Learning Objectives:

Module 1: Information Security Governance

• • Describe the role of governance in creating value for the enterprise.
• • Explain the importance of information security governance in the context of overall enterprise governance.
• • Describe the influence of enterprise leadership, structure and culture on the effectiveness of an information security strategy.
• • Identify the relevant legal, regulatory and contractual requirements that impact the enterprise.
• • Describe the effects of the information security strategy on enterprise risk management.
• • Evaluate the common frameworks and standards used to govern an information security strategy.
• • Explain why metrics are critical in developing and evaluating the information security strategy.
• • Information Risk Management and Compliance
• • Information Security Program Development and Management
• • Information Security Incident Management

Module 2: Information Security Risk Management

• • Apply risk assessment strategies to reduce the impact of information security risk.
• • Assess the types of threats faced by the enterprise.
• • Explain how security control baselines affect vulnerability and control deficiency analysis.
• • Differentiate between application of risk treatment types from an information security perspective.
• • Describe the influence of risk and control ownership on the information security program.
• • Outline the process of monitoring and reporting information security risk.

Module 3: Information Security Program Development and Management

• • Outline the components and resources used to build an information security program.
• • Distinguish between common IS standards and frameworks available to build an information security program.
• • Explain how to align IS policies, procedures and guidelines with the needs of the enterprise.
• • Describe the process of defining an IS program road map.
• • Outline key IS program metrics used to track and report progress to senior management.
• • Explain how to manage the IS program using controls.
• • Create a strategy to enhance awareness and knowledge of the information security program.
• • Describe the process of integrating the security program with IT operations and third-party providers.
• • Communicate key IS program information to relevant stakeholders.

Module 4: Information Security Incident Management

• • Distinguish between incident management and incident response
• • Outline the requirements and procedures necessary to develop an incident response plan.
• • Identify techniques used to classify or categorize incidents.
• • Outline the types of roles and responsibilities required for an effective incident management and response team
• • Distinguish between the types of incident management tools and technologies available to an enterprise.
• • Describe the processes and methods used to investigate, evaluate and contain an incident.
• • Identify the types of communications and notifications used to inform key stakeholders of incidents and tests.
• • Outline the processes and procedures used to eradicate and recover from incidents.
• • Describe the requirements and benefits of documenting events.
• • Explain the relationship between business impact, continuity and incident response.
• • Describe the processes and outcomes related to disaster recovery.
• • Explain the impact of metrics and testing when evaluating the incident response plan.