IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES

Similar documents
HP Cyber Security Control Cyber Insight & Defence

ISO 27001:2005 & ISO 9001:2008

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

CLASSIFICATION SPECIFICATION FORM

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Image Area. View Point. Transforming your Metrics Program with the right set of Silver Bullets.

Terms of Reference for an IT Audit of

Somewhere Today, A Project is Failing

How To Teach A Security Manager

Certified Information Security Manager (CISM)

COBIT Helps Organizations Meet Performance and Compliance Requirements

Information Security Management Systems

Information Security Governance:

Certification and Training

Governance and Management of Information Security

What if you could spend three exciting days surrounded by peers, focused on exploring the topics most important to you and your organization?

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Introduction to ITIL: A Framework for IT Service Management

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Information Security Risk Management

Information Governance: Where is ARMA International Headed? David M. Fleming, CRM, IGP, CIP ARMA Utah-Salt Lake Chapter Meeting September 18, 2014

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Revised October 2013

IT Audit in the Cloud

ISACA Tools Help Develop Cybersecurity Expertise

Information Security Specialist Training on the Basis of ISO/IEC 27002

Please feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.

Vendor Risk Management Financial Organizations

Frontier helps organizations develop and rollout successful information security programs

ITIL v3 Foundation -Overview. Eric Foust, PMP, ITIL

Operations and Network Center (CORE)

IT Service Management ITIL, COBIT

Dr. Gad J. Selig, PMP, COP Managing Partner, GPS Group, Inc., Director, Technology Management & Dual Graduate Business Degree Programs & Associate

ITIL Foundation Certification Course

-Blue Print- The Quality Approach towards IT Service Management

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000

ITIL AND COBIT EXPLAINED

ANNEX B. Terms of Reference. CTBTO Information Security Management System Support on Call-off Basis

INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook

2009 Solvay Brussels School and IT Governance institute

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Moving Forward with IT Governance and COBIT

Global Technology Audit Guide. Auditing IT Governance

So Why on Earth Would You WANT To be a CISO?

Recommendation for IT Governance Using the COBIT 4.1 Framework

G-Cloud III Services Service Definition Accenture Cloud Security Services

EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS

The Information Security Management System According ISO The Value for Services

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

San Francisco Chapter. Cassius Downs Network Edge LLC

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

Ann Geyer Tunitas Group. CGEIT Domains

Table of Contents EXECUTIVE SUMMARY ACKNOWLEDGEMENT AND DISCLAIMERS ENGAGEMENT SCOPE AND OBJECTIVES EXECUTIVE SUMMARY OF ASSESSMENT RESULTS

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012

First Derivatives Data Management Consulting Overview

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

IT Senior Audit Leader

Project Plan Failure - Tough Questions for Disaster Planners

A NEW FRAMEWORK FOR BRIDGING THE GAP BETWEEN IT SERVICE MANAGEMENT AND IT GOVERNANCE FROM A SECURITY PERSPECTIVE

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

CONSULTING SERVICES Managed IT services

Tom VAN DEN EYNDE CISSP, CISA, CISM

INFORMATION TECHNOLOGY FLASH REPORT

Project Management and ITIL Transitions

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

North Texas ISSA CISO Roundtable

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

ISO/IEC Information Security Management System Vs. ITIL IT Security Management

The IT Infrastructure Library (ITIL)

Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions

How To Compare Itil To Togaf

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Enterprise Risk Management & Information Technology

ITIL Vs. LAYER - Search Engine Marketing System

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

Network Management and Defense Telos offers a full range of managed services for:

CYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH

IS Management, ITIL, ISO, COBIT...

IT Governance: The benefits of an Information Security Management System

Security Transcends Technology

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

February. Program Title Date Venue. ISO27001 LI Amman + Riyadh

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

An IT Governance Framework for Universities in Spain

Chief Information Officer

Hierarchical Security Management

The State of Tennessee. Category: Enterprise IT Management Initiatives. Managing by Metrics, A Process Improvement Initiative

IBM Security in the Software Development Lifecycle

Symantec Consulting Services

METRICS DRIVEN CONTINUAL SERVICE IMPROVEMENT USING AGILE CONCEPTS

Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions

Transcription:

IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES

OBJECTIVES This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework, you will master process management, and you will be able to: Prioritize security efforts using business significant criteria. Communicate the value that Information Security Department brings to the organization. Design, implement and use information security metrics proven in the field, enabling short cycle continuous improvement. Simplify ISO27001 compliance. Complement ITIL security. Manage outsourced security services with SLA s. Implement TOGAF and SABSA architectures. O-ISM3 is an information security management maturity standard published by The Open Group, a leader in the development of open, vendor-neutral IT standards and certifications. Check some O-ISM3 Resources. 2

GOALS OF THE COURSE Deep understanding of complex security and management concepts. Alignment of security objectives with an organization s mission. Classifying and setting requirements for information systems that satisfy security objectives. Communication of the value of information security. Access control management concepts. Implementation of security processes. Proccess management activities. Design, implementation and use information security metrics. Understanding of the relationship between metrics, managements practices, capability and maturity. Techniques for visualization of security metrics. Understanding of distribution of responsabilities concepts. ISM3-RA Risk Assessment. Management of Outsourced Security processes. 3

1ST DAY 9:00AM 17:00PM Concepts: You will gain a deeper understanding of complex security concepts. Assets & Goals: You will be able to set security objectives aligned with your organization s mission, and you will be able to communicate what is the value that the information security department brings to the organization. Security Objectives: You will be able to set requirements for information systems that satify security objectives. Access Control: You will gain an understanding of the management ramifications of access control. Classification of Systems: You will be able prioritize efforts using business significant criteria for systems classification. Activities & Deliverables: You will gain an understanding of the relationship between activity and achievement of goals. Bottom-up Process Implementation: You will learn how to apply O-ISM3 to processes under your own responsibility. Top-down Security Program: You will learn how to apply O-ISM3 when you have support from top IT management. 4

2ND DAY 9:00AM 17:00PM General Processes: You will familiarize yourself with auxiliary but essential processes. Strategic Processes: You will familiarize yourself with processes related to goals definition and provision of resources. Tactical Processes: You will familiarize yourself with processes related to continuous improvement and resource distribution. Operational Processes: You will familiarize yourself with technical hands-on processes. Management Practices: You will learn the basics about process management activities. Metrics: You will learn in detail how to design, implement and use information security metrics. Maturity: You will become familiar with the relationship between metrics, management practices, capability and maturity. Reports, Dashboards & Visualization: You will learn how to make the best of metrics, enabling interpretation and communication. 5

3RD DAY 9:00AM 17:00PM Security Organization: You will understand how the distribution of responsibilities make processes tick, and how to avoid related risks. Security Modeling: You will gain a working knowledge of advanced security models. O-ISM3-RA: You will learn to perform a simple yet meaningful Risk Assessment. ISO27001: You will learn how to make O-ISM3 help you with ISO27001 compliance. IT Architecture: You will learn how to use O-ISM3 effectively whith SABSA and TOGAF. ITIL & SLA s: You will learn how to complement ITIL with O-ISM3, and how to design SLA in order to manage outsourced security processes. Certification: You will peek at O-ISM3 s certification process Techniques & References: You will learn general security techniques in order to treat security threats Recapitulation: You will look back at the last three days highlighting the most important ideas and concepts. 6

TRAINER PROFILE Vicente Aceituno, principal author of O-ISM3, experienced Information Security Manager and Consultant with broad experience in outsourcing of security services and research. He focuses in information security outsourcing, management and related fields like metrics and certification of ISMS. Memeber of ISMS Forum, The Open Group s Security Forum Steering Committee, President of the ISSA Spanish Chapter, Director of R&D of ISQWorld, Member of the advisory committee of Red@Seguridad (This magazine grants the most prestigious security awards in Spain), former president of the Coferencias FIST association. CISA certified. TARGET PROFILE Professionals with responsabilities for information security, consultants, outsourcing providers, CISO/CSO, auditors, consultants, professionals with CISA, CISM, CISSP, or ISO27001 Lead Auditor certification who want to apply proven management techniques to information security. 7

PARTIAL LIST OF PUBLICATIONS Optimizing ISO27001 using O-ISM3 (The Open Group, 2012). Usefulness of an Information Security Management Maturity Model (ISACA Control, March 1, 2008). ISM3: A Standard for Information Security Management (ISSA Journal, 2006). Security Metrics for Information Security Management (ENISA Quarterly, 2007). How Secret is a Secret? (ISSA Journal, 2006). On Information Security Paradigms (ISSA Journal, 2005). The Information Security Assurance Markup Language (Computer Society of India, 2007). Information Assurance Markup Language (ISM3 Consortium, 2007). Events Logging Markup Language (ISM3 Consortium, 2007). Security Metrics (ISSA Ireland, 2008). El dilema del burócrata (ISMS Forum, 2008). Seguridad de la Información (Editorial CreacionesCopyright, 2001). Threat Taxonomy (Inovement, 2013). Cobit CMMI and O-ISM3 Capability Levels Mapped (Inovement, 2013). 8

DATES Madrid Course - Wednesday 8th to Friday 10th October 2014 London Course - Wednesday 5th to Friday 7th November 2014 Barcelona Course -Wednesday 26th to Friday 28th November 2014 MORE INFORMATION aulavass@vass.es 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information