Leadership Training Mastering Cybersecurity Essentials

Certified Cybersecurity Program Implementer

(How to successfully implement cybersecurity program for Your organisation)

Duration: 4 days

INTRODUCTION

Developing an information security program that adheres to the principle of security as a business enabler is the first step in an enterprise’s effort to build an effective security program. Organizations must continually explore and assess information security risks to business operations; determine what policies, standards, and controls are worth implementing to reduce these risks; (3) promote awareness and understanding among the staff; and assess compliance and control effectiveness. As with other types of internal controls, this is a cycle of activity, not an exercise with a defined beginning and end.

Achieving certification as a "Certified Cybersecurity Program Implementer" offers a range of significant benefits in today's digitally driven business landscape. This certification signifies a professional's specialized competence in designing, executing, and managing effective cybersecurity programs within organizations. Certified individuals are equipped with the knowledge and skills necessary to identify and mitigate cyber threats, establish robust security frameworks, and ensure compliance with industry standards and regulations.

WHO SHOULD ATTEND

  • • CEO, CIO, CFO
  • • Human Resources, Finance, Strategic, Production Managers, Administration
  • • Managers, Executives & Administrators
  • • Basically, anyone that interested to understand the principles of Cybersecurity and learn how to implement an effective program for their organisation.

PREREQUISITE

  • • None.

METHODOLOGY

  • • Interactive presentation, with illustrations (videos), group discussions and Project Implementation (hands-on/ practical session) Conducting a Risk Analysis – Defining assets, Threat identification, Probability, Impact and Control Recommendation).

COURSE OBJECTIVE

  • Introduction to Information Security: To provide participants with a foundational understanding of the principles, concepts, and importance of information security in modern organizations.
  • Threats to Information Security: To educate participants on various types of threats and vulnerabilities that pose risks to information security, enabling them to recognize and respond to potential challenges.
  • Understanding the Information Security Program Structure: To familiarize participants with the organizational structure of an information security program, including roles, responsibilities, and the integration of security measures into business processes.
  • About Information Security Policy: To explain the significance of information security policies, their purpose, and the role they play in safeguarding organizational assets. Participants will understand the key elements of effective security policies.
  • Cybersecurity Legal: To provide participants with an in-depth understanding of Policies, Standards, Guidelines and Procedures.
  • Creating Policies: To equip participants with the skills needed to develop comprehensive and effective information security policies that align with organizational objectives and comply with industry standards.
  • Asset Classification: To educate participants on the process of asset classification, including the identification, categorization, and labeling of information assets based on their criticality and sensitivity.
  • Records Management: To train participants in the principles and practices of records management, focusing on the secure storage, retrieval, and disposal of organizational records in compliance with legal and regulatory requirements.
  • Access Control: To help participants understand the principles of access control, including authentication, authorization, and accountability, and to enable them to implement access control measures effectively.
  • Physical Security: To provide participants with knowledge and skills related to physical security measures, including the protection of facilities, equipment, and personnel to prevent unauthorized access and damage.
  • Risk Analysis and Management: To educate participants on the fundamentals of risk analysis and management, including the identification, assessment, and mitigation of risks to information security within an organization.
  • Conducting a Risk Analysis: To guide participants through the process of conducting a detailed risk analysis, including the identification of assets, threats, vulnerabilities, and the implementation of risk mitigation strategies.

COURSE OUTCOME

  • Introduction to Information Security: Participants will have a foundational understanding of information security principles, concepts, and the importance of safeguarding organizational assets.
  • Threats to Information Security:: Participants will be able to identify and assess various threats and vulnerabilities to information security, enabling them to proactively address potential risks.
  • Understanding the Information Security Program Structure: Participants will comprehend the organizational structure of an information security program, including roles, responsibilities, and the integration of security measures into business processes.
  • About Information Security Policy: Participants will understand the purpose and elements of information security policies, and be capable of developing, implementing, and enforcing effective security policies.
  • Cybersecurity Legal: Participants will gain knowledge of cybersecurity legal frameworks, regulations, and compliance requirements, enabling them to navigate and adhere to legal considerations in cybersecurity practices.
  • Creating Policies: Participants will acquire the skills to create comprehensive information security policies that align with organizational objectives, industry standards, and legal requirements.
  • Asset Classification: Participants will be proficient in the process of asset classification, including identifying, categorizing, and labelling information assets based on their criticality and sensitivity.
  • Records Management: Participants will be able to manage organizational records effectively, ensuring secure storage, retrieval, and disposal in compliance with legal and regulatory requirements.
  • Access Control: Participants will understand access control principles and practices, and be capable of implementing and managing access control measures to protect organizational assets.
  • Physical Security: Participants will grasp the fundamentals of physical security, including measures to safeguard facilities, equipment, and personnel from unauthorized access and damage.
  • Risk Analysis and Management: Participants will possess the knowledge and skills to conduct risk analysis, assess potential risks to information security, and develop strategies for risk mitigation and management.
  • Conducting a Risk Analysis: Participants will be able to conduct detailed risk analyses, identifying assets, threats, vulnerabilities, and implementing risk mitigation strategies to enhance organizational security.

COURSE OUTLINE

No Program
Day 1
1.

Part 1: Introduction to Information Security.

  • • More ten just Computer Security
  • • Controls- Employees mindset
  • • Role and Responsibilities
2.

Part 2: Introduction to Information Security

  • • Common Threats
  • • Policies and Procedures
  • • Information Protection Program
3.

Threats to Information Security

  • • Errors and Omission.
  • • Fraud and Theft.
  • • Malicious Code.
  • • Denial -of-Service
  • • Social Engineering
  • • Summary
4.

Understanding the Information Security Program Structure

  • • Enterprise Security Program.
  • • Business Unit Responsibility
  • • Information Security Awareness
  • • Information Security Program Infrastructure
5.

About Your Information Security Policy-Part 1

The cornerstone of Policies.

  • • Corporate Policies.
  • • Types of Policies Part 1:
  • • Employment.
  • • Standards of Conduct.
  • • Performance management.
  • • Employees Discipline.
  • • Information Security.
Day 2
6.

About Your Information Security Policy- Part 2

The cornerstone of Policies.

  • • Corporate Communication Workplace Security
  • • Employment.
  • • Business Continuity Plan.
  • • Procurement and Contracts
  • • Record management
  • • Asset Clarification
7.

Cybersecurity -Legal Definition of: -

  • • Policy.
  • • Standards.
  • • Procedures.
  • • Guidelines
8.

Creating Policies: -

  • • Global Policies.
  • • Topic.
  • • Scope
  • • Responsibility.
  • • Compliance or Consequences.
  • • Sample of Global Policies.
9.

Asset Classification

Why are assets classified?

Classification Categories.

  • • Example 1 to 4

    • Employees Responsibilities

  • • Owner
  • • User
10.

Records Management Policy.

Information Handling Standards matrix.

  • • Printed Material.
  • • Electronic Stored.
  • • Electronic Transmitted.
  • • Recorded Management Retention.
Day 3
11.

Information Classification Methodology.

Authorization for Access

  • • Owner
  • • Custodian
  • • User
12.

Access Control

  • • Business Requirement for Access Control.
  • • User Access Management.
  • • System and Network Access management.
  • • Operation System Access Controls
  • • Monitoring System Access
13.

Physical Security

  • • Data Centre Requirement.
  • • Physical Access Control.
  • • Fire Prevention and Detection.
  • • Verification Disposal of Documents.
  • • Agreements.
  • • vIntrusion Detection System
14.

Risk Analysis and Management.

  • • Why Risk Analysis?
  • • When to conduct a Risk Analysis?
  • • Who and How to Conduct?
  • • What can the results tell us?
  • • Who Should Review?
15.

Risk Analysis Process – Practical Session

  • • Asset Definition.
  • • Threat Identification.
  • • Determine the Impact of Threat
  • • Control Recommendation.
  • • Documentation
  • • Risk Mitigation.
  • • Control Categories.
  • • Cost/Benefit Analysis
Day 4
  • • Exam – Multiple Choice Questions 1 ½ Hours