38 Certified Information Security Manager (CISM) courses in Liverpool delivered Live Online

Duration 2 Days 12 CPD hours This course is intended for Data Protection Officers IT Managers and Administrators Records Managers System Developers IT Security specialist Anyone who builds and develops IT systems Overview Critical data protection concepts and practices that impact IT Consumer data protection expectations and responsibility How to bake privacy into early stages of IT products and services for cost control, accuracy and speed-to-market How to establish data protection practices for data collection and transfer How to preempt data protection issues in the Internet of Things How to factor data protection into data classification and emerging tech such as cloud computing, facial recognition and surveillance How to communicate data protection issues with partners such as management, development, marketing and legal The Principles of Privacy in Technology training is the how to course on privacy and data protection practices in the development, engineering, deployment and auditing of IT products and services. Those taking the course will develop an understanding of privacy-related issues and practices in the context of the design and implementation of information and communication technologies and systems. The training is based on the body of knowledge for the IAPP?s ANSI accredited Certified Information Privacy Technologist (CIPT) certification program. Fundamentals of information privacy Reviewing the modern history of privacy Foundational privacy concepts Data protection roles and fair information practices Exploring the impacts of privacy and data protection regulations on information management Privacy in the IT environment Compliance requirements IT risks Stakeholder privacy expectations Differentiating between privacy and security Core privacy concepts Foundational elements for embedding privacy in IT Common privacy principles Data protection by design and default Privacy considerations in the information life cycle Privacy considerations throughout the stages of the information life cycle Privacy in systems and applications Examining the risks inherent in the IT environment and options for addressing them Identity and access management Credit card information and processing Remote access BYOD and telecommuting Data encryption Additional privacy-enhancing technologies in the enterprise environment Privacy techniques Strengths and weaknesses of authentication techniques Using identifiers Privacy by design Online privacy issues Unique challenges that come from online privacy issues Laws and regulations Online threats Social media E-commerce Tracking technologies Web security protocols Technologies with privacy considerations Privacy considerations associated with a variety of technologies Cloud computing Wireless IDs Location-based services ?Smart? technologies Video/data/audio surveillance Biometric recognition

Duration 2 Days 12 CPD hours This course is intended for Data Protection Officers Data Protection Managers Auditors Legal Compliance Officers Security Manager Information Managers Anyone involved with data protection processes and programs Overview It will show the world that students know privacy laws and regulations and how to apply them, and that students know how to secure your place in the information economy. When students earn a CIPP credential, it means they've gained a foundational understanding of broad global concepts of privacy and data protection law and practice, including: jurisdictional laws, regulations and enforcement models; essential privacy concepts and principals; legal requirements for handling and transferring data and more. The Certified Information Privacy Professional/United States (CIPP/US) program, developed by the International Association of Privacy Professionals (IAPP) - the world?s largest comprehensive global information privacy community and resource, was the first professional certification ever to be offered in information privacy. The CIPP/US credential demonstrates a strong foundation in U.S. privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the U.S., the EU and other jurisdictions.This course will provide you with a foundational understanding of broad global concepts of privacy and data protection law and practice, including: jurisdictional laws, regulations and enforcement models; essential privacy concepts and principals; legal requirements for handling and transferring data and more. Introduction to privacy Modern history of privacy Introduction to personal information Overview of data protection roles Summary of modern privacy frameworks Structure of U.S. law Structure and sources of U.S. law and relevant terms Governmental bodies having privacy and information security authority General Data Protection Regulation overview (GDPR) High-level overview of the GDPR Significance of the GDPR to U.S. organizations Roles and responsibilities outlined in the law California Consumer Privacy Act of 2018 (CCPA) High-level overview of the newly passed California Consumer Privacy Act of 2018 Scope Consumer rights Business obligations Enforcement Enforcement of U.S. privacy and security laws Distinguishing between criminal and civil liability Comparing federal and state authority Theories of legal liability Enforcement powers and responsibilities of government bodies, such as the FTC and state attorneys general Information management from a U.S. perspective Developing a privacy program Role of privacy professionals and accountability Employee training User preferences Managing vendors Data classification Federal versus state authority Differences between federal and state authority Preemption Healthcare Privacy laws in healthcare Major components of HIPAA Development of HITECH Privacy protections mandated by other significant healthcare laws Financial privacy Goals of financial privacy laws Key concepts of FCRA, FACTA and GLBA Red Flags Rule, Dodd-Frank and consumer protection laws Education Privacy rights and protections under FERPA Recent amendments provided by PPRA and NCLBA Telecommunications and marketing Rules and regulations of telecommunications entities Laws that govern marketing Addressing privacy in the digital advertising Law enforcement and privacy Privacy laws on intercepting communication Telecommunications industry and law enforcement Laws ensuring rights to financial privacy National security and privacy Rules and regulations on intercepting communication Evolution of the law Collaboration of government agencies and private companies to improve cybersecurity Civil litigation and privacy Privacy issues related to litigation Electronic discovery, redaction and protective orders U.S. discovery rules versus foreign laws Legal overview of workplace privacy Federal and state laws regulating and protecting employee privacy Federal laws prohibiting discrimination Privacy before, during and after employment Lifecycle of employee privacy Background screening Employee monitoring Investigating misconduct and termination Antidiscrimination laws ?Bring your own device? policies State data security laws State laws impacting data security Social Security number use regulation Laws governing data destruction Data breach notification laws Scope of state data breach notification law Nine elements of state data breach notification laws Major differences in state laws

Duration 4 Days 24 CPD hours This course is intended for IS Security Officers IS Managers Risk Managers Auditors Information Systems Owners IS Control Assessors System Managers Government Employees Overview Upon completion, Certified Threat Intelligence Analyst students will be able to proactively collect threat data and implement strategies to limit exposure to those threats. Additionally, they will be prepared to take the C)TIA exam Everywhere you turn today, you hear about the need for threat intelligence analysis! However, in some cases, it is just a buzzword, while in other cases, threat intelligence is being touted as the remedy toward advanced persistent threats. The real question is, how do we leverage threat intelligence to reduce network vulnerabilities without wasting time and money? The answer is simple, Mile2?s Certified Threat Intelligence Analyst course. Mile2?s CTIA course will help security professionals learn how to make good use of the many sources of threat intelligence. It will aid an individual to understand what threat sources are helpful, which specific threats are targeted and which ones may need minor adjustments to monitor within your organization. Mile2?s CTIA course focuses heavily on hands-on labs, concentrating on discerning and interpreting threats and responding to them.ÿ The CTIA course focuses overall on current significant threats, threat actors, and identification procedures so that cyber-security professionals can implement the best policies and procures for their organizational security posture. Once complete, the student will be competent toward improving a company?s existing security infrastructure. Policies and methodologies learned in the CTIA will allow the student to use threat intelligence concepts to decrease overall company risk. Course Outline Threat Intelligence Basics Cyber Threats Threat Actors Case Studies Threat Identification Proactive Approach

Duration 4.125 Days 24.75 CPD hours This course is intended for The job roles best suited to the material in this course are: Project managers and consultants involved in and concerned with the implementation of an ISMS, expert advisors seeking to master the implementation of an ISMS, individuals responsible for ensuring conformity to information security requirements within an organization Overview Master the concepts, approaches, methods and techniques used for the implementation and effective management of an ISMS Learn how to interpret the ISO/IEC 27001 requirements in the specific context of an organization Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks Acquire the expertise to advise an organization in implementing Information Security Management System best practices This training course is designed to prepare you to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement. Introduction to ISO/IEC 27001 and initiation of an ISMS Training course objectives and structure Standards and regulatory frameworks Information Security Management System (ISMS) Fundamental information security concepts and principles Initiation of the ISMS implementation Understanding the organization and its context ISMS scope Planning the implementation of an ISMS Leadership and project approval Organizational structure Analysis of the existing system Information security policy Risk management Statement of Applicability Implementation of an ISMS Documented information management Selection and design of controls Implementation of controls Trends and technologies Communication Competence and awareness Security operations management ISMS monitoring, continual improvement, and preparation for the certification audit Monitoring, measurement, analysis, and evaluation Internal audit h Management review Treatment of nonconformities Continual improvement Preparing for the certification audit Certification process and closing of the training course

Duration 2 Days 12 CPD hours This course is intended for Die Zertifizierung EXIN Information Security Foundation based on ISO/IEC 27001 richtet sich an alle in der Datenverarbeitung tätigen Mitarbeiter. Das Modul eignet sich auch für kleine und mittelständische Unternehmer, die ein bestimmtes Grundwissen im Bereich der Informationssicherheit benötigen. Für Fachkräfte, die neu auf dem Gebiet der Informationssicherheit sind, ist dieses Modul ein guter Anfang. Overview Anwendungsbereich Mit einer Zertifizierung EXIN Information Security Foundation based on ISO/IEC 27001 können Professionals ihr Wissen in folgenden Bereichen nachweisen: Information und Sicherheit: der Begriff, der Wert, die Bedeutung und die Informationssicherheit Bedrohungen und Risiken: die Begriffe Bedrohung und Risiko und wie diese mit der Zuverlässigkeit von Informationen in Beziehung stehen Verfahren und Organisation: Sicherheitsrichtlinie und Sicherheitsorganisation einschließlich der Bestandteile der Sicherheitsorganisation sowie der Umgang mit (Sicherheits)vorfällen Maßnahmen: die Bedeutung von Sicherheitsmaßnahmen wie zum Beispiel physischen, technischen und organisatorischen Maßnahmen Gesetze und Vorschriften: die Bedeutung und Auswirkung von Gesetzen und Vorschriften ie EXIN-Module zum Thema Informationssicherheitsmanagement definieren Informationssicherheit wie folgt: Bei dem Informationssicherheitsmanagement geht es um die Definition, Umsetzung, Aufrechterhaltung, Einhaltung und Bewertung von koh„renten Kontrollen (Maánahmen), die die Verfgbarkeit, Integrit„t, und Vertraulichkeit der (manuellen und automatisierten) Informationsverarbeitung sichern. Das Modul EXIN Information Security Foundation based on ISO/IEC 27001 prft die Grundbegriffe der Informationssicherheit und ihre Beziehungen zueinander. Eine der Zielsetzungen des Moduls ist das Bewusstsein fr den Wert von Informationen zu wecken und ein Verst„ndnis fr die Schwachstellen der Informationsverarbeitung zu vermitteln, um zu verstehen, welche Maánahmen zum Schutz von Informationen notwendig sind. Information und Sicherheit Der Begriff Information Der Wert von Informationen Aspekte der Zuverl„ssigkeit Bedrohungen und Risiken Bedrohungen und Risiken Verfahren und Organisation Sicherheitsrichtlinie und Sicherheitsorganisation Bestandteile Incident Management Maánahmen Bedeutung von Maánahmen Physische Maánahmen Technische Maánahmen Organisatorische Maánahmen Gesetzgbeung und Vorschriften Gesetzgebung und Vorschriften

Duration 5 Days 30 CPD hours This course is intended for Penetration Testers Microsoft Administrator Security Administrators Active Directory Administrators Anyone looking to learn more about security Overview The person who carries this certification should be able to analyze an organization's existing systems then plan and create an incident handling system that will prevent, detect, and respond to cyber attacks The Certified Incident Handling Engineer course, C)IHE, is designed to help Incident Handlers, System Administrators, and Security Engineers understand how to plan, create and utilize their systems. Prevent, detect and respond to attacks through the use of hands-on labs in our exclusive Cyber Range. With this in-depth training, you will learn to develop start to finish processes for establishing your Incident Handling team, strategizing for each type of attack, recovering from attacks and much more. Course Outline Incident Handling Explained Incident Response Policy, Plan and Procedure Creation Incident Response Team Structure Incident Response Team Services Incident Response Recommendations Preparation Detection and Analysis Containment, Eradication and Recovery GRR Rapid Response Request Tracker for Incident Response Post Incident Activity Incident Handling Checklist Incident Handling Recommendations Coordination and Information Sharing

Duration 3 Days 18 CPD hours This course is intended for Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Overview The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN) tests understanding of the organizational and managerial aspects of information security.The subjects of this module are: Information security perspectives: business, customer, service provider/supplier Risk Management: analysis, controls, remaining risks Information security controls: organizational, technical, physical. Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC 27000 definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their staff, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service. Information Security Perspectives The candidate understands the business interest of information security The canidate understands the customer perspective on governance The candidate understands the supplierïs responsibilities in security assurance Risk Mangement The candidate understands the principles of risk management The candidate knows how to control risks The candidate knows how to deal with remaining risks Information Security Controls The candidate has knowledge of organizational controls The candidate has knowledge of technical controls The candidate has knowledge of physical, employment-related and continuity controls

Duration 3 Days 18 CPD hours This course is intended for This course is most suited for IT professionals who have a need to understand the current requirements and core competences for managing IT in mission-critical environments. Overview After completion of the course the participant will be able to: 1. Provide guidance and implementation for IT strategy as set by senior IT and business management 2. Select and manage staff, implement training programs, career plan development and job rotation programs 3. Select, evaluate and negotiate vendors using RFI, RFP and selection criteria 4. Provide guidance for developing, testing and implementing business applications 5. Manage and/or assist in IT project management 6. Design and implement service management processes for incident, problem and change management 7. Understand the need for business continuity and design the business continuity plan 8. Review and implement information security practices and controls 9. Assist and initiate risk management practices 10. Understand and select new technologies such as cloud computing, big data, Internet of Things and social media to support business change demands 11. Select strategies for information management 12. Measure and improve quality of IT services CITS is designed to teach the skills, knowledge and competencies required of the modern IT specialist working at the senior professional, team-leader, supervisor or management level in IT management. IT Strategy The need for Information Technology Enterprise architecture Service catalogue Service level management Sustainable development IT Organisation Personnel need Roles and responsibilities Sourcing Selection process Hiring staff Managing staff Career planning Training / job rotation Performance appraisal Staff departures Vendor Selection / Management The importance of vendors Vendor selection Request For Information (RFI) Request For Proposal (RFP) Proposal evaluation Vendor reference checks Contract negotiation Contract management Vendor management Re-compete vendors Project Management Methodologies Project organisation Starting up / initiating Planning / initiation a project Risk Quality Scope Work / Product Breakdown Structure PERT diagram / Gantt chart Cost Communication Application Management Software Development Life Cycle (SDLC) Software Quality Assurance (SQA) Requirements Development Testing Adoption (implementation) Maintenance Service Management Incident management Problem management Change management Business Continuity Management Standards and guidelines Objectives Context Interested parties Scope Roles and responsibilities Resources and competences Awareness and communication Documentation Business Impact Analysis Risk Management Guidelines Context establishment Identification Analysis Evaluation Treatment Communication Monitoring and control Information Security Management Standards Confidentiality Integrity Availability Controls types Guideline for controls selection Control categories Information security awareness Security incident response Information and Knowledge Management Information management Data management Information management - technologies Business intelligence Data management - technologies Best practices in data governance Pitfalls in data governance Business Change Management Business change Frameworks, models and techniques Needs identification Cloud computing Social media / digital marketing Big data Internet of Things (IoT) Quality Management Standards, guidelines and frameworks Objectives Activities Services review Customer feedback Customer survey Key Performance Indicators (KPI) Metrics Scorecards and reports Quality register Exam Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Duration 4 Days 24 CPD hours This course is intended for Risk professionals Business analysts Project managers Compliance professionals IT professionals Anyone whose work includes evaluating and mitigating risk Overview This boot camp prepares you to pass the ISACA CGEIT exam, which covers four domain areas designed to reflect the work performed by individuals who have a significant management, advisory or assurance role relating to the governance of IT. Domain 1: Governance of enterprise IT Domain 2: IT resources Domain 3: Benefits realization Domain 4: Risk optimization This CGEIT Boot Camp is designed for experienced IT governance personnel and those who have responsibilities for the stewardship of IT resources. You will learn how to effectively implement and manage governance across all areas of technology ? as well as align that technology with strategic enterprise goals. This training also explains the CGEIT examination process and helpsprepare you for your CGEIT exam by providing guidance and testing your exam readiness through sample questions. You?ll leave fully prepared to earn your CGEIT certification. Course Outline Domain 1: Governance of enterprise IT Domain 2: IT resources Domain 3: Benefits realization Domain 4: Risk optimization

Duration 4 Days 24 CPD hours This course is intended for IS Security Officers Privacy Officers Health IS Managers Risk Managers Information Security Managers Compliance and Privacy Officers Overview Upon completion, the student will be ready to take the Certified Healthcare Information Systems Security Practitioner exam by mile2. In addition, at the end of the CHISSP course, the student will be versed with best practices in the healthcare industry and will be able to establish a framework with current best practices in respects to privacy, regulation and risk management. The Certified Healthcare IS Security Practitioner, C)HISSP certification course covers the skills and knowledge to implement the best IT healthcare practices, as well as, regulatory compliance and standards in the healthcare industry. Because of growing industry regulations and privacy requirements in the healthcare industry, the C)HISSP was developed by Mile2. Graduates of this course have become vital in managing and protecting healthcare data and are tasked to protect patient information by implementing, managing, and assessing proper IT controls for patient health information integrity. Course Outline Intro to the Healthcare Industry Regulatory Environment Healthcare Privacy and Security Policies Information Governance Risk Management Third-Party Risk Management