Information Security Managers’ Academy

download Information Security Managers’ Academy

of 4

Transcript of Information Security Managers’ Academy

  • 8/13/2019 Information Security Managers Academy

    1/4

    5 day course

    19-23 May 2014

    Singapore

    Course Director

    Charles PaskMr. Pask has over 25 years

    experience in IT, IT audit and

    IT security

    Who should attend

    Information Security and IT

    Managers

    Information Security Analysts

    Security Architects Security Administrators (wanting

    to move to management)

    Risk Personnel

    System Administrators

    Network Administrators

    IT Auditors

    Internal Auditors

    Earn 40 CPEsby attending

    Prerequisite:None

    Advanced Preparation:None

    Learning Level:Intermediate

    Field of Study:Specialized

    Knowledge and Application

    Delivery Method:Group Live

    InformationSecurity ManagersAcademy

    Explore the various aspects of InfoSec management in a changing ICT

    environment

    Discover how to make a dierence in your organisation by examining

    a number of proven techniques for gaining support for your InfoSec

    program

    Gain insight into the building blocks for success for your program

    Work with an InfoSec professional who has walked the walk

    CISSP & CISM exams how to prepare for these

    Why do we need controls?

    Web Email Tel

    www.mistiasia.com [email protected] +852 2520 1481

    A step-by-step guide to establishing and managing an

    information security program that works

    SAVE

    UP TO 50%

    WITH IN HOUSE

    TRAININGDetails inside

    Each delegate will receive up to 2GB of additional

    documentation, research, policies, awareness programme posters

    and education tips.

    PLUS

    PLEASE REGISTER EARLY

    Due to recent changes in VISA processing, delegates are strongly advisedto obtain relevant VISAs up to one month prior to the course.

    A division ofThe Global Leaderin Audit, Risk, Fraudand Security Training

  • 8/13/2019 Information Security Managers Academy

    2/4

    Course focus and features

    Information risk management has become a serious priority. New legislation

    and the best practice set forth in ISO27000 (old BS7799 and ISO-17799) point

    to information risk analysis as the foundation of any program designed to

    safeguard information assets.

    If you have inherited a program that needs to be improved/benchmarked, this

    course will be your step-by-step guide to establishing and managing a workable

    information security program. If you are auditing the security environment, this

    course will help you identify the essential elements that need to be in place for

    your organisation to have effective controls.

    The Course Director is a proven InfoSec Senior Manager with over 25 years

    experience in managing an InfoSec team and running IT Audits. The course

    begins with the building blocks of an Information Security Management System

    (ISMS), using real-life scenarios and case studies to reinforce what you learn.This is not a technical course. Industry statistics show that over 70% of an

    organisations InfoSec problems revolve around ill-advised staff or ineffective

    InfoSec programs.

    The course will cover:

    The planning and management of the security program

    Understanding internal and external threats to success

    Establishing eective security policies

    Disaster recovery and business continuity planning

    Getting the business more involved with information security

    Developing an enterprise security architecture

    Identity and access control management Cryptography

    Physical protection of your business and computing facilities

    Employee privacy issues

    The legal and regulatory aspects of information security, including

    awareness programs

    Copyright Euromoney Training2014

    Day 1

    Defining the information security business

    case

    Dening and delineating the attributes of

    an information security program

    Assessing threats to information security

    and areas of vulnerability

    Global legal and regulatory requirements

    for data protection and privacy

    International requirements (SOX, Basel, etc)

    Current concerns in information security

    Dening an enterprise information security

    architecture

    How our views on computer security have

    changed

    NIST, CERT, FIRST, DISA and other great

    resources for information security

    Security management: Strategic

    components

    Dening the information security

    department charter Organising for success: Roles and

    responsibilities

    The security management cycle

    Risk assessment and management

    Strategic steps to security management

    Overall management vs day-to-day

    administration

    Gaining management and organisational

    support

    Security policies, standards, and

    procedures

    Information classication and valuation

    Creating awareness programs

    Metrics, maturity models, and return on

    security investment

    Useful standards/guidelines for

    information security: ISO, IETF, COBIT, NIST/

    FISMA, NSA/DISA, OWASP, ISF, SANS, etc

    InformationSecurity ManagersAcademy

    5 day course

    19-23 May 2014

    Singapore

    The course wasfascinating. Itcovered all the

    areas and topics ofInfo. Security at amanagerial level. Itprovided me witha great guidanceand assurancein achieving myprogram

    Info. Sec. Manager,

    FALCOM Financial Services

    EMPS5505 - TCOURSE CODE

    MIS Training Institute provides specic, tailor-made in-house training on a wide varietyof internal audit, IT audit and information security topics. Clients can determinethe content, duration, and level of expertise of the course, creating a unique and

    customised programme. All our in-house consultants are professional trainers anddraw on many years of practical experience in the audit and information security areas.

    To nd out more about the special benets of in-house training, please contact:

    Yvonne LimIn-house ManagerTel: +852 2520 1481 Email: [email protected]

    Save time andmoney with IN-HOUSE TRAINING

    You may use your attendance at courses held by MIS TrainingInstitute to qualify for CPD points with The Law Society of HongKong. If you wish to claim CPD Hours for your registered course,please inform us of this upon registration and pay one month in

    advancein order for your CPD application to be processed. For further information onCPD accreditation please email us on [email protected]

    CONTINUING

    PROFESSIONAL

    DEVELOPMENT

  • 8/13/2019 Information Security Managers Academy

    3/4

    Day 2

    Legislation and standards

    Privacy protection laws

    Anti-hacker legislation

    Emerging international security standards

    Common methods of identity theft

    Emerging law

    Best practice protections to prevent loss of

    privacy

    Creating a strong foundation through

    policy

    Examining your environment and business

    drivers to create eective policies

    Tips for quickly creating policies: Printed

    and Internet resources

    Tools and techniques for examining your

    computing environment

    Case study/class exercises: Developingorganisational policies

    Examing delegates own policies and makingimprovements

    Day 3

    Information risk analysis

    The risk analysis cycle and its components

    Identifying assets in an information risk

    analysis

    Determining asset values

    How the information risk management

    process ts into the information protectionprogram

    Integrating risk management into an

    enterprise-wide process

    Partners in the information risk management

    process and their specic roles

    Types of information risk analysis:

    Quantitative vs qualitative approach

    Software tools for performing the

    information risk analysis process

    Identifying asset categories: IT, business

    processes, or business functions

    Dening information risk analysis targets

    and scope

    The information owners role in the

    information risk analysis process

    Risk management

    Arriving at an acceptable level of risk

    Uncovering information vulnerabilities

    There will be case studies and opportunitiesto assess delegates own risk processes

    Business impact analysis (BIA)

    BIA process: Components and denitions

    BIA as the key to a successful data security

    program

    Partners in the business impact process

    and the role each one plays

    Day 4

    Physical, hardware and environmental

    security

    Physical security

    Hardware security

    Media security

    Environmental controls in the distributed

    environment

    Protecting the network perimeter: network

    and workstation security

    Network security management primer

    Firewalls

    Intrusion detection and incident response

    Virtual private networks

    Workstation security

    Wireless and mobile device security

    Day 5

    Tools that can help create awareness

    Methods for selecting eective tools,

    techniques, and trinkets

    Gaining management support

    Video examples and cost-eective sources

    for awareness

    Roles and responsibilities

    Dening the BCP management process

    Using the business impact analysis (BIA)

    Redundancy, backup, and fault tolerance

    System and organisation-wide recovery

    Plan management and testing

    Levels of preparedness

    Testing your plan

    The future of information security in the

    organisation

    Management support

    Relating security to the business

    Nurturing the security and audit

    relationship

    Funding, stang and know-how

    Keeping current

    12-point plan for success

    Bonus: You will receive the Swiss Army KnifeReference Guide-Security Managers editionthat includes sample security policies, job/role descriptions, security review checklists,bibliography of printed and electronicsources of security and audit informationand tools, and a glossary of distributedcomputing terminology.

    Good fun andfilled with lots ofinteresting material

    Past delegate, BT Global Services

    Web Email Tel

    www.mistiasia.com [email protected] +852 2520 1481

    Course Director

    Charles Pask

    Gain access to an experienced professional who is still a practitioner. Mr. Pask will make the

    material lively and explain to you the fundamental building blocks to ensure success in your

    own audit environment.

    Charles Pask is the Managing Director of an IT security and IT audit consultancy. Previously,

    he was a Director with MIS Training, and Director of Information Security Institute (ISI)

    European and Middle East e-Security Services. Mr. Pask has over 25 years experience in IT, IT

    audit, and IT security, and was the Information Security Manager for Alliance & Leicester plc

    prior to joining MIS.

    More recently Mr. Pask was the Global Head of Strategy, Development and Globalisation for

    the Bristish Telecom Business Continuity, Security and Governance Practice.

    Mr. Pask has spoken at a number of conferences, including CISO, WebSec, Compsec, the

    International Security Managers Symposium, and various ISACA events. He was the

    Chairman of the European Chief Information Security Ocers (CISO) conferences for the last

    6 years and for the Middle East CISO conferences for the last 2 years. He will be Chairing both

    conferences in 2011.

    He delivers several MIS Training courses, including IT Auditing and Controls, IT Audit School,

    Risk Based IT Auditing, How to Manage an Information Security Program and Information

    Security School.

    He has also been a Senior Instructor for ISC2 for CISSP exam training. Mr Pask has helped

    over 300 students globally pass the CISSP exam.

  • 8/13/2019 Information Security Managers Academy

    4/4

    I prefer course updates by email.

    My email address is .

    Please fax back to +852 2866 7340 or email your details to [email protected].

    Please include the code that appears on top of the address label above in your email.

    Registration form Yes, please register me for:nformation Security Managers Academy (EMPS5505)

    on19-23 May 2014, Singapore

    Cant make this date? We schedule our courses throughout the year. Please contact us to check forlternative dates and locations.

    Delegate details (all of the following is required to process your registration)

    urname Mr/Mrs/Ms

    irst name

    osition Department

    Approving Manager Position

    Company

    Address

    Telephone Fax

    mail

    Course fee: US$4,450

    All fees are net of withholding, business and local taxes.

    Delegates registering from Singapore for Singapore courses will have to bear the

    prevailing GST at the date of the invoice.

    Seat is confirmed only upon receipt of payment.

    IIA Membership No.:

    ISACA Membership No.:

    Payment details(please tick as appropriate)

    Cheque Invoice Credit card#

    #To make this payment by credit card, please call +852 2520 1481.

    I have read and understood the booking terms and conditions

    Signature Date

    How did you hear about the course?

    The Global Leaderin Audit, Risk, Fraudand Security Training

    4 easy ways to

    register

    1. Web

    www.mistiasia.com

    2. Email

    [email protected]

    3. Telephone

    +852 2520 1481

    4. Facsimile

    +852 2866 7340

    Membership discountIIA and ISACA members save 10%

    This discount cannot be used in conjunction

    with any other offer.

    Group booking discount

    When two colleagues from one institution

    book together on the same course, there is a

    5% discount on the second booking. Further

    discounts are available for larger groups.

    Venue

    All of our courses are held in 4-5 star hotels,

    chosen for their location, facilities and level of

    service. You can be assured of a comfortable,

    convenient learning environment throughout

    the duration of the course.

    Due to the variation in delegate numbers,we will send venue confirmation to you

    approximately 2 weeks before the course

    commences.Register on-line at:

    www.mistiasia.com

    Please ensure you enter yourevent code when registeringand you will be entered into ourquarterly prize draw to win 50of Visa vouchers.

    IMPORTANT INFORMATION - YOUR EVENT CODE

    EMPS5505 - T

    MIS Training Institute (MISTI) is registered with the National Association of

    State Boards of Accountancy (NASBA) as a sponsor of continuing professional

    education on the National Registry of CPE Sponsors. State boards of accountancy

    have final authority on the acceptance of individual courses for CPE credit.

    Complaints regarding registered sponsors may be submitted to the National

    Registry of CPE Sponsors through its website: www.learningmarket.org

    Copyright EuromoneyTraining 2014

    course. Cancellations must be made in writing(letter or fax) with MISTIs acknowledgement.Written cancellations must reach t his office 30days before the programme commences. A fullrefund less an administration charge of US$150will be given. For any written cancellationrequests that reach us less than 30 days beforethe event, no refunds will be given. However,if you wish to attend another MISTI course inthe Asia-Pacific region, a 75% discount voucherwhich values not more than 75% of the initialpayment will be issued. Please note that thesubsequent course must take place within 6months of the initial registration. Discountvouchers are transferable within the sameorganisation, but not to be used in conjunctionwith any other discount schemes. Discountvouchers will not be issued for no-shows withoutcancellation. MISTI reserves the right to thefinal decision if any dispute arises.

    Flights and hotel accommodation shouldonly be purchased when our logistics teamcontact you to confirm the course venue. Theattendee is solely responsible for their flightand accommodation arrangements and costs.In the unlikely event MISTI should have tocancel an event it will not be responsible for anycosts incurred by attendees. MISTI thereforerecommends that clients purchase fullyrefundable air tickets and accommodation.

    Incorrect mailingPlease accept our apologies for mail whichis incorrectly addressed. Should you wish toamend the address/addressee details, please sendor fax us a copy of the relevant mailing label (onthe envelope or brochure) and we will updateour records accordingly.

    Data protectionThe information you provide on this form willbe used by Euromoney Institutional Investor

    PLC and its group companies (we or us)to process your order and/or deliver relevantproducts/services and content. We may alsomonitor your use of our website(s), includinginformation you post and actions you take,to improve our services to you and trackcompliance with our terms of use. Except to theextent you indicate your objection below, we mayalso use your data (including data obtained frommonitoring) (a) to keep you informed of ourproducts and services; (b) occasionally to allowcompanies outside our group to contact you withdetails of their products/services; or (c) for ourjournalists to contact you for resear ch purposes.As an international group, we may transferyour data on a global basis for the purposes

    DisclaimerMIS Training Institute (MISTI) reservesthe right to alter any part of the published

    programme or faculty. In the event of coursecancellation by MISTI due to unforeseencircumstances, MISTI limits its liabilities torefunding the tuition fee of the course.

    Fee includes tuition, documentation, lunch andrefreshments. Delegates are responsible for theirown flights and accommodation.An invoice will be sent upon receipt ofregistration form.

    a division ofEuromoney Institutional Investor

    indicated above, including to countries whichmay not provide the same level of protection topersonal data as within the European Union. Bysubmitting your details, you will be indicatingyour consent to the use of your data as identifiedabove. Further information on our use of yourpersonal data is set out in our privacy policy,which is available at www.euromoneyplc.com orcan be provided to you separately upon request.

    If you object to contact as identified above bytelephone , fax , or email , or post ,please tick the relevant box. If you do not wantus to share your information with our journalists

    , or other companies please tick the relevantbox.

    Cancellation policyIf any registered delegate cannot attend ourcourse, a replacement is always welcome for the