ISEB Certificate in Information Security Management Principles

Course Overview

In today's business environment security within IT systems is no longer an option it is a necessity. The Internet has brought home to everyone the realisation that information such as credit card numbers can be distributed around the world, and subsequently misused, within seconds. In addition company Web sites are easily defaced and 'denial of service' attacks are becoming more common.

This course has been designed for anyone involved in ensuring the security of their organisation's information. It covers all the fundamental principles of information security together with practical advice on how to implement effective security measures within a diverse environment. All aspects of information secuity are covered, not just IT security.

The course will prepare candidates to sit the written examination for the Internationally recognised certificate in Information Security Management Principles awarded by the Information Systems Examination Board (ISEB) of the British Computer Society.

Audience

Business and Information System managers responsible for the continued operation of business application systems. IT managers responsible for delivering, running or maintaining IT services. In addition it will benefit project managers and IT support personnel responsible for developing or implementing security measures within IT systems by enabling them to appreciate the many business requirements for security.

Skills Gained

To ensure that delegates have a basic understanding of the principles underlying Information Security Management (ISM), and the current legislation and regulations which affect this. in addition the course will develop an understanding of the current national and international standards that are available together with a knowledge of the business and technical environments in which information is held and processed.

This course will enable delegates to:

• Understand the significance of their organisation's information and the consequent need to protect it against a loss of confidentiality, integrity or availability.
• Appreciate the wide-spread nature of threats that IT systems are exposed to such as hackers, viruses, and software failure.
• Develop an information security policy and present this effectively to senior management.
• Conduct a risk assessment and use the results from this to develop an information security strategy.
• Plan and run an information security awareness campaign.
• Understand the implications of the Data Protection Act and the demands it places on organisations holding personal data.
• Appreciate the importance of Copyright law and it's effect on software licensing.
• Manage the implementation of specific security controls such as anti-virus measures, encryption devices and firewalls.
• Develop a Business Continuity Plan that will enable their organisation to recover from a serious incident.

Prerequisites

ISEB regulations require delegates to have a minimum of twelve months experience in IT.Delegates with a minimum of three years business background, involving work with an IT team may also attend the course, but may not be eligible for the examination.

Examinations

The course fee includes ISEB Examination fees for the Certificate in Information Security Management Principles.

Course Outline

The concepts and definitions that underlie information security such as confidentiality and integrity, threats and vulnerabilities, and the different types of controls that can be introduced.

• The need for, and benefits of, information security as illustrated by surveys and statistics.
• The threats to information systems, both deliberate and accidental.

Managing information security effectively by defining an appropriate organisational structure and defining individual responsibilities.

• The different approaches to assessing the risks to information security.
• The legal framework within which the industry operates today.
• Security standards such as BS 7799 and the ITSEC scheme.
• Security within LANs and WANs
• Security within Operating Systems
• Developing and maintaining secure systems
• The organisational and staff implications of security measures.

Implementing security measures such as:

• Anti-virus software,
• Firewalls,
• Cryptography,
• Access Control systems,
• Back-up and Restore facilities,
• Change control,
• Audit trails etc.Developing a Business Continuity Plan.
• Developing a Business Continuity Plan.