Find Course Dates
Can't find suitable course dates?
We frequently publish new course dates but if you don’t see any dates that work for you, make a request by getting in touch here.
If you’d like us to deliver this course in-house or in-person for your team, you can request here.
Course Content
Information Security Management Principles
Identify definitions, meanings and use of concepts and terms across information security management. Explain the need for, and the benefits of information security.
Information Risk
Gain an appreciation of risk assessment and management as it applies to information security including how threats and vulnerabilities lead to risks, conducting risk assessments and appropriate risk responses.
Outline the threats to and vulnerabilities of information systems and describe the processes for understanding and managing risk relating to information systems.
Information Security Framework
Explain how risk management should be implemented in an organisation. Interpret general principles of law, legal jurisdiction and associated topics as they affect information security management covering a broad spectrum from the security implications on compliance with legal requirements affecting business (e.g. international electronic commerce) to laws that directly affect the way information can be monitored and copied. Describe the number of common, established standards and procedures that directly
affect information security management.
Security Lifecycle
Demonstrate an understanding of the importance and relevance of the information lifecycle. Identify the following stages of the information lifecycle. Outline the following concepts of the design process lifecycle including essential and non-functional requirements. Demonstrate an understanding of the importance of appropriate technical audit and review processes, of effective change control and of configuration management. Explain the risks to security brought about by systems development and support.
Procedural/People Security Controls
Explain the risks to information security involving people. Describe user access controls that may be used to manage those risks. Identify the importance of appropriate training for all those involved with information.
Technical Security Controls
Outline the technical controls that can be used to help ensure protection from Malicious Software. Identify information security principles associated with the underlying networks and communications systems. Recognise the information security issues relating to value-added services that use the underlying networks and communications systems. Recall the information security issues relating to organisations that utilise cloud computing facilities. Cloud computing is location-independent computing providing off-site resources, (e.g. services, applications and storage facilities). Define the following aspects of security in information systems, including operating systems, database and file management systems, network systems and applications systems and how they apply to the IT infrastructure.
Physical and Environmental Security Controls
Outline the physical aspects of security available in multi-layered defences and explain how the environmental risks to information in terms of the need, for example, for appropriate power supplies, protection from natural risks (fire, flood, etc.) and in the everyday operations of an organisation.
Disaster Recovery and Business Continuity Management
Describe the differences between and the need for business continuity and disaster recovery.
