The Course

Data security for today's organisations is an ever increasing difficult task, especially with the increasing sophistication and volume of attacks aimed at stealing information. Protecting data becomes an perpetual challenge, with the view of an increased usage of mobile devices, such as laptops and smart phones. Furthermore, disaffected internal employees often have access to sensitive information. As companies expand and acquire more data, the need for a well managed solution that integrates multiple data-protection technologies to provide comprehensive enterprise coverage, along with persistent data protection, becomes a necessity across the enterprise. This can only be achieved with a credible appreciation of risk.

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. An appropriate risk management framework can bring visibility to key business and compliance risks and enable an organisation to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved in focusing on relevant areas of IT risk of data security within the enterprise environment.

Using international standards, an effective risk management control framework and current best practice, the aim of this seminar will advise senior executives and management on how to implement secure safeguards within a virtually borderless environment.

The Goals

During the five day seminar delegates will:

• How to take control of Risk Management Programme and learn appropriate methods.
• How to identify and address risk and compliance issues as presented within a global economy.
• How to design and leverage Risk Management Programme to reduce cost and risk through effective prioritisation and processes.
• Appreciate legal, technical and management risk within the Enterprise Environment and how to quantify these effectively.
• Appreciate the external risk of cyber crime.
• How to measure the financial value of Data Security and Risk Management and communicate these to line executives effectively.
• How governance and risk management trends are affecting corporate enterprises.
• International Standards for Data Security and Risk Management and best practice for managing compliance for security, crisis management, disaster recovery and high resilience and availability.

The Delegates

This seminar has been designed for individuals involved in, Risk Assessment, Information Security and Management of IT Systems and Enterprise Data Security. It is particular benefit to Application Service Providers, Network Architecture Personnel, individuals in regards to IT Risk, Policy and Compliance in addition to Security Service Vendors and specialist investigators and those with a responsibility for managing and securing information assets.

It is expected that delegates have a reasonable technical understanding of technology, electronic risk and security considerations, both technical and management.

The Process

Participants will gain detailed knowledge by active participation in seminars, group discussions and real life case studies. Delivery will be by presentation, group syndicate investigations, training DVD and interactive seminars.

The Benefits

By the end of this seminar participants will:

• The seminar will provide delegates with an understanding of the range of cyber attacks and other relevant risk that are exploited today, and their likely evolution within an enterprise environment.
• Using real life case studies, international standards and best practice, delegates will become aware of how to identify, quantify, and mitigate technical and IT risks effectively, using a range of methods of digital and management prevention strategies and techniques.
• The seminar will also provide delegates with an overview of key regulations, statutory provisions and the commercial challenges which this brings.

The Results

• Organisations will be better educated in relation to formulation of risk management frameworks, technology, legal and enterprise data security risks and associated obligations in regards to identification of a cyber attack, security breaches and appropriate defences that can be considered as a preventative solution.
• Appreciation and implementation of Information Security Management Framework, can seek to ensure adequate safeguards are implemented to mitigate identified risks and that resources are apportioned effectively.
• Place good reliance on controls which safeguard and utilise data for relevant business processes, and offer a secure framework for expanding and controlling the enterprise data security effectively.
• Being able to adapt current best practice will ensure that corporations can understand and mitigate legal risks and challenges which are encountered, both nationally and internationally whilst benefitting from leading and effective solutions.

The Course Content

• Day One : Development of Enterprise Architecture
  • Introduction, Development and Role in Modern Enterprise
  • Strategic, Tactical and Operational Considerations
  • Key Considerations in Development of Enterprise Architecture
  • Enterprise Architecture Project Management Considerations
  • Objectives of Security and IT Security Management
• Day Two Risk Assessment and IT Risk Management
  • Categorising and Managing Risk
  • Risk Analysis and Threat Identification Methodologies
  • Vulnerability Analysis
  • Understanding the need for effective Risk Management
  • Legal and Regulatory Considerations
  • Key Strategic and Security Considerations
• The Need and Benefits for Information Security
  • Electronic and physical risk
  • Utilising Information Security to protect business assets
  • Information and Data Risk Management
  • Data and asset classification
• Day Three : Data Security
  • Ensuring Information Security in an Enterprise Wide Environment
  • Vulnerability Assessments
  • Management and Technical Control Measures with Systems and Network Design
• Legal and Regulatory Considerations
  • Data Protection
  • Intellectual Property
  • Contracts and Commercial Liability
• Data Sharing and Best Practice
  • Defining data classification and business ownership
  • Establishing Memorandum of Understanding/Transfer Agreements
  • Best Practice Guidance for data sharing
  • Avoiding common errors and liability
  • Overview of International Standards and Best Practice
• Day Four : Introduction to computer system design and enterprise design security
  • Types of electronic and management controls for electronic information
    • Network, Operating System and Application controls and password schemes
    • Ensuring Confidentiality, Integrity, Availability, Authenticity and Accountability
  • Overview of ISO27002 Code of Practice for Information Security Management and Relevant Controls
• Day Five : Provisions and challenges
  • ISO 3100 Risk Management Principles and Guidelines
  • Challenges within Enterprise Architecture and IS environments
  • Common Oversights with Enterprise Architecture and IS Environments
  • Risk Management and Compliance
  • Success Factors for Effective Enterprise Data Security Management