A division of

The Global Leader in Audit, Risk, Fraud and Security Training

Information Security Managers Academy

A step-by-step guide to establishing and managing an information security program that works

5 day course 19-23 May 2014 Singapore

Course Director

Charles Pask
Mr. Pask has over 25 years experience in IT, IT audit and IT security

Who should attend

Information Security and IT Managers Information Security Analysts Security Architects Security Administrators (wanting to move to management) Risk Personnel System Administrators Network Administrators IT Auditors Internal Auditors

Explore the various aspects of InfoSec management in a changing ICT environment Discover how to make a difference in your organisation by examining a number of proven techniques for gaining support for your InfoSec program Gain insight into the building blocks for success for your program Work with an InfoSec professional who has walked the walk CISSP & CISM exams how to prepare for these Why do we need controls?
PLUS

Prerequisite: None Advanced Preparation: None Learning Level: Intermediate Field of Study: Specialized Knowledge and Application Delivery Method: Group Live

Each delegate will receive up to 2GB of additional documentation, research, policies, awareness programme posters and education tips.

Earn 40 CPEs by attending

PLEASE REGISTER EARLY Due to recent changes in VISA processing, delegates are strongly advised to obtain relevant VISAs up to one month prior to the course.

SAVE UP TO 50% WITH IN HOUSE TRAINING

Details inside

Web

www.mistiasia.com

Email

misasia@misti.com

Tel

+852 2520 1481

Information Security Managers Academy

Course focus and features

5 day course 19-23 May 2014 Singapore

Day 1
Dening the information security business case Defining and delineating the attributes of an information security program Assessing threats to information security and areas of vulnerability Global legal and regulatory requirements for data protection and privacy International requirements (SOX, Basel, etc) Current concerns in information security Defining an enterprise information security architecture How our views on computer security have changed NIST, CERT, FIRST, DISA and other great resources for information security Security management: Strategic components Defining the information security department charter Organising for success: Roles and responsibilities The security management cycle Risk assessment and management Strategic steps to security management Overall management vs day-to-day administration Gaining management and organisational support Security policies, standards, and procedures Information classification and valuation Creating awareness programs Metrics, maturity models, and return on security investment Useful standards/guidelines for information security: ISO, IETF, COBIT, NIST/ FISMA, NSA/DISA, OWASP, ISF, SANS, etc

Information risk management has become a serious priority. New legislation and the best practice set forth in ISO27000 (old BS7799 and ISO-17799) point to information risk analysis as the foundation of any program designed to safeguard information assets. If you have inherited a program that needs to be improved/benchmarked, this course will be your step-by-step guide to establishing and managing a workable information security program. If you are auditing the security environment, this course will help you identify the essential elements that need to be in place for your organisation to have eective controls. The Course Director is a proven InfoSec Senior Manager with over 25 years experience in managing an InfoSec team and running IT Audits. The course begins with the building blocks of an Information Security Management System (ISMS), using real-life scenarios and case studies to reinforce what you learn. This is not a technical course. Industry statistics show that over 70% of an organisations InfoSec problems revolve around ill-advised sta or ineective InfoSec programs.

The course will cover:

The planning and management of the security program Understanding internal and external threats to success Establishing effective security policies Disaster recovery and business continuity planning Getting the business more involved with information security Developing an enterprise security architecture Identity and access control management Cryptography Physical protection of your business and computing facilities Employee privacy issues The legal and regulatory aspects of information security, including awareness programs

Save time and money with

IN-HOUSE TRAINING

MIS Training Institute provides specific, tailor-made in-house training on a wide variety of internal audit, IT audit and information security topics. Clients can determine the content, duration, and level of expertise of the course, creating a unique and customised programme. All our in-house consultants are professional trainers and draw on many years of practical experience in the audit and information security areas. To find out more about the special benefits of in-house training, please contact: Yvonne Lim In-house Manager Tel: +852 2520 1481 Email: inhouse@misti.com

please inform us of this upon registration and pay one month in advance in order for your CPD application to be processed. For further information on CPD accreditation please email us on misasia@misti.com

You may use your attendance at courses held by MIS Training CONTINUING PROFESSIONAL Institute to qualify for CPD points with The Law Society of Hong DEVELOPMENT Kong. If you wish to claim CPD Hours for your registered course,

The course was fascinating. It covered all the areas and topics of Info. Security at a managerial level. It provided me with a great guidance and assurance in achieving my program
Info. Sec. Manager, FALCOM Financial Services

Copyright Euromoney Training 2014

COURSE CODE

EMPS5505 - T

Day 2
Legislation and standards Privacy protection laws Anti-hacker legislation Emerging international security standards Common methods of identity theft Emerging law Best practice protections to prevent loss of privacy Creating a strong foundation through policy Examining your environment and business drivers to create effective policies Tips for quickly creating policies: Printed and Internet resources Tools and techniques for examining your computing environment Case study/class exercises: Developing organisational policies Examing delegates own policies and making improvements

Day 4
Physical, hardware and environmental security Physical security Hardware security Media security Environmental controls in the distributed environment Protecting the network perimeter: network and workstation security Network security management primer Firewalls Intrusion detection and incident response Virtual private networks Workstation security Wireless and mobile device security System and organisation-wide recovery Plan management and testing Levels of preparedness Testing your plan

The future of information security in the organisation Management support Relating security to the business Nurturing the security and audit relationship Funding, staffing and know-how Keeping current 12-point plan for success Bonus: You will receive the Swiss Army Knife Reference Guide-Security Managers edition that includes sample security policies, job/ role descriptions, security review checklists, bibliography of printed and electronic sources of security and audit information and tools, and a glossary of distributed computing terminology.

Day 5
Tools that can help create awareness Methods for selecting effective tools, techniques, and trinkets Gaining management support Video examples and cost-effective sources for awareness Roles and responsibilities Defining the BCP management process Using the business impact analysis (BIA) Redundancy, backup, and fault tolerance

Day 3
Information risk analysis The risk analysis cycle and its components Identifying assets in an information risk analysis Determining asset values How the information risk management process fits into the information protection program Integrating risk management into an enterprise-wide process Partners in the information risk management process and their specific roles Types of information risk analysis: Quantitative vs qualitative approach Software tools for performing the information risk analysis process Identifying asset categories: IT, business processes, or business functions Defining information risk analysis targets and scope The information owners role in the information risk analysis process Risk management Arriving at an acceptable level of risk Uncovering information vulnerabilities There will be case studies and opportunities to assess delegates own risk processes Business impact analysis (BIA) BIA process: Components and definitions BIA as the key to a successful data security program Partners in the business impact process and the role each one plays

Good fun and lled with lots of interesting material

Past delegate, BT Global Services

Course Director

Charles Pask
Gain access to an experienced professional who is still a practitioner. Mr. Pask will make the material lively and explain to you the fundamental building blocks to ensure success in your own audit environment. Charles Pask is the Managing Director of an IT security and IT audit consultancy. Previously, he was a Director with MIS Training, and Director of Information Security Institute (ISI) European and Middle East e-Security Services. Mr. Pask has over 25 years experience in IT, IT audit, and IT security, and was the Information Security Manager for Alliance & Leicester plc prior to joining MIS. More recently Mr. Pask was the Global Head of Strategy, Development and Globalisation for the Bristish Telecom Business Continuity, Security and Governance Practice. Mr. Pask has spoken at a number of conferences, including CISO, WebSec, Compsec, the International Security Managers Symposium, and various ISACA events. He was the Chairman of the European Chief Information Security Officers (CISO) conferences for the last 6 years and for the Middle East CISO conferences for the last 2 years. He will be Chairing both conferences in 2011. He delivers several MIS Training courses, including IT Auditing and Controls, IT Audit School, Risk Based IT Auditing, How to Manage an Information Security Program and Information Security School. He has also been a Senior Instructor for ISC2 for CISSP exam training. Mr Pask has helped over 300 students globally pass the CISSP exam.

Web

www.mistiasia.com

Email

misasia@misti.com

Tel

+852 2520 1481

The Global Leader in Audit, Risk, Fraud and Security Training

Membership discount IIA and ISACA members save 10% This discount cannot be used in conjunction with any other offer. Group booking discount When two colleagues from one institution book together on the same course, there is a 5% discount on the second booking. Further discounts are available for larger groups. Venue All of our courses are held in 4-5 star hotels, chosen for their location, facilities and level of service. You can be assured of a comfortable, convenient learning environment throughout the duration of the course.

4 easy ways to register

1.  Web www.mistiasia.com 2.  Email misasia@misti.com 3.  Telephone +852 2520 1481 4.  Facsimile +852 2866 7340

IMPORTANT INFORMATION - YOUR EVENT CODE Register on-line at:

Due to the variation in delegate numbers, we will send venue confirmation to you approximately 2 weeks before the course commences.

www.mistiasia.com

EMPS5505 - T

Please ensure you enter your event code when registering and you will be entered into our quarterly prize draw to win 50 of Visa vouchers.

MIS Training Institute (MISTI) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org

Registration form Yes, please register me for:

Information Security Managers Academy (EMPS5505) on 19-23 May 2014, Singapore
Cant make this date? We schedule our courses throughout the year. Please contact us to check for alternative dates and locations.

Course fee: US$4,450

All fees are net of withholding, business and local taxes. Delegates registering from Singapore for Singapore courses will have to bear the prevailing GST at the date of the invoice. Seat is confirmed only upon receipt of payment. IIA Membership No.:

Delegate details (all of the following is required to process your registration) Surname First name Position Approving Manager Company Address Department Position

ISACA Membership No.: Mr/Mrs/Ms Payment details (please tick as appropriate) Cheque
#

Invoice

Credit card

To make this payment by credit card, please call +852 2520 1481.

I have read and understood the booking terms and conditions Signature How did you hear about the course?
I prefer course updates by email. 

Date

Telephone Email
Disclaimer
MIS Training Institute (MISTI) reserves the right to alter any part of the published programme or faculty. In the event of course cancellation by MISTI due to unforeseen circumstances, MISTI limits its liabilities to refunding the tuition fee of the course. Fee includes tuition, documentation, lunch and refreshments. Delegates are responsible for their own flights and accommodation. An invoice will be sent upon receipt of registration form.

Fax

My email address is Please fax back to +852 2866 7340 or email your details to courses@euromoneyasia.com. Please include the code that appears on top of the address label above in your email.

Data protection
The information you provide on this form will be used by Euromoney Institutional Investor PLC and its group companies (we or us) to process your order and/or deliver relevant products/services and content. We may also monitor your use of our website(s), including information you post and actions you take, to improve our services to you and track compliance with our terms of use. Except to the extent you indicate your objection below, we may also use your data (including data obtained from monitoring) (a) to keep you informed of our products and services; (b) occasionally to allow companies outside our group to contact you with details of their products/services; or (c) for our journalists to contact you for research purposes. As an international group, we may transfer your data on a global basis for the purposes

indicated above, including to countries which may not provide the same level of protection to personal data as within the European Union. By submitting your details, you will be indicating your consent to the use of your data as identified above. Further information on our use of your personal data is set out in our privacy policy, which is available at www.euromoneyplc.com or can be provided to you separately upon request. If you object to contact as identified above by telephone , fax , or email , or post , please tick the relevant box. If you do not want us to share your information with our journalists , or other companies please tick the relevant box.

a division of Euromoney Institutional Investor

Cancellation policy

If any registered delegate cannot attend our course, a replacement is always welcome for the

course. Cancellations must be made in writing (letter or fax) with MISTIs acknowledgement. Written cancellations must reach this office 30 days before the programme commences. A full refund less an administration charge of US$150 will be given. For any written cancellation requests that reach us less than 30 days before the event, no refunds will be given. However, if you wish to attend another MISTI course in the Asia-Pacific region, a 75% discount voucher which values not more than 75% of the initial payment will be issued. Please note that the subsequent course must take place within 6 months of the initial registration. Discount vouchers are transferable within the same organisation, but not to be used in conjunction with any other discount schemes. Discount vouchers will not be issued for no-shows without cancellation. MISTI reserves the right to the final decision if any dispute arises.

Flights and hotel accommodation should only be purchased when our logistics team contact you to confirm the course venue. The attendee is solely responsible for their flight and accommodation arrangements and costs. In the unlikely event MISTI should have to cancel an event it will not be responsible for any costs incurred by attendees. MISTI therefore recommends that clients purchase fully refundable air tickets and accommodation.

Incorrect mailing

Please accept our apologies for mail which is incorrectly addressed. Should you wish to amend the address/addressee details, please send or fax us a copy of the relevant mailing label (on the envelope or brochure) and we will update our records accordingly.

Copyright Euromoney Training 2014