Security Management – Standards, Methodologies and Application

Course titel: Security Management – Standards, Methodologies and Application

Course type: Intensive course online on Cybertrusion’s learning platform, in small groups along with other participants

Course length: 2 weeks (every Monday to Friday, weekends used for deepening practical knowledge)

Overview and training objectives: it is well-known among information security practitioners that nontechnical, organizational aspects are equally important than technical measures. A lot of different standards and approaches exist, and Choosing the right method is of critical importance. Key factors are operating efficiency, user acceptance, and compliance.

In many cases, small and medium enterprises won’t hire subject matter experts for their information security needs. Therefore, it is important to get a jump start for capacity building.

The amount of different security management guidelines is daunting. It is not efficient to study all the available material in detail, just to find out that most of it won’t suit your company’s requirements. This course will help you to narrow down your set of useful options and find the best method for you.

Current situation

We will discuss several practical examples together, identify possible mistakes and find out how to avoid them. From our professional experience we already know which solutions work / don’t work in day-to-day operations, and not only on Powerpoint. We provide you with an overview and comparison of relevant standards and methodologies for information security management. We will share our lessons learned and help you to successfully manage your security.

Course contents:

  • Overview of relevant standards and methodologies: what are their respective strengths and weaknesses, different approaches, target groups
  • Legal aspects: requirements for different branches of industry, government and critical infrastructures
  • NIST Security- and Risk Management Framework, NIST SP800 document series
  • Other important countries with relevant information security requirements
  • ISO 27xxx Security Management and other relevant ISO standards
  • ITIL, COBIT, OCTAVE and more
  • Risk management and its relation with security management
  • How compatible are the relevant standards and methods? Is there one standard that covers all requirements? Which method is most practical, what standard is most thorough?
  • Interconnections between technical security and organizational aspects
  • Method selection as a function of company type (size, branches, etc.)
  • Evaluation and discussion of practical tasks (homework)

Over the course, you will regularly work through small tasks and receive tips and feedback from the course leader. You will discuss the course contents together with other participants in internal discussion forums and are able to participate in expert exchanges. Finally, towards the end of the course, you will create a short text based on a self-selected question (task takes a half to whole day).

Certificate of completion: if you completed your homework and your participation was regular you will receive upon completing the course a certificate of completion. The small tests are exclusively for your personal self-assessment; no grade is given.

Advantages: intensive, daily support from course leaders, discussions and expert exchanges with other participants, regular self-assessment through multiple choice tests and quizzes, working through various tasks including feedback.

Profit from the experience of other expert colleagues and IT security experts, from their approaches and tips for successfully completing demanding projects.

Who should attend: This course is designed for consultants, government- and company employees with one of the following:

  • IT and/or Security managers
  • IT and/or security experts
  • people who are entrusted with the implementation or contracting of cyber security
  • experienced IT security professionals who would like to see what working methods other colleagues make use of
  • Security consultants
  • IT personnel and administrators
  • Anyone who for work reasons wants to find out how to structure and carry out information security in an organization

Prerequisites: Our courses are directed at participants with a background in IT. Basic knowledge of cyber security is useful in order to make the most of our course. Knowledge of technical details (network protocols, system administration etc) are not necessary as this course emphasizes methodology.

Requirements for participation:

  • You would need to plan in half a day (or a whole evening) daily for working through the course contents and reading the standards and guidelines used
  • You will require a computer with connection to the Internet, a word processor of your choice and the ability to create PDF documents

Tuition | Dates | Registration:

  • Course date: currently in-house only
  • Early Bird Discount: if you register up to one month before starting date: your course fee is 980 USD
  • For late registrations (30 days or less before starting date): 1180 USD
  • Payment is to be made after registration is confirmed. Places are limited, and as such early registration is recommended

Infos about the process and setup of our online courses are found >>here<<.

→ Registration: You can register here with our online registration form.