Cyber, Information Security, and Data Protection

Transcription

1 Cyber, Information Security, and Data Protection The past, the present, and th e future 15th, 16th & 17th October 2018 Muscat - Oman Intellectual Events And Conferences Private Limited For more information contact

2 Course Leader Graeme Parker CISSP, CCP - SIRA, CDPO, CISA, CISM, CCSK, ISO Master, is a cyber-security professional and director of a security specialist consultancy. Trainer Pro le: Graeme has a broad cyber security background and proven expertise within security, having taken a number of high pro le businesses through security improvement projects, and having gained experience in industries such as nance, insurance, healthcare, government, manufacturing and the charitable sector. Graeme also works for a number of certi cation bodies as an ISO Lead Auditor conducting certi cation audits in the UK and overseas. Graeme started his career in IT in the banking sector before successfully implementing BS 7799 the forerunner to ISO 27001, in a number of UK National Health Service organizations. Following that Graeme worked for some major IT leaders including Capita, Fujitsu, Hewlett Packard and Cap Gemini leading a number of security projects across a range of challenging industries. Graeme has lead several organizations to ISO certi cation, developed security architectures, and lead the implementation of complex security programs. Graeme has produced white papers on a number of security topics and developed risk methods for Information Security and Business Continuity and is a regular speaker at events covering security topics. In 2018, Graeme is a panel member focusing on IoT security at the PECB Insights Conference in Paris. Graeme's main expertise is being able to develop security solutions which align to business needs and deliver pragmatic solutions in response to the organization's risk approach. Graeme has in depth experience of working with suppliers to ensure the resilience and security of the supply chain a risk area often overlooked by many organizations. Graeme holds a number of professional quali cations and also teaches CISSP, CISA and CISM courses and has a technical background holding the Cloud Security Alliance Certi cate of Cloud Security Knowledge (CCSK) as well as operating as a UK Government Senior Information Risk Advisor. Graeme delivers courses for several training companies as well as delivering private courses to organization's including Computer Sciences Corporation (CSC), Central Bank of Ireland, Ericson, ING, Novartis, Deloite and Unisys. Graeme teaches these courses to customers around the world having recently delivered successful courses in the UK, Qatar, Saudi Arabia, Portugal, Canada, Romania, Italy, Sweden, Croatia, Germany, Netherlands, Kazakhstan, Indonesia, Thailand, Nigeria, Fiji and the USA.

3 Why should you attend? The rapid and continued growth of technology worldwide has resulted in security and data protection becoming a high pro le issue which organizations, governments, law enforcement and individuals must address. Consumers and the public at large are asking more questions than ever about how data is handled, shared and stored. Legislators the world over are reacting with the roll out of various laws and regulations. Organisations have a growing requirement for knowledgeable professionals who understand both today's and tomorrow's issues and who can deliver pragmatic solutions that delivery security protection whilst still allowing organisations to get the best results from their technology investments This course enables you to develop the necessary expertise to support an organization in designing, implementing, operating and maintaining controls and processes that respond to today's risk landscape considering the technical, legal, ethical and business challenges to be addressed. We focus on the key aspects of Cyber Security, Information Security and Data Protection that you need to be a successful security practitioner. All attendees will receive a certi cate of achievement worth 21 Continuing Professional Education (CPE) Points.* Who should attend? CEOs, COOs, CTOs & CIOs, Industry VPs, Managing Directors, Business Development, Global Heads. IT Security analyst, IT Security engineer, IT Security Architect, IT Security Administrator, IT Security Software Developer, Cryptographer/Cryptologist, Cryptanalyst, Chief Information Security Of cer, IT Security Consultants/Specialists, IT/Technology Managers or Consultants, Information Security Professionals, Technology leaders, Risk Managers, System Administrators keen to expand their knowledge, and so on. Industry Medium and large size IT and ITeS companies Aeronautics Healthcare Logistics IT Banking and Finance Petrochemicals Oil and Gas, and so on

4 Learning objectives The course covers the following competency and knowledge domain areas: Fundamental principles and concepts in Cyber Security, Information Security and Data Protection. Knowledge of the current and future threat landscapes in relation to Cyber and Information Security. Identi cation of threat sources and actors from state actor to casual criminal and their approaches and techniques. Security countermeasures and mitigation techniques. Establishing an effective next generation security operations centre. Understanding national and international information and cyber security standards and their role and bene ts. Understanding of Cyber and Information Security Architecture and its role. Fundamental principles of risk management and the application of risk management to cyber security, information security and data protection. Developing a Cyber and Information security strategy programme and plan. Understanding the relationship between Cyber security, Information security, Data Protection and Privacy. Developing a holistic approach to effectively manage risk across the disciplines. Educational approach This training is based on both theory and best practices used in the design, implementation, operation and maintenance of frameworks, controls and countermeasures. Lecture sessions are illustrated with examples based on case studies and real world examples. Practical exercises are based on a case study which includes role playing and discussions in addition to quiz questions.

5 Course agenda Day 1: Topic 1: Fundamental principles and concepts in Cyber Security, Information Security, and Data Protection The session will start with clari cation of the basics and de nitions to make sure everyone is speaking the same language before we delve into greater depth. Con dentiality, Integrity, and Availability Difference between Information Security, Cyber Security, and Data Protection Risk concepts covering, threat, vulnerability, impact, likelihood, controls, and countermeasures Overview of security governance, strategy, planning, and policy linked with the security programme Business and Security architectures Security Operations Centre Incident Response, Disaster Recovery and Business Continuity Topic 2: Current Threat Landscape In this session we will look at various threat sources and actors including: State sponsored and Foreign Intelligence attacks Advanced Persistent Threat (APT) Local and International Organized Crime Social Engineering Insider Threats Supply Chain Threats Malware general and targeted SCADA/ICS threats Activist/Hacktivist attacks Topic 3: De ning Threat Sources and Threat Actors Topic 4: Future Threat Landscape Topic 5: Security Counter-Measures and Mitigation Techniques Topic 6: The Role of the Security Operations Centre Topic 7: The Next Generation Security Operation Centre! Homework 300 word summary exercises based on included case study.

6 Day 2: Overview of key Security and Data Protection Frameworks including ISO/IEC 27001, PCI-DSS, COBIT, ISO/IEC 27032, NIST. and various national standards from around the world. Cyber and Information Security Architecture and its role in addressing risk. Understanding the differences and relationships between business risk and security risk. Designing a cyber and information security strategy, program and plan gaining management support and buy in.! Practical security plan design workshop exercise. Day 3: Understanding the relationship between Security, Data Protection, and Privacy. Assessment of the current global privacy landscape examining key global privacy laws Designing privacy policy. Performing Privacy Impact Assessments (PIA). Review of current privacy controls and processes. Review of the latest Privacy Enhancing Technologies (PETs). Integrating the disciplines of Cyber Security, Information Security, Data Protection and Privacy. The future of Privacy and upcoming developments.! Final Exam 50 Question Multi Choice Exam Examination The nal exam will consist of 50 Multi Choice Questions over 2 Hours based on the content of the course. The pass mark is 65%. All attendees will receive a certi cate of achievement worth 21 Continuing Professional Education (CPE) Points. To Register Write to us at