Implementing an Information Security Program
Overview
Learn how to build an information security program, implement it at your organization, and keep it in operation to mitigate risk and remain in compliance.
Building and operating an information security program at your organization can be challenging. The scope can be vast and complex. Thinking of all the ways an organization can fail and coming up with actionable measures you can take to prevent issues, mitigate risk, or recover from events is a large undertaking. In this course, Kip Boyle, president of Cyber Risk Opportunities, guides you through the entire process of creating an information security program, rolling it out to your organization, and maintaining it for continuous risk management.
Building and operating an information security program at your organization can be challenging. The scope can be vast and complex. Thinking of all the ways an organization can fail and coming up with actionable measures you can take to prevent issues, mitigate risk, or recover from events is a large undertaking. In this course, Kip Boyle, president of Cyber Risk Opportunities, guides you through the entire process of creating an information security program, rolling it out to your organization, and maintaining it for continuous risk management.
Syllabus
Introduction
- Protect against cyber attacks
- What you should know
- Information security overview
- Cybersecurity overview
- Cyber resilience overview
- Risk management overview
- Achieve your customers’ expectations
- Cyber-attack and failure resilience
- Compliance with laws and regulations
- Support executives and the BOD
- Essential functions of a program
- Determine your role
- Build a team
- The need for management
- The need for leadership
- Sources of controls
- Organize around cyber resilience
- Design an information security program
- Plan to measure information risks
- Use a data-driven cyber risk management method
- Understand the 0 to 10 scale
- Set target scores for each control
- Decide where to measure information risk
- Create a score key for experts
- Prepare to collect scores from experts
- Set up a score collection workflow
- Collect scores from your systems
- The questions that drive us
- Determine resilience
- Determine the top five risks
- Understand the leadership landscape
- Generate ideas to manage top risks
- Estimate costs
- Estimate benefits
- Prepare proposals
- Communicate with executives
- Communicate with stakeholders
- Communicate with auditors
- Determine measurement frequency
- Build on baseline measurements
- Construct an annual program of work
- Next steps
Taught by
Kip Boyle
Never Stop Learning!
