

Overview
This is a 3-day class.
In this course, students will establish processes to ensure that information security measures align with established business needs.
Course Outline
1 Information Security Governance
- Develop an Information Security Strategy
- Align Information Security Strategy with Corporate Governance Identify Legal and Regulatory Requirements
- Justify Investment in Information Security Identify Drivers Affecting the Organization
- Obtain Senior Management Commitment to Information Security
- Define Roles and Responsibilities for Information Security Establish Reporting and Communication Channels
2 Information Risk Management
- Implement an Information Risk Assessment Process Determine Information Asset Classification and Ownership Conduct Ongoing Threat and Vulnerability Evaluations Conduct Periodic BIAs
- Identify and Evaluate Risk Mitigation Strategies
- Integrate Risk Management into Business Life Cycle Processes Report Changes in Information Risk
1 Information Security Program Development
- Develop Plans to Implement an Information Security Strategy Security Technologies and Controls
- Specify Information Security Program Activities Coordinate Information Security Programs with Business Assurance Functions
- Identify Resources Needed for Information Security Program Implementation
- Develop Information Security Architectures Develop Information Security Policies
- Develop Information Security Awareness, Training, and Education Programs
- Develop Supporting Documentation for Information Security Policies
2 Information Security Program Implementation
- Integrate Information Security Requirements into Organizational Processes
- Integrate Information Security Controls into Contracts Create Information Security Program Evaluation Metrics
3 Information Security Program Management
- Manage Information Security Program Resources Enforce Policy and Standards Compliance Enforce Contractual Information Security Controls
- Enforce Information Security During Systems Development Maintain Information Security Within an Organization Provide Information Security Advice and Guidance
- Provide Information Security Awareness and Training Analyze the Effectiveness of Information Security Controls Resolve Noncompliance Issues
4 Incident Management and Response
- Develop an Information Security Incident Response Plan Establish an Escalation Process
- Develop a Communication Process Integrate an IRP
- Develop IRTs Test an IRP
- Manage Responses to Information Security Incidents Perform an Information Security Incident Investigation Conduct Post-Incident Reviews