[ security courses ]
Security Resources

Security News

Recent Publications

Legal Notices

Understanding Information Security Standards
ISO17799/ 27002

“The Complete Guide to Understanding Information Security Standards”
This course provides an opportunity for individuals tasked with managing information security to understand and update their knowledge on information security standards. The course combines exercises, real-life examples and participant interaction to allow delegates fully understand the issues.

Overall course objective:

Familiarise participants with the complexities of ISO 17799/27001

Key objectives

  • Introduce information security principles (standards, policies, procedures and practices);
  • Present benefits of deploying industry security practices;
  • Outline best practice methods for developing, implementing; and maintaining Information Security.

 Key Takeaways
On completion of this course, participants will be able to:

  • Understand the components of the standard;
  • Gain fundamentals of information security;
  • Distinguish between good and bad security practices;
  • Acquire skills for implementing industry standard security within their organisations.
Target Audience
  • Chief Information Officers;
  • Information Security Managers;
  • Information Technology Managers;
  • System Managers;
  • Compliance Managers;
  • Technical Architects;
  • Risk Assessors;
  • Auditors.

Course Outline:

Introduction to information security

  • Computer crime overview,
  • The past 10 years;
  • Why information security?
  • The Internal Security breach problem the statistics do not lie;
  • Examples of internal security breaches;
  • External security breaches.

Introduction to information security documents

  • Information security policies;
  • Information security standards;
  • Information security practices;
  • Information security processes

Understanding ISO 17799 the principles a practical approach

  •  Security policy;
  • Security organisation;
  • Access control;
  • Asset management;
  • Physical and environmental security;
  • Breakout session;
  • Information systems development and maintenance;
  • Business continuity;
  • Human resources security;
  • Information security incident management;
  • Communications and operations management;
  • Compliance;
  • Breakout session delegate participation with exercise.

Practical session:

  • Invoking policies, procedures and processes;
  • Handling an information security incident;
  • Real life cases involving information security breaches;
  • Managing third parties and contractors things to consider.

Often overlooked aspects of information security

  • Awareness programmes, an overview;
  • Training; 
  • Suitably qualified security staff;
  • Security vetting of  staff;
  • Risk Assessments.

_____________________________________________________________

Data Protection

“Protecting Personal Data: A Technical and Procedural Approach”
This course provides an opportunity for individuals tasked with handling personal data to understand and update their knowledge on current legal and technical trends for protecting personal information. The course combines exercises, real-life examples and encourages delegate participation to allow wider understanding of the issues.

Overall course objective:

Familiarise participants with modern methods for safeguarding personal information within their organisations.

Key objectives

  • Identifying key aspects of  data protection legislation;
  • Expose practical trends for protecting personal data;
  • Introducing non technical  concepts (policies, procedures and processes);
  • Presenting benefits of  deploying information security tools;
  • Raising Identity theft awareness.

       Key Takeaways
On completion of this course, participants will be able to:

  • Understand risks and threats to personal information;
  • Gain foundation in data protection legislation;
  • Identify issues relating to identity theft;
  • Tailor policies to meet data protection requirements.
Target Audience
  • Government officials responsible for managing personal data;
  • Individuals responsible for data protection strategies;
  • Legal practitioners who want to understand the synergy between information technology, information security and data protection;
  • In house lawyers;
  • Information technology and businesspersons who want to understand issues surrounding personal information/identity theft;
  • Financial institution officials responsible for managing customer personal information;
  • Information technology managers who want to know more about protecting personal information.

Course Outline:         

Personal Information Overview

  • What is personal information?
  • Personal information has value;
  • How personal information is collected;
  • Identity Theft, The growing problem?
  • Information Breaches;
  • Safeguarding personal Information;

 
Data Protection Overview

  • Why does personal data need to be protected;
  • What is data protection;
  • Data Protection Legislations;
  • Data Protection Principles;
  • Sharing personal data the issues;
  • Round up Exercise.

The Technical Issues

  • Implementing appropriate security controls;
  • Information security standards;
  • Security tools;
  • Access control why it is critical;
  • Segregation of duties, a need to view basis;
  • Benefits of enabling monitoring;
  • Policies, processes and procedures ;

Organisational Issues

  • Training;
  • Benefits of personal data awareness programs;
  • How to handle a breach of  personal information;
  • Evidence issues and data preservation;
  • Personal data and  third parties;
  • Real life cases involving information breaches, what we can learn;
  • Round Up Exercise                     

_____________________________________________________________

Effective and Practical Information Security Awareness Programs

“Developing an Information Security Awareness Program”
This course provides an opportunity for security and compliance professionals to understand and update their knowledge on Implementing Information Security Awareness Programmes. The course combines exercises, real-life examples and participant interaction to allow delegates understand the issues.

Overall course objective:

Familiarise participants with methods for developing implementing and maintaining an information security awareness programme for their organisation

Key objectives

  • Introduce Information Security Awareness concepts;
  • Identify Information Security Awareness planning and organisation strategies;
  • Presenting benefits of deploying Information Security Awareness programs;
  • Outline best practice methods for developing, implementing and maintaining Information Security Awareness programs;
  • Highlight techniques for measuring effectiveness of Information Security Awareness program.

       Key Takeaways
On completion of this course, participants will be able to:

  • Structure an Information Security Awareness program for their organisation;
  • Acquire skills for a practical approach to maintaining Information Security Awareness within their organisations;
  • Identify the Benefits of Information Security Awareness programs;
  • Tailor Information Security Awareness programs to meet their organisations specific requirements;
  • Update and improve their Information Security Awareness programs.
Target Audience
  • Chief Information Officers;
  • Information Security Managers;
  • Information Technology Managers;
  • Compliance Managers;
  • Individuals responsible for internal training within their organisations;
  • Users of technology wishing to understand about the benefits of Information Security Awareness;

Course Outline:

Introduction

  • Why Information Security Awareness;
  • Awareness and Training Program Design;
  • Structuring awareness training activity;
  • Conducting a needs assessment;
  • Developing the awareness and training plan;
  • Establishing priorities;
  • Setting the level of complexity;
  • Funding the program.

Awareness and Training Material Development

  • Developing awareness material;
  • Selecting awareness topics;
  • Sources of awareness material;
  • Developing training material;
  • Sources of training courses and material.

Program Implementation

  • Communicating the plan;
  • Techniques to deliver awareness material;
  • Techniques for delivering training material.

Post Implementation

  • Monitoring compliance;
  • Evaluation and feedback;
  • Managing change;
  • Ongoing improvement;
  • Program success indicators;
  • Common Models;
  • Round up.

_____________________________________________________________

Information Security Documentation (Policies, Procedures And Processes)

“The Complete Guide to Information Security Policies, Procedures and Processes”
This course provides an opportunity for security and compliance professionals to understand update their knowledge on implementing information security policies, procedures and processes. The course combines exercises, real-life examples and participant interaction to allow delegates understand the issues.

Overall course objective:

Familiarise participants with how to write meaningful and adequate information security documents

Key objectives

  • Introduce information security documents (standards, policies, procedures and practices);
  • Present benefits of deploying information security policies;
  • Outline best practice methods for developing, implementing and maintaining Information Security policies

 Key Takeaways
On completion of this course, participants will be able to:

  • Understand key components of Information security documentation;
  • Distinguish between a policy, procedure and process;
  • Acquire skills for a practical approach to defining contents of policies, procedures and processes;
Target Audience
  • Chief Information Officers;
  • Information Security Managers;
  • Information Technology Managers;
  • Compliance Managers;
  • Technical authors;
  • Users of technology wishing to understand about the benefits of information security policies and procedures.

Course Outline:

Information Security Documentation,

  • What is information security documentation?
  • Highlighting importance of information security documents;
  • Legislative requirements.

Introduction to Information Security Documents

  • Information security policies;
  • Information security standards;
  • Information security practices;
  • Information security processes
  • Delegate interactive session

Components and Content of a policy examples

  • High level security policy;
  • Access control policy;
  • Acceptable use policy;
  • Email policy;
  • Security breach policy.

Components and Content of Information Security Standards

  • Information Security Standards;
  • An overview of  ISO 27001;
  • Operating system and application Information security hardening standards.

Participation and interaction session:

  • Understanding information  processes
  • Invoking policies, procedures and processes
  • Handling an information security incident;
  • Evidence issues and data preservation;
  • Real life cases involving information security breaches;
  • Third parties and contractors things to consider in your policies
  • Round up and closing.

 

HomeBusiness Continuity Data Protection Identity Theft
Information Security Awareness Information Security Management Information Security Standards
Our PeopleRisk Assessment Sarbanes-Oxley Reviews Security Architecture Definition
Security Courses Security Policies & Proceedures Third Party Security Wireless Security
Contact Zylt Consulting

Copyright by Zylt Consulting | Designed by bluechilli