Information Security Management 2016

Topics

• Information Security Governance
  • Is there an adequate organisational structure in place to protect your information?
  • Do the board and senior management direct and support your information security efforts?
  • What controls have been established to monitor the performance of your information security arrangements?
• Importance of Information Security and Risk Management
  • How your risks determine which assets require protection
  • What is covered by information security, and its business relevance
  • Adopt a best practice framework
  • Choose an approach to form control objectives and select appropriate controls
• Training and Content Monitoring
  • Mechanisms to verify and validate your information
  • Awareness of and training in information security
  • How are mechanisms monitored on a daily basis?
  • Assessing your defences against their vulnerability
• Asset Classification and Control
  • Do you have a complete asset inventory and how is this maintained?
  • What information assets do you wish to protect?
  • Information classification systems
• Communications and Operations Management
  • System planning and acceptance procedures
  • What policies, procedures and responsibilities are in existance regarding your IT operations?
  • Housekeeping arrangements to maintain the integrity and availability of information services
  • Protection to counteract malicious software
  • Measures to prevent damage to assets and interruption of business activities and to protect data and information exchanges in e-business activities
  • Network security controls
• Physical and Environmental Security
  • Protection of your IT equipment with respect to procurement, security, and maintenance and disposal
  • Arrangements to provide appropriate physical security for your information assets
• Systems Development and Maintenance
  • Security arrangements for the ongoing maintenance of existing systems
  • Security requirements for new systems
  • Security arrangements with regard to the development, support, and production environments
  • Protection of application system files
• Access Control Management
  • User access management procedures and the asociated user responsibilities
  • Which business roles need system access?
  • Monitoring of system access mechanisms
  • Network access controls, computer access controls, and application access controls
• ISO/IEC 17799 and BS7799 compliance auditing using the CobiT Audit Guideline
  • CobiT Audit guidelines
  • ISO/IEC 17799 and BS7799 compliance auditing
  • Conclusion
  • Using the CobiT Audit guidelines to perform BS7799 compliance audits
• Business Continuity Management
  • Business continuity frameworks
  • Business continuity processes
  • Updating business continuity plans
  • Testing business continuity plans

Who should Attend

• Business Continuity Planners, Asset Managers, Risk Managers
• CIOs, CISOs and anyone who has direct line responsibility for information security
• Company Secretaries, Finance Directors and Auditors
• Legal Advisors and Corporate Security Consultants