliography of printed and electronicsources of security and audit informationand tools, and a glossary of distributedcomputing terminology.

Good fun andfilled with lots ofinteresting material

Past delegate, BT Global Services

Web Email Tel

www.mistiasia.com misasia@misti.com +852 2520 1481

Course Director

Charles Pask

Gain access to an experienced professional who is still a practitioner. Mr. Pask will make the

material lively and explain to you the fundamental building blocks to ensure success in your

own audit environment.

Charles Pask is the Managing Director of an IT security and IT audit consultancy. Previously,

he was a Director with MIS Training, and Director of Information Security Institute (ISI)

European and Middle East e-Security Services. Mr. Pask has over 25 years experience in IT, IT

audit, and IT security, and was the Information Security Manager for Alliance & Leicester plc

prior to joining MIS.

More recently Mr. Pask was the Global Head of Strategy, Development and Globalisation for

the Bristish Telecom Business Continuity, Security and Governance Practice.

Mr. Pask has spoken at a number of conferences, including CISO, WebSec, Compsec, the

International Security Managers Symposium, and various ISACA events. He was the

Chairman of the European Chief Information Security Ocers (CISO) conferences for the last

6 years and for the Middle East CISO conferences for the last 2 years. He will be Chairing both

conferences in 2011.

He delivers several MIS Training courses, including IT Auditing and Controls, IT Audit School,

Risk Based IT Auditing, How to Manage an Information Security Program and Information

Security School.

He has also been a Senior Instructor for ISC2 for CISSP exam training. Mr Pask has helped

over 300 students globally pass the CISSP exam.

8/13/2019 Information Security Managers Academy

4/4

I prefer course updates by email.

My email address is .

Please fax back to +852 2866 7340 or email your details to courses@euromoneyasia.com.

Please include the code that appears on top of the address label above in your email.

Registration form Yes, please register me for:nformation Security Managers Academy (EMPS5505)

on19-23 May 2014, Singapore

Cant make this date? We schedule our courses throughout the year. Please contact us to check forlternative dates and locations.

Delegate details (all of the following is required to process your registration)

urname Mr/Mrs/Ms

irst name

osition Department

Approving Manager Position

Company

Address

Telephone Fax

mail

Course fee: US$4,450

All fees are net of withholding, business and local taxes.

Delegates registering from Singapore for Singapore courses will have to bear the

prevailing GST at the date of the invoice.

Seat is confirmed only upon receipt of payment.

IIA Membership No.:

ISACA Membership No.:

Payment details(please tick as appropriate)

Cheque Invoice Credit card#

#To make this payment by credit card, please call +852 2520 1481.

I have read and understood the booking terms and conditions

Signature Date

How did you hear about the course?

The Global Leaderin Audit, Risk, Fraudand Security Training

4 easy ways to

register

1. Web

www.mistiasia.com

2. Email

misasia@misti.com

3. Telephone

+852 2520 1481

4. Facsimile

+852 2866 7340

Membership discountIIA and ISACA members save 10%

This discount cannot be used in conjunction

with any other offer.

Group booking discount

When two colleagues from one institution

book together on the same course, there is a

5% discount on the second booking. Further

discounts are available for larger groups.

Venue

All of our courses are held in 4-5 star hotels,

chosen for their location, facilities and level of

service. You can be assured of a comfortable,

convenient learning environment throughout

the duration of the course.

Due to the variation in delegate numbers,we will send venue confirmation to you

approximately 2 weeks before the course

commences.Register on-line at:

www.mistiasia.com

Please ensure you enter yourevent code when registeringand you will be entered into ourquarterly prize draw to win 50of Visa vouchers.

IMPORTANT INFORMATION - YOUR EVENT CODE

EMPS5505 - T

MIS Training Institute (MISTI) is registered with the National Association of

State Boards of Accountancy (NASBA) as a sponsor of continuing professional

education on the National Registry of CPE Sponsors. State boards of accountancy

have final authority on the acceptance of individual courses for CPE credit.

Complaints regarding registered sponsors may be submitted to the National

Registry of CPE Sponsors through its website: www.learningmarket.org

Copyright EuromoneyTraining 2014

course. Cancellations must be made in writing(letter or fax) with MISTIs acknowledgement.Written cancellations must reach t his office 30days before the programme commences. A fullrefund less an administration charge of US$150will be given. For any written cancellationrequests that reach us less than 30 days beforethe event, no refunds will be given. However,if you wish to attend another MISTI course inthe Asia-Pacific region, a 75% discount voucherwhich values not more than 75% of the initialpayment will be issued. Please note that thesubsequent course must take place within 6months of the initial registration. Discountvouchers are transferable within the sameorganisation, but not to be used in conjunctionwith any other discount schemes. Discountvouchers will not be issued for no-shows withoutcancellation. MISTI reserves the right to thefinal decision if any dispute arises.

Flights and hotel accommodation shouldonly be purchased when our logistics teamcontact you to confirm the course venue. Theattendee is solely responsible for their flightand accommodation arrangements and costs.In the unlikely event MISTI should have tocancel an event it will not be responsible for anycosts incurred by attendees. MISTI thereforerecommends that clients purchase fullyrefundable air tickets and accommodation.

Incorrect mailingPlease accept our apologies for mail whichis incorrectly addressed. Should you wish toamend the address/addressee details, please sendor fax us a copy of the relevant mailing label (onthe envelope or brochure) and we will updateour records accordingly.

Data protectionThe information you provide on this form willbe used by Euromoney Institutional Investor

PLC and its group companies (we or us)to process your order and/or deliver relevantproducts/services and content. We may alsomonitor your use of our website(s), includinginformation you post and actions you take,to improve our services to you and trackcompliance with our terms of use. Except to theextent you indicate your objection below, we mayalso use your data (including data obtained frommonitoring) (a) to keep you informed of ourproducts and services; (b) occasionally to allowcompanies outside our group to contact you withdetails of their products/services; or (c) for ourjournalists to contact you for resear ch purposes.As an international group, we may transferyour data on a global basis for the purposes

DisclaimerMIS Training Institute (MISTI) reservesthe right to alter any part of the published

programme or faculty. In the event of coursecancellation by MISTI due to unforeseencircumstances, MISTI limits its liabilities torefunding the tuition fee of the course.

Fee includes tuition, documentation, lunch andrefreshments. Delegates are responsible for theirown flights and accommodation.An invoice will be sent upon receipt ofregistration form.

a division ofEuromoney Institutional Investor

indicated above, including to countries whichmay not provide the same level of protection topersonal data as within the European Union. Bysubmitting your details, you will be indicatingyour consent to the use of your data as identifiedabove. Further information on our use of yourpersonal data is set out in our privacy policy,which is available at www.euromoneyplc.com orcan be provided to you separately upon request.

If you object to contact as identified above bytelephone , fax , or email , or post ,please tick the relevant box. If you do not wantus to share your information with our journalists

, or other companies please tick the relevantbox.

Cancellation policyIf any registered delegate cannot attend ourcourse, a replacement is always welcome for the