To ensure that delegates have a basic understanding of the principles underlying Information Security Management (ISM), and the current legislation and regulations, which affect this. In addition, the course will develop an understanding of the current national and international standards that are available together with knowledge of the business and technical environments in which information is held and processed.

What skills will the delegate gain?This course will enable delegates to:

• Understand the significance of their organization’s information and the consequent need to protect it against a loss of confidentiality, integrity or availability.
• Appreciate the widespread nature of threats that IT systems are exposed to such as hackers, viruses, and software failure.
• Develop an information security policy and present this effectively to senior management.
• Conduct a risk assessment and use the results from this to develop an information security strategy.
• Plan and run an information security awareness campaign.
• Understand the implications of the Data Protection Act and the demands it places on organizations holding personal data.
• Appreciate the importance of Copyright law and it’s effect on software licensing.
• Manage the implementation of specific security controls such as anti-virus measures, encryption devices and firewalls.
• Develop a Business Continuity Plan that will enable their organization to recover from a serious incident.

Who will the course benefit?

Business and Information System managers responsible for the continued operation of business application systems. IT managers responsible for delivering, running or maintaining IT services. In addition, it will benefit project managers and IT support personnel responsible for developing or implementing security measures within IT systems by enabling them to appreciate the many business requirements for security.

Course Content

The concepts and definitions that underlie information security such as confidentiality and integrity, threats and vulnerabilities, and the different types of controls that can be introduced.

The need for, and benefits of, information security as illustrated by surveys and statistics.

The threats to information systems, both deliberate and accidental.

Managing information security effectively by defining an appropriate organizational structure and defining individual responsibilities.

The different approaches to assessing the risks to information security.

The legal framework within which the industry operates today.

Security standards such as BS 7799 and the ITSEC scheme.

Security within LANs and WANsSecurity within Operating Systems

Developing and maintaining secure systems

The organizational and staff implications of security measures.

Implementing security measures such as:Anti-virus software,Firewalls,Cryptography,Access Control systems,Back-up and Restore facilities,Change control,Audit trails etc. Developing a Business Continuity Plan.

Developing a Business Continuity Plan.