(314) 504-0530 info@bac-mail.com

Developing an Information Security Program

  • CPE Credits: 8
  • Prerequisites: None
  • Learning Level: Basic
  • Instructional Method: Group-live
  • Field of Study: Information Technology – Technical
Course Revision Date: March 1, 2023

Back to Training Catalog >

Course Description
Information is one of an organization’s most important assets. Protection of information assets is necessary to establish and maintain trust between the organization and its customers, maintain compliance with the law, and protect the reputation of the organization. Timely and reliable information is necessary to process transactions and support organization and customer decisions. An organization’s earnings and capital can be adversely affected if information becomes known to unauthorized parties, is altered, or is not available when it is needed.

Information security is the process, by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations.

Organizations often inaccurately perceive information security as the state or condition of controls at a point in time. Security is an ongoing process, whereby the condition of an organization’s controls is just one indicator of its overall security posture. Other indicators include the ability of the organization to continually assess its posture and react appropriately in the face of rapidly changing threats, technologies, and business conditions.

The purpose of an information security program is to:

  1. Establish an organization-wide approach to ensure the accuracy, security and protection of information in the organization’s custody, regardless of format.
  2. Prevent and protect against any anticipated threats and hazards to the security or integrity of organizational information.
  3. Ensure organization-wide compliance to applicable laws, regulations, policies and practices.
  4. Prevent and protect against the unauthorized access to or use of organization information, including confidential and personal information.

This seminar addresses the ways and means of developing an information security program that enables an organization to meet its business objectives by implementing business systems with due consideration of information technology (IT)-related risks to the organization, business and trading partners, technology service providers, and customers.

Audience
This presentation is intended for:
  • Internal and external auditors (IT, financial, operational)
  • Company Board members
  • Executive and Senior management
  • Management consultants
  • Big 4 Senior Managers/Partners
  • General Counsels and attorneys
  • C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
  • Controllers and general accounting managers
  • Security and Risk Compliance Officers
  • Directors of Human Recourses
  • Professionals responsible for assessing or implementing organization-wide information security programs
Objectives
After completing this seminar, the participant will be able to:
  1. Breakdown information security management strategies into manageable and maintainable plans for implementing information security policies and procedures.
  2. Identify activates associated with a vibrant information security program.
  3. Recognize needed information security controls
  4. Design applicable information security controls, as warranted by the operational environment
  5. Construct appropriate tests of selected information security controls
  6. Evaluate logical and physical information security architectures
  7. Produce information security policies, guidelines, procedures
  8. Assess the integration of information security requirements into organizational processes
  9. Understand and recognize appropriate information security metrics
  10. Assist in developing a business case for implementation of a viable information security program, across the enterpris
Course Outline

Please contact Al with a request for a detailed course outline…

albert@bac-mail.com

Need more information?

If have questions or would like more information about any of our courses please contact us using the form below. We look forward to hearing from you.

5 + 8 =

Request a Consultation Today

We provide a variety of consultation services and training options to fit the demanding and changing needs of our clients. Contact us today and we will help you determine the best way to meet your goals.

cybersecurity and infrastructure security angency

BAC is a vetted, current provider of training courses through the NICCS Education and Training Catalog. BAC’s courses are aligned to the specialty areas of the National Cybersecurity Workforce Framework.