Information Security Managers’ Academy
-
Upload
raden-kertanegara -
Category
Documents
-
view
216 -
download
0
Transcript of Information Security Managers’ Academy
-
8/13/2019 Information Security Managers Academy
1/4
5 day course
19-23 May 2014
Singapore
Course Director
Charles PaskMr. Pask has over 25 years
experience in IT, IT audit and
IT security
Who should attend
Information Security and IT
Managers
Information Security Analysts
Security Architects Security Administrators (wanting
to move to management)
Risk Personnel
System Administrators
Network Administrators
IT Auditors
Internal Auditors
Earn 40 CPEsby attending
Prerequisite:None
Advanced Preparation:None
Learning Level:Intermediate
Field of Study:Specialized
Knowledge and Application
Delivery Method:Group Live
InformationSecurity ManagersAcademy
Explore the various aspects of InfoSec management in a changing ICT
environment
Discover how to make a dierence in your organisation by examining
a number of proven techniques for gaining support for your InfoSec
program
Gain insight into the building blocks for success for your program
Work with an InfoSec professional who has walked the walk
CISSP & CISM exams how to prepare for these
Why do we need controls?
Web Email Tel
www.mistiasia.com [email protected] +852 2520 1481
A step-by-step guide to establishing and managing an
information security program that works
SAVE
UP TO 50%
WITH IN HOUSE
TRAININGDetails inside
Each delegate will receive up to 2GB of additional
documentation, research, policies, awareness programme posters
and education tips.
PLUS
PLEASE REGISTER EARLY
Due to recent changes in VISA processing, delegates are strongly advisedto obtain relevant VISAs up to one month prior to the course.
A division ofThe Global Leaderin Audit, Risk, Fraudand Security Training
-
8/13/2019 Information Security Managers Academy
2/4
Course focus and features
Information risk management has become a serious priority. New legislation
and the best practice set forth in ISO27000 (old BS7799 and ISO-17799) point
to information risk analysis as the foundation of any program designed to
safeguard information assets.
If you have inherited a program that needs to be improved/benchmarked, this
course will be your step-by-step guide to establishing and managing a workable
information security program. If you are auditing the security environment, this
course will help you identify the essential elements that need to be in place for
your organisation to have effective controls.
The Course Director is a proven InfoSec Senior Manager with over 25 years
experience in managing an InfoSec team and running IT Audits. The course
begins with the building blocks of an Information Security Management System
(ISMS), using real-life scenarios and case studies to reinforce what you learn.This is not a technical course. Industry statistics show that over 70% of an
organisations InfoSec problems revolve around ill-advised staff or ineffective
InfoSec programs.
The course will cover:
The planning and management of the security program
Understanding internal and external threats to success
Establishing eective security policies
Disaster recovery and business continuity planning
Getting the business more involved with information security
Developing an enterprise security architecture
Identity and access control management Cryptography
Physical protection of your business and computing facilities
Employee privacy issues
The legal and regulatory aspects of information security, including
awareness programs
Copyright Euromoney Training2014
Day 1
Defining the information security business
case
Dening and delineating the attributes of
an information security program
Assessing threats to information security
and areas of vulnerability
Global legal and regulatory requirements
for data protection and privacy
International requirements (SOX, Basel, etc)
Current concerns in information security
Dening an enterprise information security
architecture
How our views on computer security have
changed
NIST, CERT, FIRST, DISA and other great
resources for information security
Security management: Strategic
components
Dening the information security
department charter Organising for success: Roles and
responsibilities
The security management cycle
Risk assessment and management
Strategic steps to security management
Overall management vs day-to-day
administration
Gaining management and organisational
support
Security policies, standards, and
procedures
Information classication and valuation
Creating awareness programs
Metrics, maturity models, and return on
security investment
Useful standards/guidelines for
information security: ISO, IETF, COBIT, NIST/
FISMA, NSA/DISA, OWASP, ISF, SANS, etc
InformationSecurity ManagersAcademy
5 day course
19-23 May 2014
Singapore
The course wasfascinating. Itcovered all the
areas and topics ofInfo. Security at amanagerial level. Itprovided me witha great guidanceand assurancein achieving myprogram
Info. Sec. Manager,
FALCOM Financial Services
EMPS5505 - TCOURSE CODE
MIS Training Institute provides specic, tailor-made in-house training on a wide varietyof internal audit, IT audit and information security topics. Clients can determinethe content, duration, and level of expertise of the course, creating a unique and
customised programme. All our in-house consultants are professional trainers anddraw on many years of practical experience in the audit and information security areas.
To nd out more about the special benets of in-house training, please contact:
Yvonne LimIn-house ManagerTel: +852 2520 1481 Email: [email protected]
Save time andmoney with IN-HOUSE TRAINING
You may use your attendance at courses held by MIS TrainingInstitute to qualify for CPD points with The Law Society of HongKong. If you wish to claim CPD Hours for your registered course,please inform us of this upon registration and pay one month in
advancein order for your CPD application to be processed. For further information onCPD accreditation please email us on [email protected]
CONTINUING
PROFESSIONAL
DEVELOPMENT
-
8/13/2019 Information Security Managers Academy
3/4
Day 2
Legislation and standards
Privacy protection laws
Anti-hacker legislation
Emerging international security standards
Common methods of identity theft
Emerging law
Best practice protections to prevent loss of
privacy
Creating a strong foundation through
policy
Examining your environment and business
drivers to create eective policies
Tips for quickly creating policies: Printed
and Internet resources
Tools and techniques for examining your
computing environment
Case study/class exercises: Developingorganisational policies
Examing delegates own policies and makingimprovements
Day 3
Information risk analysis
The risk analysis cycle and its components
Identifying assets in an information risk
analysis
Determining asset values
How the information risk management
process ts into the information protectionprogram
Integrating risk management into an
enterprise-wide process
Partners in the information risk management
process and their specic roles
Types of information risk analysis:
Quantitative vs qualitative approach
Software tools for performing the
information risk analysis process
Identifying asset categories: IT, business
processes, or business functions
Dening information risk analysis targets
and scope
The information owners role in the
information risk analysis process
Risk management
Arriving at an acceptable level of risk
Uncovering information vulnerabilities
There will be case studies and opportunitiesto assess delegates own risk processes
Business impact analysis (BIA)
BIA process: Components and denitions
BIA as the key to a successful data security
program
Partners in the business impact process
and the role each one plays
Day 4
Physical, hardware and environmental
security
Physical security
Hardware security
Media security
Environmental controls in the distributed
environment
Protecting the network perimeter: network
and workstation security
Network security management primer
Firewalls
Intrusion detection and incident response
Virtual private networks
Workstation security
Wireless and mobile device security
Day 5
Tools that can help create awareness
Methods for selecting eective tools,
techniques, and trinkets
Gaining management support
Video examples and cost-eective sources
for awareness
Roles and responsibilities
Dening the BCP management process
Using the business impact analysis (BIA)
Redundancy, backup, and fault tolerance
System and organisation-wide recovery
Plan management and testing
Levels of preparedness
Testing your plan
The future of information security in the
organisation
Management support
Relating security to the business
Nurturing the security and audit
relationship
Funding, stang and know-how
Keeping current
12-point plan for success
Bonus: You will receive the Swiss Army KnifeReference Guide-Security Managers editionthat includes sample security policies, job/role descriptions, security review checklists,bibliography of printed and electronicsources of security and audit informationand tools, and a glossary of distributedcomputing terminology.
Good fun andfilled with lots ofinteresting material
Past delegate, BT Global Services
Web Email Tel
www.mistiasia.com [email protected] +852 2520 1481
Course Director
Charles Pask
Gain access to an experienced professional who is still a practitioner. Mr. Pask will make the
material lively and explain to you the fundamental building blocks to ensure success in your
own audit environment.
Charles Pask is the Managing Director of an IT security and IT audit consultancy. Previously,
he was a Director with MIS Training, and Director of Information Security Institute (ISI)
European and Middle East e-Security Services. Mr. Pask has over 25 years experience in IT, IT
audit, and IT security, and was the Information Security Manager for Alliance & Leicester plc
prior to joining MIS.
More recently Mr. Pask was the Global Head of Strategy, Development and Globalisation for
the Bristish Telecom Business Continuity, Security and Governance Practice.
Mr. Pask has spoken at a number of conferences, including CISO, WebSec, Compsec, the
International Security Managers Symposium, and various ISACA events. He was the
Chairman of the European Chief Information Security Ocers (CISO) conferences for the last
6 years and for the Middle East CISO conferences for the last 2 years. He will be Chairing both
conferences in 2011.
He delivers several MIS Training courses, including IT Auditing and Controls, IT Audit School,
Risk Based IT Auditing, How to Manage an Information Security Program and Information
Security School.
He has also been a Senior Instructor for ISC2 for CISSP exam training. Mr Pask has helped
over 300 students globally pass the CISSP exam.
-
8/13/2019 Information Security Managers Academy
4/4
I prefer course updates by email.
My email address is .
Please fax back to +852 2866 7340 or email your details to [email protected].
Please include the code that appears on top of the address label above in your email.
Registration form Yes, please register me for:nformation Security Managers Academy (EMPS5505)
on19-23 May 2014, Singapore
Cant make this date? We schedule our courses throughout the year. Please contact us to check forlternative dates and locations.
Delegate details (all of the following is required to process your registration)
urname Mr/Mrs/Ms
irst name
osition Department
Approving Manager Position
Company
Address
Telephone Fax
mail
Course fee: US$4,450
All fees are net of withholding, business and local taxes.
Delegates registering from Singapore for Singapore courses will have to bear the
prevailing GST at the date of the invoice.
Seat is confirmed only upon receipt of payment.
IIA Membership No.:
ISACA Membership No.:
Payment details(please tick as appropriate)
Cheque Invoice Credit card#
#To make this payment by credit card, please call +852 2520 1481.
I have read and understood the booking terms and conditions
Signature Date
How did you hear about the course?
The Global Leaderin Audit, Risk, Fraudand Security Training
4 easy ways to
register
1. Web
www.mistiasia.com
2. Email
3. Telephone
+852 2520 1481
4. Facsimile
+852 2866 7340
Membership discountIIA and ISACA members save 10%
This discount cannot be used in conjunction
with any other offer.
Group booking discount
When two colleagues from one institution
book together on the same course, there is a
5% discount on the second booking. Further
discounts are available for larger groups.
Venue
All of our courses are held in 4-5 star hotels,
chosen for their location, facilities and level of
service. You can be assured of a comfortable,
convenient learning environment throughout
the duration of the course.
Due to the variation in delegate numbers,we will send venue confirmation to you
approximately 2 weeks before the course
commences.Register on-line at:
www.mistiasia.com
Please ensure you enter yourevent code when registeringand you will be entered into ourquarterly prize draw to win 50of Visa vouchers.
IMPORTANT INFORMATION - YOUR EVENT CODE
EMPS5505 - T
MIS Training Institute (MISTI) is registered with the National Association of
State Boards of Accountancy (NASBA) as a sponsor of continuing professional
education on the National Registry of CPE Sponsors. State boards of accountancy
have final authority on the acceptance of individual courses for CPE credit.
Complaints regarding registered sponsors may be submitted to the National
Registry of CPE Sponsors through its website: www.learningmarket.org
Copyright EuromoneyTraining 2014
course. Cancellations must be made in writing(letter or fax) with MISTIs acknowledgement.Written cancellations must reach t his office 30days before the programme commences. A fullrefund less an administration charge of US$150will be given. For any written cancellationrequests that reach us less than 30 days beforethe event, no refunds will be given. However,if you wish to attend another MISTI course inthe Asia-Pacific region, a 75% discount voucherwhich values not more than 75% of the initialpayment will be issued. Please note that thesubsequent course must take place within 6months of the initial registration. Discountvouchers are transferable within the sameorganisation, but not to be used in conjunctionwith any other discount schemes. Discountvouchers will not be issued for no-shows withoutcancellation. MISTI reserves the right to thefinal decision if any dispute arises.
Flights and hotel accommodation shouldonly be purchased when our logistics teamcontact you to confirm the course venue. Theattendee is solely responsible for their flightand accommodation arrangements and costs.In the unlikely event MISTI should have tocancel an event it will not be responsible for anycosts incurred by attendees. MISTI thereforerecommends that clients purchase fullyrefundable air tickets and accommodation.
Incorrect mailingPlease accept our apologies for mail whichis incorrectly addressed. Should you wish toamend the address/addressee details, please sendor fax us a copy of the relevant mailing label (onthe envelope or brochure) and we will updateour records accordingly.
Data protectionThe information you provide on this form willbe used by Euromoney Institutional Investor
PLC and its group companies (we or us)to process your order and/or deliver relevantproducts/services and content. We may alsomonitor your use of our website(s), includinginformation you post and actions you take,to improve our services to you and trackcompliance with our terms of use. Except to theextent you indicate your objection below, we mayalso use your data (including data obtained frommonitoring) (a) to keep you informed of ourproducts and services; (b) occasionally to allowcompanies outside our group to contact you withdetails of their products/services; or (c) for ourjournalists to contact you for resear ch purposes.As an international group, we may transferyour data on a global basis for the purposes
DisclaimerMIS Training Institute (MISTI) reservesthe right to alter any part of the published
programme or faculty. In the event of coursecancellation by MISTI due to unforeseencircumstances, MISTI limits its liabilities torefunding the tuition fee of the course.
Fee includes tuition, documentation, lunch andrefreshments. Delegates are responsible for theirown flights and accommodation.An invoice will be sent upon receipt ofregistration form.
a division ofEuromoney Institutional Investor
indicated above, including to countries whichmay not provide the same level of protection topersonal data as within the European Union. Bysubmitting your details, you will be indicatingyour consent to the use of your data as identifiedabove. Further information on our use of yourpersonal data is set out in our privacy policy,which is available at www.euromoneyplc.com orcan be provided to you separately upon request.
If you object to contact as identified above bytelephone , fax , or email , or post ,please tick the relevant box. If you do not wantus to share your information with our journalists
, or other companies please tick the relevantbox.
Cancellation policyIf any registered delegate cannot attend ourcourse, a replacement is always welcome for the