Information Security Workshop

Transcription

1 Information Security Workshop March 2014, Crowne Plaza Hotel 9:00am-4:00pm Key Learning Objectives: 1. Understand Information Security needs and learn about Risk Management Essentials 3. Understand Standards and Best Practices in Information Security Management 4. Policies, Standards, Procedures, Guidelines 5. Understand Business Continuity as essential element of Information Security 6. Understanding Controls to manage Security 7. Measuring Security Management Effectiveness Target audience: IT Security Professionals IT Auditors IT Professionals Fees: BD450 members / BD600 non-members

2 8:30-9:00 Registration 9:00-10:30 Session I 10:30-11:00 Coffee Break 11:00-12:30 Session II 12:30-13:30 Lunch Break 13:30-15:00 Session III Day one: 1.Definitions: a. Security b. Information, Data Asset c. Standards, Best Practices 2.Accountability, Responsibility for Security & Risks 3.Information Security Governance 4.Process Approach SIPOC, ETVX, PDCA8.Compliance Vs Conformity 5.Laws - basic needs Information Act, Privacy, Intellectual Property 6.Risk Management Part 1 a. Risk Culture of an Organization b. Asset recognition c. Risk Recognition d. Risk Evaluation Qualitative and Quantitative e. Risk Response Process Defining Residual risks f. Risk Prioritization g. Essentials of Risk Monitoring 7. Risk Management - Part II a. Risk management Considerations b. Risk Treatment Plans c. Risk response Process d. Risk KRIs e. Information Systems Control Design and Implementation

3 Day two: 1. Risk Management in Information Systems Control Part 111 a. Determine IT Strategy - Security as part of planning Process not an Add on Strategic Intent b. Project and Program Management c. Acquisition, Development, Maintenance d. Change Management e. Third Party Service management f. Information Security Management g. Data Management 2. Security Policies: a. Essentials b. Controls c. Awareness d. Training 3. Elements of Information Security Controls a. People b. Physical Security c. Environmental Security d. Asset Management e. Access Control f. Change Control g. Operations Management h. Availability Planning i. Capacity Planning j. Third Party Service management 4. Recognizing Controls to Manage Security risks SOA Perspective of ISO Measuring Security Implementation: a. Critical Success factors

4 b. KPIs c. Metrics 6.Technology: Day Three: a. Perimeter Firewalls, Proxy, Honey-pots... b. Internal IPS, IDS, Network Security, Virus Control c. Storage Encryption d. Communication & Business PKI Keys, Cryptography, e. Data Loss prevention Content Management 1.Business Continuity Planning (plan beyond Availability Management) - I: a. Its a business Call b. Business Impact Analysis c. IT Service Continuity Planning Parameters for consideration d. How Much, How Fast - RTO / RPO1.Business Continuity Planning (plan beyond Availability Management) - II: e. Implementation 2.Define Security Incident f. Testing Different Types of testing BCP g. Maintaining BCP Plans 3.Define Incident Response process 4.Security Incident recognition awareness, Recognizing Security Incident 5.Stakeholders in Security Incidents 6.Incident Response 3 elements 7.Documentation: a. Containment b. Eradication c. Recovery a. Documents Vs Records b. Document Control, Record Control c. What to maintain? d. How much is necessary?

5 About the Workshop Leader Rohinton Dumasia Rohinton is a graduate in Mathematics and Physics from Bombay University in 1973 and a Post- Graduate in Operations Research and Statistics also from Mumbai University in He has over 35 years of experience in Information Systems Planning, Design, Operations, Control and Management Domain having tackled various assignments in the areas of Service Support, Service Delivery, Software Development and Implementation, Project Management and Training. His Career ranges from Computer Operations, Software Development, to being a CIO and now an Independent Consultant and Trainer. Also has been associated with implementing ITIL processes since His assignments include COBIT Implementation for a oil refinery, ISO implementation for Finance company, defining processes for a Software development company, defining Architecture for Shipping company. His current assignment is Planning and Implementation of BCM plan for uqasi-government organization. He is a trainer for ITIL up to Expert level, ISO 27001, COBIT certification Programs. He has also completed certifications in TIPA,TOGAF and KT Foundation. He also conducts training in Essential Project Management, Business Analysis, Requirement Engineering and Information Security Framework. He has been taking ITIL trainings since ITIL V2 and now ITIL V3. He has conducted trainings in India, Philippines, Malaysia, and other countries of Far East. He is a regular speaker at various forums and conferences. He is ex-chairman and an active member of Computer Society of India and contributes to their activities, seminars and conferences. He has worked in various domains Manufacturing, FMCG, Shipping, IT Services and consulted for Software Development, Airlines and Oil Refinery.

6 Registration Form Fill in this Form and send fax to or to Course Title: Date / / Company information Person in charge Company Name Department Position Contact no. Fax No Country Candidate s information S.No. Candidate s Name Job Title Contact No Terms of Payment Cheque payable to ISACA Bahrain Chapter to be sent to P.O. Box Hidd, Bahrain By Wire transfer to ISACA Bahrain Chapter Account Bank: Ahli United Bank IBAN: BH48 AUBB Account #: Swift Code: AUBBBHBM Registration Approval: I hereby approve the above details for registration Signature: Date : Company Stamp: