Institute for Advanced Professional Studies

Information Systems Security: Management Briefing




Briefing Overview:

A company's management team is directly responsible for the protection of its proprietary information and systems assets. As we all know, security breaches can result in significant financial loss, negative publicity, lawsuits and permanent damage to the business. This course shows how security incidents can be minimized and enables managers to develop strategies to protect their organization's information assets.

Participants will learn management's essential role in supporting computer security and how to develop effective practices that make security a daily corporate-wide habit. The course will reveal the nature of threats and behavioral habits of malicious users and how management can assess and mitigate vulnerabilities currently faced by their organization.


Workshop Objectives:

Upon successful completion of this course, participants will be able to:

  • Describe the risks of inadequate information protection and the need for computer security
  • Understand that maintaining information security is a process, and not something "solved" by products or technologies alone.
  • Explain management's responsibility in protecting corporate information assets.
  • Describe the different types of attackers and their motivations.
  • Guard against the risks of social engineering.
  • Describe why real-world information protection requires usability tradeoffs.
  • Describe management's liability and legal issues.
  • Describe different methods of risk analysis and how to apply their results.
  • Implement practical security policies and describe how to assess their effectiveness.
  • Describe the security policy lifecycle and why some policies fail.
  • Explain the need for business continuity plans.
  • Explain the need for disaster recovery plans and different methods of implementing disaster recovery.
  • Explain the need for continual user awareness training.

IAPS can customize security training to achieve specific organizational objectives. We offer briefings and hands-on workshops for system architects, application developers and their managers, network administrators, corporate executives and computer users throughout the enterprise.


Topic Outline:

  • Protecting Corporate Information Assets: Confidentiality, Integrity and Availability
    • The need for security controls
    • Controlling data access
    • Types of attackers
    • Social engineering
    • Implementation tradeoffs
    • Information Security principles
  • Management Responsibilities and Liabilities
    • Legal Aspects
    • Interactions with clients, partners and shareholders
    • Protecting confidential business data
    • Protecting confidential employee data (e.g., HR databases)
    • Protecting customers' and partners' data
    • Keeping IT systems operational and the business running
  • Strategy
    • Assessing risks
    • How to develop and manage a security policy
    • Business continuity plans
    • Disaster planning and recovery
    • Training requirements

Duration:

1 day


Intended Audience:

A company's entire management team would benefit from this level of security training.


Technical Prerequisites:

No prior background in Information Security is required.


Course Format:

Interactive lecture




© Copyright 2002-2010 Institute for Advanced Professional Studies (IAPS)