Information Security Practitioner
Fundamental understanding of information security and comprehensive introduction in information security management
Information Security Practitioner (ISP) was designed for information security professionals who aspire to progress into a management or advisory role. ISP offers you the mindset, knowledge and practical skills you need to become a successful Information Security Officer or Manager. During the course, you will draft an information security vision statement, plan and perform information security risk assessments, develop an implementation plan for the ISO/IEC 27001 standard, assess and improve strategic information security policies, develop an effective information security awareness program using behavioural theory and learning theory, and start coordinating activities in the domains of Identity and Access Management and Incident Response. The training ends with a comprehensive case study assignment, where you will review an information security audit report and propose an actionable plan that will help the audited organisation achieve ISO 27001-compliance.
Lies Alderlieste-de Wit
Author & Trainer
Global Director cybersecurity governance at Danone
Author & Trainer
Security Transition Manager,
Agile & Security Leadership
Cyber Security leader
at PwC Luxembourg
Senior Risk Manager,
At a Glance
Information Security Foundation
Information security professionals looking to progress into a security management role. (aspiring) information security officers, consultants, security managers, IT Auditors, line managers and project managers with a direct line to the information security practice.
Integrate information security into strategic management and organisational culture, while ensuring compliance with information security laws, regulations and standards.
Adopt a risk-based approach to information security. Balance interests and threats to improve organisational resilience. Apply resilience management principles. Contribute to effective information security governance. Plan and perform information security risk assessments in line with best practices. Develop an implementation plan for the ISO/IEC 27001 standard.
Apply best practice project management principles. Compose and lead a project team.
Evaluate types of information security risks posed by human behaviour. Develop an effective information security awareness action plan based on behavioural, learning and adoption theories.
Identify, prioritise and present key business drivers for Identity and Access Management. Evaluate user authentication methods, identity governance schemes, access governance and authorisation methods and how to achieve good accountability in IAM.
Evaluate organisational aspects of establishing a Computer Security Incident Response Team (CSIRT), the incident response process and fundamentals of incident response policy governance. Understand best practices for security report writing.
Understand how information security audits are performed and learn to interpret audit opinions. Review an audit report and create an actionable improvement plan.
Day 1 – Core Values & Strategic Goals
- Cyber Security and Information Security
- Information Security Management Framework (ISMF)
- Defining a Vision on Information Security
- Laws and Regulations
- Standards and Best Practices
- Developing an Information Security Vision
- Mission, Vision and Strategy
- Vision on Information Security
Day 2 – Developing an Information Security Management System
- Interests, Threats and Resilience
- Resilience Management Framework
- Risk Management
- ISO/IEC 27001
- Information Security Policy
- Information Security Profile
- Resilience Management Framework implementation
- Risk Assessment
- ISO27001 implementation
- Information Security Governance
Day 3 – Human Aspects
- Project Management: People
- Project Management: Leadership
- Project leadership
- Leadership skills
- Information Security & Human Behaviour
- Security Awareness Measures
- Security Awareness Tools
- Measuring Behavioural Change
- Security Awareness Roadmap
- Security Awareness Program Part 1 – Gain Support
- Security Awareness Program Part 2 – Security Risks
- Security Awareness Program Part 5 – Gap Analysis and Awareness Measures
Self – study : Attacker perspectives
Day 4 – Domains of IAM and Incident Response
- Introduction to Identity & Access Management
- IAM Processes
- Authentication and Related Services
- Identity Governance
- Access Governance
- Accountability and Identity Intelligence
- Responsibilities and Implementation
- Introduction to Incident Response
- Incident Response Process
- Policy and Agreements
- CSIRT Services
- Coordinating incident response
- CSIRT services
Day 5 – The Security Audit
- Audit, Definition and goals
- Security audits
- Audit process
- In-control statement
In this last case study, students will review an information security audit report and propose an action plan that will help the organization to make this service ISO 27001-compliant.
The training ends with a test exam, followed up with an evaluation and discussion.