Duration 3 Days 18 CPD hours This course is intended for The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification. Overview Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identify and manage information security risks to achieve business objectives. Create a program to implement the information security strategy. Implement an information security program. Oversee and direct information security activities to execute the information security program. Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents. In this course, students will establish processes to ensure that information security measures align with established business needs. Prerequisites Information security governance Information risk management Information security program development Information security program management Incident management and response 1 - Information Security Governance Develop an Information Security Strategy Align Information Security Strategy with Corporate Governance Identify Legal and Regulatory Requirements Justify Investment in Information Security Identify Drivers Affecting the Organization Obtain Senior Management Commitment to Information Security Define Roles and Responsibilities for Information Security Establish Reporting and Communication Channels 2 - Information Risk Management Implement an Information Risk Assessment Process Determine Information Asset Classification and Ownership Conduct Ongoing Threat and Vulnerability Evaluations Conduct Periodic BIAs Identify and Evaluate Risk Mitigation Strategies Integrate Risk Management into Business Life Cycle Processes Report Changes in Information Risk 3 - Information Security Program Development Develop Plans to Implement an Information Security Strategy Security Technologies and Controls Specify Information Security Program Activities Coordinate Information Security Programs with Business Assurance Functions Identify Resources Needed for Information Security Program Implementation Develop Information Security Architectures Develop Information Security Policies Develop Information Security Awareness, Training, and Education Programs Develop Supporting Documentation for Information Security Policies 4 - Information Security Program Implementation Integrate Information Security Requirements into Organizational Processes Integrate Information Security Controls into Contracts Create Information Security Program Evaluation Metrics 5 - Information Security Program Management Manage Information Security Program Resources Enforce Policy and Standards Compliance Enforce Contractual Information Security Controls Enforce Information Security During Systems Development Maintain Information Security Within an Organization Provide Information Security Advice and Guidance Provide Information Security Awareness and Training Analyze the Effectiveness of Information Security Controls Resolve Noncompliance Issues 6 - Incident Management and Response Develop an Information Security Incident Response Plan Establish an Escalation Process Develop a Communication Process Integrate an IRP Develop IRTs Test an IRP Manage Responses to Information Security Incidents Perform an Information Security Incident Investigation Conduct Post-Incident Reviews
Duration 3 Days 18 CPD hours This course is intended for This course is ideal for Professionals preparing to become CRISC certified. Risk practitioners Students or recent graduates Overview At course completions, students will understand the essential concepts in the 4 ISACA CRISC domains: Governance IT Risk Assessment Risk Response and Reporting Information Technology and Security This 3 Day CRISC course is geared towards preparing students to pass the ISACA Certified in Risk and Information Systems Control examination. The course covers all four of the CRISC domains, and each section corresponds directly to the CRISC job practice. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders. GOVERNANCE - a. Organizational Governance Organizational Strategy, Goals, and Objectives Organizational Structure, Roles, and Responsibilities Organizational Culture Policies and Standards Business Processes Organizational Assets GOVERNANCE - b. Risk Governance Enterprise Risk Management and Risk Management Framework Three Lines of Defense Risk Profile Risk Appetite and Risk Tolerance Legal, Regulatory, and Contractual Requirements Professional Ethics of Risk Management IT RISK ASSESSMENT - a. IT Risk Identification Risk Events (e.g., contributing conditions, loss result) Threat Modelling and Threat Landscape Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) Risk Scenario Development IT RISK ASSESSMENT - b. IT Risk Analysis and Evaluation Risk Assessment Concepts, Standards, and Frameworks Risk Register Risk Analysis Methodologies Business Impact Analysis Inherent and Residual Risk RISK RESPONSE AND REPORTING - a. Risk Response Risk Treatment / Risk Response Options Risk and Control Ownership Third-Party Risk Management Issue, Finding, and Exception Management Management of Emerging Risk RISK RESPONSE AND REPORTING - b. Control Design and Implementation Control Types, Standards, and Frameworks Control Design, Selection, and Analysis Control Implementation Control Testing and Effectiveness Evaluation RISK RESPONSE AND REPORTING - c. Risk Monitoring and Reporting Risk Treatment Plans Data Collection, Aggregation, Analysis, and Validation Risk and Control Monitoring Techniques Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) Key Performance Indicators Key Risk Indicators (KRIs) Key Control Indicators (KCIs) INFORMATION TECHNOLOGY AND SECURITY - a. Information Technology Principles Enterprise Architecture IT Operations Management (e.g., change management, IT assets, problems, incidents) Project Management Disaster Recovery Management (DRM) Data Lifecycle Management System Development Life Cycle (SDLC) Emerging Technologies INFORMATION TECHNOLOGY AND SECURITY - b. Information Security Principles Information Security Concepts, Frameworks, and Standards Information Security Awareness Training Business Continuity Management Data Privacy and Data Protection Principles
The “ISO 27001:2022 Lead Implementer ” course provides comprehensive training in the ISO 27001:2022 standard and all its requirements from the Implementer ’s point of view, as well as basic skills necessary to execute the requirements. It’s a practical-oriented training that should be considered “a must” for every ISO 27001:2022 Implementer. This intensive course is specifically designed to participants to serve as ISO 27001:2022 Lead Implementers.
Duration 5 Days 30 CPD hours This course is intended for IS Security Officers IS Managers Risk Managers Auditors Information Systems Owners IS Control Assessors System Managers Government Employees Overview The person who carries this certification should be able to acquire necessary resources, advise senior leadership, collaborate with stakeholders, evaluate effectiveness, identify cybersecurity problems, manage threats, oversee information security awareness programs, participate in risk assessments, support compliance activities, and define or implement policies and procedures to ensure protection of critical infrastructure within an information security environment. If you are looking for the ?gotta have it? cybersecurity course, then the Certified Information Systems Security Officer is for you.ÿ The C)ISSO will prepare you for multiple managerial roles inside the INFOSEC community by covering a broad range of topics. You will learn theories in security concepts, practices, monitoring and compliance in IS management. An Information Systems Security Officer is able to implement and maintain cost-effective security controls that are closely aligned with business and industry standards. The C)ISSO certification course is an idealÿway to increaseÿknowledge, expertise, and skill for managers, auditors, and INFOSEC professionals.ÿ At Mile2 we consider the C)ISSO to be one of our flagship courses.The things you learn in this course can be applied to management, prevention teams, and recovery professionals. Material learned in the Live Class or Self-Study options will apply directly to the certification exam. Course Outline Risk Management Security Management Identification and Authentication Access Control Security Models and Evaluation Operations Security Vulnerability Assessments Symmetric Cryptography and Hashing Network Connections Network Protocols and Devices Telephony, VPNs, and Wireless Security Architecture and Attacks Software Development Security Database Security Malware and Software Attacks Business Continuity Disaster Recovery Incident Management, Law, and Ethics Physical Security Additional course details: Nexus Humans C)ISSO - Certified Information Security Systems Officer Mile 2 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the C)ISSO - Certified Information Security Systems Officer Mile 2 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.
Duration 3 Days 18 CPD hours This course is intended for This course is most suited for IT professionals who have a need to understand the current requirements and core competences for managing IT in mission-critical environments. Overview After completion of the course the participant will be able to: 1. Provide guidance and implementation for IT strategy as set by senior IT and business management 2. Select and manage staff, implement training programs, career plan development and job rotation programs 3. Select, evaluate and negotiate vendors using RFI, RFP and selection criteria 4. Provide guidance for developing, testing and implementing business applications 5. Manage and/or assist in IT project management 6. Design and implement service management processes for incident, problem and change management 7. Understand the need for business continuity and design the business continuity plan 8. Review and implement information security practices and controls 9. Assist and initiate risk management practices 10. Understand and select new technologies such as cloud computing, big data, Internet of Things and social media to support business change demands 11. Select strategies for information management 12. Measure and improve quality of IT services CITS is designed to teach the skills, knowledge and competencies required of the modern IT specialist working at the senior professional, team-leader, supervisor or management level in IT management. IT Strategy The need for Information Technology Enterprise architecture Service catalogue Service level management Sustainable development IT Organisation Personnel need Roles and responsibilities Sourcing Selection process Hiring staff Managing staff Career planning Training / job rotation Performance appraisal Staff departures Vendor Selection / Management The importance of vendors Vendor selection Request For Information (RFI) Request For Proposal (RFP) Proposal evaluation Vendor reference checks Contract negotiation Contract management Vendor management Re-compete vendors Project Management Methodologies Project organisation Starting up / initiating Planning / initiation a project Risk Quality Scope Work / Product Breakdown Structure PERT diagram / Gantt chart Cost Communication Application Management Software Development Life Cycle (SDLC) Software Quality Assurance (SQA) Requirements Development Testing Adoption (implementation) Maintenance Service Management Incident management Problem management Change management Business Continuity Management Standards and guidelines Objectives Context Interested parties Scope Roles and responsibilities Resources and competences Awareness and communication Documentation Business Impact Analysis Risk Management Guidelines Context establishment Identification Analysis Evaluation Treatment Communication Monitoring and control Information Security Management Standards Confidentiality Integrity Availability Controls types Guideline for controls selection Control categories Information security awareness Security incident response Information and Knowledge Management Information management Data management Information management - technologies Business intelligence Data management - technologies Best practices in data governance Pitfalls in data governance Business Change Management Business change Frameworks, models and techniques Needs identification Cloud computing Social media / digital marketing Big data Internet of Things (IoT) Quality Management Standards, guidelines and frameworks Objectives Activities Services review Customer feedback Customer survey Key Performance Indicators (KPI) Metrics Scorecards and reports Quality register Exam Actual course outline may vary depending on offering center. Contact your sales representative for more information.
The “ISO 27001:2022 Lead Implementer ” course provides comprehensive training in the ISO 27001:2022 standard and all its requirements from the Implementer ’s point of view, as well as basic skills necessary to execute the requirements. It’s a practical-oriented training that should be considered “a must” for every ISO 27001:2022 Implementer. This intensive course is specifically designed to participants to serve as ISO 27001:2022 Lead Implementers. The interactive training program, complete with quizzes, will provide the necessary technical knowledge and understanding of all ISO 27001:2022 requirements to implement the requirement of the standard.
Overview Objective Understand the requirement of Information Security Concepts and Definitions of Information Security Management Systems Deeply Analysing the policies, Standards and procedures How to deliver a balanced ISMS and following its security procedures Analysing the Information risk management Evaluating the organisational responsibilities Understanding the Information security controls Scrutinising Legal framework Techniques of Cryptographic models
This training is for lawyers and covers key topics to ensure compliance with the Lexcel standard and other regulations.
Duration 4 Days 24 CPD hours This course is intended for This course is designed for the aspiring or sitting upper-level manager striving to advance his or her career by learning to apply their existing deep technical knowledge to business problems. In this course, students will learn in-depth content in each of the 5 CCISO Domains Domain 01 - Governance Define, Implement, Manage, and Maintain an Information Security Governance Program Information Security Drivers Establishing an information security management structure Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures Managing an enterprise information security compliance program Risk Management Risk mitigation, risk treatment, and acceptable risk Risk management frameworks NIST Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL) Risk management plan implementation Ongoing third-party risk management Risk management policies and processes Conclusion Domain 2 - Security Risk Management, Controls, & Audit Management INFORMATION SECURITY CONTROLS COMPLIANCE MANAGEMENT GUIDELINES, GOOD AND BEST PRACTICES AUDIT MANAGEMENT SUMMARY Domain 03 - Security Program Management and Operations PROGRAM MANAGEMENT OPERATIONS MANAGEMENT Summary Domain 04 - Information Security Core Concepts ACCESS CONTROL PHYSICAL SECURITY NETWORK SECURITY ENDPOINT PROTECTION APPLICATION SECURITY ENCRYPTION TECHNOLOGIES VIRTUALIZATION SECURITY CLOUD COMPUTING SECURITY TRANSFORMATIVE TECHNOLOGIES Summary Domain 05 - Strategic Planning, Finance, Procurement and Vendor Management STRATEGIC PLANNING Designing, Developing, and Maintaining an Enterprise Information Security Program Understanding the Enterprise Architecture (EA) FINANCE PROCUREMENT VENDOR MANAGEMENT Summary