• Classroom
Course Description

Information is one of an organizations most important assets. Protection of information assets is necessary to establish and maintain trust between the organization and its customers, maintain compliance with the law, and protect the reputation of the organization. Timely and reliable information is necessary to process transactions and support organization and customer decisions. An organizations earnings and capital can be adversely affected if information becomes known to unauthorized parties, is altered, or is not available when it is needed.

Information security is the process, by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations.

Organizations often inaccurately perceive information security as the state or condition of controls at a point in time. Security is an ongoing process, whereby the condition of an organizations controls is just one indicator of its overall security posture. Other indicators include the ability of the organization to continually assess its posture and react appropriately in the face of rapidly changing threats, technologies, and business conditions.

This seminar addresses the ways and means of developing an information security program that enables an organization to meet its business objectives by implementing business systems with due consideration of information technology (IT)-related risks to the organization, business and trading partners, technology service providers, and customers.

Learning Objectives

  • Breakdown information security management strategies into manageable and maintainable plans for implementing information security policies and procedures.
  • Identify activities associated with a vibrant information security program.
  • Recognize needed information security controls.
  • Design applicable information security controls, as warranted by the operational environment.
  • Construct appropriate tests of selected information security controls.
  • Evaluate logical and physical information security architectures.
  • Produce information security policies, guidelines, procedures.
  • Assess the integration of information security requirements into organizational processes.
  • Understand and recognize appropriate information security metrics.
  • Assist in developing a business case for implementation of a viable information security program, across the enterprise.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.