Information Security Practitioner

5 days

Fundamental understanding of information security and comprehensive introduction in information security management

Information Security Practitioner (ISP) was designed for information security professionals who aspire to progress into a management or advisory role. ISP offers you the mindset, knowledge and practical skills you need to become a successful Information Security Officer or Manager. During the course, you will draft an information security vision statement, plan and perform information security risk assessments, develop an implementation plan for the ISO/IEC 27001 standard, assess and improve strategic information security policies, develop an effective information security awareness program using behavioural theory and learning theory, and start coordinating activities in the domains of Identity and Access Management and Incident Response. The training ends with a comprehensive case study assignment, where you will review an information security audit report and propose an actionable plan that will help the audited organisation achieve ISO 27001-compliance.

Authors & Lead Trainers

Lies Alderlieste-de Wit
Author & Trainer

Global Director cybersecurity governance at Danone

Chris Wauters
Author & Trainer

Security Transition Manager,
Agile & Security Leadership

Koen Maris
Advisory Board

Cyber Security leader
at PwC Luxembourg

Michael Garceau
Trainer

Senior Risk Manager,
Founder CipherQuest

At a Glance

Advanced level

Information Security Practitioner

5 days

Information security professionals looking to progress into a security management role. (aspiring) information security officers, consultants, security managers, IT Auditors, line managers and project managers with a direct line to the information security practice.

Integrate information security into strategic management and organisational culture, while ensuring compliance with information security laws, regulations and standards.

Adopt a risk-based approach to information security. Balance interests and threats to improve organisational resilience. Apply resilience management principles. Contribute to effective information security governance. Plan and perform information security risk assessments in line with best practices. Develop an implementation plan for the ISO/IEC 27001 standard.

Apply best practice project management principles. Compose and lead a project team.

Evaluate types of information security risks posed by human behaviour. Develop an effective information security awareness action plan based on behavioural, learning and adoption theories.

Identify, prioritise and present key business drivers for Identity and Access Management. Evaluate user authentication methods, identity governance schemes, access governance and authorisation methods and how to achieve good accountability in IAM.

Evaluate organisational aspects of establishing a Computer Security Incident Response Team (CSIRT), the incident response process and fundamentals of incident response policy governance. Understand best practices for security report writing.

Understand how information security audits are performed and learn to interpret audit opinions. Review an audit report and create an actionable improvement plan.

Syllabus

Core Values & Strategic Goals

Topics:

  • Cyber Security and Information Security
  • Information Security Management Framework (ISMF)
  • Defining a Vision on Information Security
  • Laws and Regulations
  • Standards and Best Practices
  • Developing an Information Security Vision

Exercises:

  • Mission, Vision and Strategy
  • Vision on Information Security

Developing an Information Security Management System

Topics:

  • Interests, Threats and Resilience
  • Resilience Management Framework
  • Risk Management
  • ISO/IEC 27001
  • Information Security Policy
  • Information Security Profile

Exercises:

  • Resilience Management Framework implementation
  • Risk Assessment
  • ISO27001 implementation
  • Information Security Governance

Human Aspects

Topics:

  • Project Management: People
  • Project Management: Leadership
  • Project leadership

Exercises:

  • Leadership skills

Topics:

  • Information Security & Human Behaviour
  • Security Awareness Measures
  • Security Awareness Tools
  • Measuring Behavioural Change
  • Security Awareness Roadmap

Exercises:

  • Security Awareness Program Part 1 – Gain Support
  • Security Awareness Program Part 2 – Security Risks
  • Security Awareness Program Part 5 – Gap Analysis and Awareness Measures

Self – study : Attacker perspectives

Topics:

  • The Methods of the Hacker
  • Open-Source Intelligence (OSINT)
  • Google Hacking

Domains of IAM and Incident Response

Topics:

  • Introduction to Identity & Access Management
  • IAM Processes
  • Authentication and Related Services
  • Identity Governance
  • Access Governance
  • Accountability and Identity Intelligence
  • Responsibilities and Implementation

Topics:

  • Introduction to Incident Response
  • Incident Response Process
  • Policy and Agreements
  • CSIRT Services
  • Reporting

Exercises:

  • Coordinating incident response
  • CSIRT services

The Security Audit

Topics:

  • Audit, Definition and goals
  • Security audits
  • Audit process
  • In-control statement

In this last case study, students will review an information security audit report and propose an action plan that will help the organization to make this service ISO 27001-compliant.

The training ends with a test exam, followed up with an evaluation and discussion.

Collect your badge of honor

Exam

  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 10 multiple choice, 5 open questions and one case
  • Time: 120 minute

Dates & locations

Online Live

5 days

8 hours a day

Find a Local Training Partner

Organize a class dedicated for your team