Information Security Policies
What will you learn?
On completion of this one day course, delegates will be able to:
- Describe how educational organisations are dependant on information and what value it has within the organisation.
- Describe necessary characteristics of secure information.
- Describe the impact of user perception on information security within their organisation.
- Describe the relationship between information security and IT security.
- Explain the need for information security to be managed effectively and name the different stages in a management system.
- Describe the benefits and disadvantages of using a standard framework to create an information security policy.
- Explain the differences between a standard framework and the information security framework and suggest how these differences can provide a useful indication of problem areas.
- Explain the purpose of risk assessment and a number of different ways to address risk within their organisation.
- Describe the basic process of risk assessment.
- Identify a risk assessment methodology appropriate for their organisation.
- Explain the structure of the ISO/IEC 17799 Code of Practice.
- Analyse and describe why individual controls alone cannot deliver reliable information security.
- Review a risk assessment to identify required security measures.
- Identify key elements of a process for use within their own organisation.
- Highlight some of the organisational issues that impact on the requirements of a security policy.
- Explain the usefulness of an information security forum.
- Describe the requirements for security policies within education.
- Analyse the criticality of a system and select relevant mitigation.
- Navigate the structure and explain the main contents of the toolkit policies.
- Examine potential risks, the likelihood of the risk occurring and identify the impact on their organisation.
Course Overview
Information is critical to most of the functions of an education organisation, whether for teaching, research, administration, employment or funding. The effective operation of all those functions depends on reliably accurate information being available when it is needed by those who are authorised to see it, and is not disclosed to those who are not authorised to see it. These factors - accuracy, availability and confidentiality - are all components of information security.
This course therefore takes a broad view of what is needed to achieve the necessary level of information security, concentrating almost entirely on people, processes and policies, not on computers or networks.
Topics Covered
- Introduction to Information Security Management
- Policy frameworks
- BS7799
- Information Management Security Systems
- UCISA IST toolkit
- UCISA toolkit policies
- Implementation of policy
Benefits
The course will be of benefit to any managerial staff responsible for their organisations information security.
Who should attend?
It is intended for staff who will be designing and implementing information security management, designing and implementing processes or drafting policies. Delegates should have an understanding oftelecommunication networks and their organisations LAN as well as basic system administration of clients' and servers.
Timetable/On the Day
The course timetable will be adjusted on the day to allow discussion of areas of particular interest to the audience. The course will therefore run from 10am to 4.30pm . Registration will take place from 09:30 – 10:00.
This course is split into two sections. During the morning, there will be a number of presentations introducing the topic. In the afternoon, delegates split into small groups to carry out activities relating to the creation of Information Security Policies.
All delegates will receive a colour workbook specifically written for the course.
A buffet lunch and refreshments will be provided.
Related Courses
