Information Security Management Diploma
Information Security Management Diploma prepares candidates to manage information security challenges technically and strategically whilst focusing the attention on the business aspect.
Candidates of the program develop their technical skills on computer systems and gain knowledge on business management, as such gaining the necessary competencies to draw implications between information security and business risks.
Possessing both technical and leadership’s skills, the candidates well prepared to approach the implementation of security solutions in an organization. The courses offered in this Diploma program equip candidates with the required expertise to detect threats, assess risks, choose sound risk management practices and create innovative methods to make the organization more resistant to threats and disruptions.
Graduates of the program are capable to detect and approach security threats, conduct an information systems audit, and develop sound risk practices that allow the organization to continue its operations during a threat presence. The program designed for candidates seeking managerial or executive positions in information security area.
Programme Learning Outcomes:
• Interconnect business management and technology in a collaborative approach to information security.
• Manage the development, acquisition, and progress of an Information Security infrastructure.
• Demonstrate how to create an Information Security policy in an organization and explain how to enforce compliance.
• Design and implement networks, software and distributed systems in an Information Security perspective.
• Conduct a gap analysis for comparison of various systems and develop a security plan for an organization.
• Gain fundamental Information Security and business knowledge, and skills to assume a leading role in an organization.
Audience for this diploma:
• Managers or consultants involved in Information Security Management
• Expert advisors seeking to master the implementation of an Information Security Management System
• Individuals responsible for maintaining conformance with ISMS requirements
• ISMS team members
• Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
• Managers or consultants seeking to master an Information Security Management System audit process
• Technical experts seeking to prepare for an Information Security Management System audit
• Expert advisors in Information Security Management
• Based on both theory and best practices used in the implementation of an ISMS
• Lecture sessions are illustrated with examples based on case studies
• Practical exercises are based on a case study which includes role playing and discussions
• Practice tests are similar to the Certification Exam
I. Information Security MS Implementation
Information Security MS Implementer training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing and maintaining an Information Security Management System (ISMS) based on ISO/IEC 27001.
During this training course, you will also gain a thorough understanding of the best practices of Information Security Management Systems to secure the organization`s sensitive information and improve the overall performance and effectiveness.
After mastering all the necessary concepts of Information Security Management Systems, you will be able to demonstrate that you have the practical knowledge and professional capabilities to implement ISO/IEC 27001 in an organization.
• Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
• Master the concepts, approaches, methods and techniques used for the implementation and effective management of an ISMS
• Learn how to interpret the ISO/IEC 27001 requirements in the specific context of an organization
• Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS
• Acquire the expertise to advise an organization in implementing Information Security Management System best practices
II. Information Security Management System Audit
ISMS Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.
During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.
After acquiring the necessary expertise to perform this audit, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices.
• Understand the operations of an Information Security Management System based on ISO/IEC 27001
• Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
• Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
• Learn how to lead an audit and audit team
• Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
• Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011
III. Cybersecurity Management
The term ISO/IEC 27032 refers to ‘Cybersecurity’ or ‘Cyberspace security,’ which is defined as the protection of privacy, integrity, and accessibility of data information in the Cyberspace. Therefore, Cyberspace acknowledged as an interaction of persons, software and worldwide technological services.
This course intended to emphasize the role of different securities in the Cyberspace, regarding information security, network and internet security, and critical information infrastructure protection (CIIP). ISO/IEC 27032 as an international standard provides a policy framework to address the establishment of trustworthiness, collaboration, exchange of information, and technical guidance for system integration between stakeholders in the cyberspace.
The risk of security threats is increasing on a daily basis as we rely more on the cyberspace. However, the course provides guidelines regarding the protection and long-term sustainability of business processes. In addition, it equips individuals with the ability to develop a policy framework on which identifies the processes that are the most vulnerable to cyber-attacks; and that considered in order to ensure that business and clients will not be at risk.
This training course based on the ISO/IEC 27032 Lead Cybersecurity and provides a realworld solution to individuals in protecting their privacy and organization data from phishing scams, cyber-attacks, hacking, data breaches, spyware, espionage, sabotage and other cyber threats. You will be able to demonstrate to your clients and stakeholders that you can manage and provide solutions to their cyber security issues.
• Protect the organization’s data and privacy from cyber threats
• Strengthen your skills in the establishment and maintenance of a Cybersecurity program
• Develop best practices to managing cybersecurity policies
• Improve the security system of organization and its business continuity
• Build confidence to stakeholders for your security measures.
• Respond and recover faster in the event of an incident
IV. Security Incident Management
In today’s business world, information security incidents considered uncertain risks, which can seriously damage a business. Thus, organizations must take actions to promptly identify, evaluate and effectively manage the incidents. The ISO/IEC 27035 Information Security Incident Management is an international standard that provides best practices and guidelines for conducting a strategic incident management plan and preparing for an incident response.
The course based on ISO/IEC 27035 Information Security Incident Management; delivers the prime principles of security to prevent and respond effectively to information security incidents. In addition, the ISO/IEC 27035 incorporates specific processes for managing information security incidents, events, and potential vulnerabilities.
ISO/IEC 27035 Information Security Incident Management will help individuals to become worldwide-recognized security professionals and be capable of minimizing the effect of any incident in an organization. This international standard is applicable to all individuals with interest in information technology security and eager to learn the utmost skills and knowledge to protect their organization from security incidents and reduce business financial impacts.
• Understand the concepts, approaches, and tools for an effective information security incident management
• Learn the most advanced techniques to respond properly and efficiently to information security incidents
• Acquire the necessary knowledge to establish and manage an information security incident management team
• Diminish any possible interruption and negative impacts on business operations
• Improve your information security management skills and incident process analysis
• Obtain knowledge on best practices of information security management
V. Information Security Risk Management
This course based on ISO/IEC 27005 and provides guidelines for the establishment of a systematic approach to Information Security risk management, which is necessary to identify organizational needs regarding information security requirements in addition of creating an effective information security management system. The ISO/IEC 27005 international standard supports ISO/IEC 27001 concepts designed to assist an efficient implementation of information security based on a risk management approach.
The training provided will help you properly align organizations Information Security Management system with Information Security Risk Management process. In addition, you will be able to help organizations continually improve an information security risk management process, which leads the organization towards achieving its objectives.
• Gained the necessary skills to support an effective implementation of an information security risk management process in an organization.
• Acquired the expertise to responsibly manage an information security risk management process and ensure conformity with legal and regulatory requirements.
• The ability to manage an information security and risk management team.
• The ability to support an organization to align their ISMS objectives with ISRM process objectives.
VI. Application Security:
This course based on the ISO/IEC 27034 that provides a systematic approach that guides organizations to implement security concepts, principles, and processes in the application security structure. Application security is an international concept that supports the information security framework and guides an organization towards achieving a solid information security structure within its operations.
The ISO/IEC 27034 Application Security provides clear and comprehensive guidelines on designing, specifying, developing, implementing, testing and maintaining security controls and functions in application systems. The ISO/IEC 27034 delivers a process approach for organizations in integrating security measures and establishing a protective structure into the processes used to manage their applications. ISO/IEC 27034 applies to different business industries and it contributes to the security features of information technology, data, stakeholder’s actions, and ongoing development of application systems in an organization.
The purpose of Application Security is to ensure that the security level in an organization meets the necessary requirements of the protective measures. ISO/IEC 27034 Application Security is an important feature for advancing your professional career and improving the methodological approaches of security in an organization. The ISO/IEC 27034 practices contribute to the establishment of adequate guidelines to identify, repair and set protective constraints to the security vulnerabilities of an organization.
• Comprehend the fundamentals of application security and its relationship with other information security standards.
• Learn the best practices, concepts, and techniques to apply security guidelines in an organization.
• Acquire professional expertise to manage an application security implementation project.
• Understand the role and requirements of each of the stakeholders in the organization.
• Develop the necessary knowledge and improve your skills to provide application security best practices in an organization.
VII. Penetration Testing
A penetration test is a practice of assessing the security of an IT infrastructure by securely trying to exploit vulnerabilities that may exist in operating systems, inappropriate configurations, application errors, or end-user behavior. The penetration testing is an attempt to test the efficiency of security measures and discover any potential exploits or backdoors that may be present in computer systems; which hackers and cyber criminals can gain unauthorized access or conduct malicious activities. In addition, penetration testing is an advanced tool to detect, analyze and set protective constraints to the IT infrastructure, in order to reduce remediation of financial losses against malicious activities.
Pen testing professionals are able to uncover different aspects of cybersecurity frameworks in the computer systems and provide detailed solutions to the cybersecurity risks. The goal of a Lead Pen Testing Professional is to master a repeatable and documentable penetration testing methodology that used in an ethical penetration testing.
• Identify and analyze organization exposure to cybersecurity threats
• Improve your basic cybersecurity audit skills
• Learn the techniques, tools and hacking methods used by penetration testers
• Effectively manage time and resources
• Gain international industry recognition as a legal and ethical cybersecurity professional
VIII. Digitalization and Electronic Archiving
Digitalization and Electronic Archiving as a discipline, addresses the issues and trends in document and records keeping in the digital age. This involves digital curation, web archiving, personal information management and managing records in digital repositories. Hence, this course covers the essential elements to know to tackle a project of digitalization and archiving of digital data, in particular, security techniques, the risks and the legal and regulatory issues of such a project, without forgetting the contractual and insurance aspects.
Digitalization and Electronic Archiving, as an Information Security discipline helps you better manage personal information and records in the digital repositories effectively and securely. It is about how information managed, and how you can take advantage of it in an efficient way so that it can benefit you and your organization. Digitalization and Electronic Archiving of documents is one of the main engines of transformation since the analysis of information allows you to utilize better decision making, which is crucial for any company regardless of its size, type and complexity.
• Understood the structure of electronic records and levels of representation
• An understanding of the models for records creation, use, disposal and curation
• Understood the implications for authenticity, integrity, reliability and usability for records in electronic systems
• The knowledge of records keeping strategies for electronic records in a variety of environments including corporations, municipalities, government departments, cultural heritage institutions, academic institutions and archives.
• Mastered the digitization and digital preservation/archiving techniques
• The ability to effectively organize and apply both new and acquired knowledge
• Acquired the necessary knowledge to approach a digitization project