Learn how to build an information security program, implement it at your organization, and keep it in operation to mitigate risk and remain in compliance.
Overview
Syllabus
Introduction
- Protect against cyber attacks
- What you should know
- Information security overview
- Cybersecurity overview
- Cyber resilience overview
- Risk management overview
- Achieve your customers’ expectations
- Cyber-attack and failure resilience
- Compliance with laws and regulations
- Support executives and the BOD
- Essential functions of a program
- Determine your role
- Build a team
- The need for management
- The need for leadership
- Sources of controls
- Organize around cyber resilience
- Design an information security program
- Plan to measure information risks
- Use a data-driven cyber risk management method
- Understand the 0 to 10 scale
- Set target scores for each control
- Decide where to measure information risk
- Create a score key for experts
- Prepare to collect scores from experts
- Set up a score collection workflow
- Collect scores from your systems
- The questions that drive us
- Determine resilience
- Determine the top five risks
- Understand the leadership landscape
- Generate ideas to manage top risks
- Estimate costs
- Estimate benefits
- Prepare proposals
- Communicate with executives
- Communicate with stakeholders
- Communicate with auditors
- Determine measurement frequency
- Build on baseline measurements
- Construct an annual program of work
- Next steps
Taught by
Kip Boyle