Developing an Information Security Program
- CPE Credits: 8
- Prerequisites: None
- Learning Level: Basic
- Instructional Method: Group-live
- Field of Study: Information Technology – Technical
Course Revision Date: March 1, 2023
Course Description
Information security is the process, by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations.
Organizations often inaccurately perceive information security as the state or condition of controls at a point in time. Security is an ongoing process, whereby the condition of an organization’s controls is just one indicator of its overall security posture. Other indicators include the ability of the organization to continually assess its posture and react appropriately in the face of rapidly changing threats, technologies, and business conditions.
The purpose of an information security program is to:
- Establish an organization-wide approach to ensure the accuracy, security and protection of information in the organization’s custody, regardless of format.
- Prevent and protect against any anticipated threats and hazards to the security or integrity of organizational information.
- Ensure organization-wide compliance to applicable laws, regulations, policies and practices.
- Prevent and protect against the unauthorized access to or use of organization information, including confidential and personal information.
This seminar addresses the ways and means of developing an information security program that enables an organization to meet its business objectives by implementing business systems with due consideration of information technology (IT)-related risks to the organization, business and trading partners, technology service providers, and customers.
Audience
- Internal and external auditors (IT, financial, operational)
- Company Board members
- Executive and Senior management
- Management consultants
- Big 4 Senior Managers/Partners
- General Counsels and attorneys
- C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
- Controllers and general accounting managers
- Security and Risk Compliance Officers
- Directors of Human Recourses
- Professionals responsible for assessing or implementing organization-wide information security programs
Objectives
- Breakdown information security management strategies into manageable and maintainable plans for implementing information security policies and procedures.
- Identify activates associated with a vibrant information security program.
- Recognize needed information security controls
- Design applicable information security controls, as warranted by the operational environment
- Construct appropriate tests of selected information security controls
- Evaluate logical and physical information security architectures
- Produce information security policies, guidelines, procedures
- Assess the integration of information security requirements into organizational processes
- Understand and recognize appropriate information security metrics
- Assist in developing a business case for implementation of a viable information security program, across the enterpris
Course Outline
Please contact Al with a request for a detailed course outline…
Need more information?
If have questions or would like more information about any of our courses please contact us using the form below. We look forward to hearing from you.
Request a Consultation Today
We provide a variety of consultation services and training options to fit the demanding and changing needs of our clients. Contact us today and we will help you determine the best way to meet your goals.
BAC is a vetted, current provider of training courses through the NICCS Education and Training Catalog. BAC’s courses are aligned to the specialty areas of the National Cybersecurity Workforce Framework.
