Embedded Files
Course Structure
Structure of the course
Structure of the course
I. Information Security/Cybersecurity:
- Basic concepts and distinctions
- Information Security-ICT Security-Cybersecurity
- Confidentiality/Integrity/Availability
- Information assets
- Domains of an ICT infrastructure
- ICT security policy frameworks
- Assets classification
- International standards and professional bets practices
- Information security/Cybersecurity governance
II. Information Security Management Systems:
- Rationale and benefits of an information security management system
- The ISO2700X series of standards
- The P-D-C-A cycle
- Organizational context and business strategies
- Requirements and best practices according to international standards and professional best practices
- Diagnostic reviews
- Supporting technological tools
III. Information Security Risks Assessment and Management: Methodologies and implementation
- Threat scenarios
- Vulnerabilities
- Impact and likelihood
- Inherent and residual risks
- Remediation plans
- Estimation of costs/benefits of mitigating controls
IV. Auditing Cybersecurity Programs
- Audit strategy and risk-based auditing
- Planning; fieldwork; testing; documenting and protecting working papers; reporting results and recommending mitigating controls; follow-up
- Criteria; conditions; causes; consequences; corrective actions
- Assurance, conformance and formal certification
- Supporting technological tools
Report abuse