|
CLOSED
Overview:
Information Security is
about using security methodologies to identify risks within an
organization and propose counter measures to manage those risks. Though
most people would agree with this statement many do not realize that
this is only part of the equation.
Firstly, unless you are
lucky enough to have an unlimited budget and resources, all risk
management must ultimately be decided upon by the business in relation
to the actual cost of the realized risk, the cost of managing the risk
and any benefit derived from managing the risk. Such decisions are
usually beyond the realm of Information Security and firmly in the
domain of Executive and Senior Management.
Secondly, it is rare that
actions taken to improve security only affect the security of an
organization. It is crucial in creating effective Information Security
that the total impact of any security measure be anticipated and dealt
with effectively. Failure to do so can often lead to security measures
being unworkable or misunderstood to the point that they are ignored or
deliberately circumvented.
These additions to the equation require all parties to understand that effective and useful security requires the support and involvement of much more than just a company's Information Security personnel.
This course aims to take
this idea as it relates to Information Security Policies. Policies are
something that every employee, including the officers of the company,
sign up for and yet very few people understand what goes into the
policy development process, who is making the decisions, what the basis
for the decisions are and what are the far reaching implications for
the business as a whole. This is especially worrying as unworkable and
unenforceable policies can do far more than just damage the security of
an organization. They can leave it open to legal action, impair its
competitiveness, damage employee morale and undermine the information
security process as a whole. To be successful, the policy development
process must be understood as something that requires the involvement
of key business decision makers of which Information Security is only
one.
This course aims to
provide an understanding of the need for this multi-disciplinary
involvement, an understanding of where this involvement fits into the
policy development lifecycle and a methodology that provides a means of
implementing this development lifecycle into your organization.
What
you will learn:
Students will gain an understanding of:
- The critical impact that
Information Security Policies can have on an organization beyond those
related to security
- The roles that
Executive and Senior Management must play in the creation of successful
Information Security Policies
- Basic methodologies
for successful policy creation and deployment
Students will also cover
many general topics in support of the core information including:
- The positive and
negative impact that Information Security Policies can have on an
organization including:
- Performance of due
diligence
- Protection of
Intellectual Property
- Business
strategy/competitiveness
- Internal and
external business relationships
- Employee
culture/morale and work practices
- The role of Information
Security, Executive and Senior Management and other business personnel
in policy development
- Organizational
strategies
- Basic Information
Security Policy development methodologies looking at assessment,
design, implementation and monitoring
Who
Should Attend?
This course is primarily intended for
Executive and Senior Management who want to gain a greater
understanding of how Information Security Policies can impact their
organization and how they should be involved in the development and
support of those policies. It will, however, be of use to anyone
involved in the development of Information Security Policies within an
organization
Course
Length: 1 day
Cost: US $1900 before July 3, 2003 or US $2200 after July 3, 2003
NOTE: this is a one day course. A Certificate of
Completion will be offered.
CLOSED
|
