Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

View Training Register Now

Course Description

Historically, IT security was focused on physical security, preventing malware, and defending against the onslaught of spam. External security focused on firewalls and intrusion detection/prevention devices at the network level.  The threat has metamorphosed into criminal attacks on the enterprise’s primary assets: its sensitive business information and its operations. In response to numerous cases of enterprises losing sensitive or proprietary information – customers’ or patients’ personal details, credit card numbers, social security numbers, medical histories, and more – the burden of privacy laws and regulations has also mushroomed, creating major compliance issues for the IT security function.

The focus has changed from network protection at the least possible cost to the “WSJ Test” – no corporate executive wants to be on the front page of a major newspaper associated with yet another data breach or a significant operational disruption.

IT security is now on the literal front line in the never-ending struggle to prevent data leakage and operational disruption.

We will discuss:

  • The real and present threats to the Enterprise with actual case studies
  • What information is actually sensitive
  • Why it is so difficult to know where that information is located
  • The major areas to be included in a Best of Breed security strategy
  • How data loss prevention has moved to the front of the bus
  • Information security strategy in a Federated world
  • Effective metrics to manage IT security and communicate with business management
  • Making IT security a valued and proactive partner in the business

Learning Objectives:

  • Establish the objectives for planning an IT security strategy
  • Build an IT security strategy that is understandable to and addresses management hot buttons
  • Fulfill compliance requirements
  • Protect the business assets from attack  while implementing cost-effective and efficient security

Course Outline

Defining the Security Model

  • Choosing a Security Governance frameworks
  • Choosing a Technical Security Model

Integrating Risk Management

  • Business risk framework
  • IT risk framework
  • IT security risk framework
  • Integrating all three

The Pillars of an IT Security

  • Authentication
  • Privacy
  • Authorization and Access Controls
  • Integrity
  • Non-Repudiation

Security Components

  • Governance
  • Physical security
  • Logical security
  • Human factors

Integrating Information Security Into the Systems Approach

  • Security Systems Development Life Cycle
  • Secure Architecture
  • Systems integration
  • Development models
  • Security Testing
  • Effects of Virtualization and Cloud

Non-Technical Aspects of IT Security Strategy

  • Security breach processes
  • Data Privacy and Data Loss Prevention
  • Compliance with regulatory requirements
  • Threat and Vulnerability Assessment

Performing Security Assessments

  • Peer review
  • Preparation for independent audits
  • The role of the internal auditor
  • Understanding external audit requirements

Managing IT Security

  • Metrics that measure effectiveness
  • Integration with business processes
  • Maintaining security levels across time and space

Additional Information

Who Should Attend
  • Information Security professionals
  • Risk managers evaluating their information security capabilities
  • Internal auditors
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Understanding of risk management processes and basic information security concepts.

Session Duration

Online: Two 3-hour sessions

On Site: 1 days

CPE Credits: 7