Information Security Management (Mini Master)IMF Academy
- Praktisches Seminar
Häufig gestellte Fragen
· Welche Ziele werden in diesem Kurs verfolgt?
Information Security Management – learning objectives This high-level Information Security Management course will facilitate you to become an intermediary between top management, the IT department and operational units within your organization with regard to Information Security. The Mini Master Information Security Management allows you to: develop Information Security and risk management strategies and policies suited to your organizational needs; set up Information Security and risk management processes, and embed them in other corporate processes to ensure good governance; raise Information Security awareness and determine what Information Security measures need to be taken; ensure that organizational and procedural-based security measures are designed and managed, taking into account all legal, business and user aspects; use design principles to ensure secure systems and develop security architectures; and constructively collaborate with technical Information Security experts and harmonize policies, operational activities and Information Security IT aspects. After completing this program you have further developed these professional skills.
· An wen richtet sich dieser Kurs?
The Mini Master Information Security Management is intended for professionals who operate at a management level or have management level aspirations. Positions held by participants include those of (Corporate) Information Security Officer, Chief Information Security Officer (CISO), Chief Information Officer (CIO), IT Consultant, IT Auditor, Business Analyst, Service Delivery Manager, IT Department Manager, Security Manager, and Governance, Risk and Compliance (GRC) Manager. The participants are active in various types of organizations, such as consulting and auditing firms, IT service suppliers, manufacturing, healthcare and governmental organizations.
Was lernen Sie in diesem Kurs?
Information security management
Enterprise Risk Management
IMF is an independent publisher of distance learning courses and organizer of hot topical classroom based trainings and in-company trainings. Should you have questions of suggestions, please contact us at +31 40 246 02 20 or firstname.lastname@example.org
MODULE I Information Security Management – understanding the strategic context
Module I discusses the broader organizational context of Information Security and provides a pragmatic approach to align the Information Security strategy with the organization’s strategic goals. In addition, related governance, legal and compliance aspects will be covered as well as the economics of Information Security. Topics are:
- Information Security and Business & IT Alignment: Critical Succes Factors for Information Security Management
- Enterprise Risk Management: Risk standards (ISO)
- Impact Analysis
- Economics of Security: Security Balanced Scorecard (BSC)
In module II you will learn how to compose a professional Information Security Management System (ISMS) for your organization, starting from identifying the relevant information risks, to getting approval to start the security initiative, to finally launching it through a project-based approach. You will learn how to build and execute a short-, mid- and long-term Information Security program. Topics are:
- How to promote Security Awareness: the use of models
- Security Governance: organization, management, responsibilities, reporting
- Program Development and Management
- Incident Management and Response
Module III addresses all operational matters related to Information Security Management, including questions such as how to keep Information Security on the agenda and how to control Information Security within the predefined requirements and agreements. The module also explores new security management challenges caused by new technological developments. Topics are:
- Cyber Security and Infrastructure
- IT Security Frameworks
- NIST (National Institute of Standards and Technology)
- Technical Risk Assessment
- IT Continuity Management
- Disaster Recovery
- Presentation of Information Security Management evaluation by participating organizations