Course Overview
This course covers the essential working practices and guidelines to help you protect your information and identity confidently.
Information Security is one of several business risks that management must address as part of its day-to-day responsibilities.
The simplest and most efficient solution to avoiding a major incident is incorporating information security into the day-to-day operations of the institution and making it part of the culture.
When it comes to information security, what you don't know can hurt you and your organization. Employees must understand what's at risk, how information is protected and what their institutions or agencies are doing to maintain regulatory compliance.
Target Audience
Information Security
Learning Objectives
- Use assigned privileges, to conduct authorized activities, Protect your access credentials, Change your password, as per InfoSec mandate, and adhere to the complexity requirement, Support maintenance of Information asset inventory (Digital and Physical), Classify and label the assets as per policy, Protect assets from unauthorized access
- Understand the importance of Information Security Awareness and Training programs in identifying and preventing breaches of information security, Understand and adhere to legislative statutory, regulatory, and contractual requirements as per Information Security standards available
- Understand and conform to the Performance Evaluation policy and associated controls, Review reported incidents and take suitable corrective & preventive measures, Encourage staff members to report incident, Create awareness among staff members based on lessons learnt from incidents and advise them on good and ethical security practices
- Understand and Conform to the Physical and Environmental Security policy and associated controls, Reducing the Financial Damages, Avoiding the Damage, Protect the information against external or internal threats, Classify the information according to its criticality to protect it against unauthorized modifications or disclosure,Restrict users to use unathorised devices in organization computers/laptops
- Define roles and responsibilities for granting and denying access and privileges, Authorize access & privilege requirements, Monitor access and usage of business information and applications, Define access review and revocation criteria/period, and ensure no unauthorized access is provided
- Applications that support service delivery, technology/Infrastructure (Server/Devices/Equipment) assets that run/host the application, Data/Information (physical & digital) being consumed, used, processed, stored, shared, delivered, and/or deleted, Persons/human-resources involved in the delivery of service and ownership of Information assets (softcopy & hardcopy), Ensure acceptable use of assets by end users
- Ensure that information assets are classified and labeled, Identify and enforce data retention requirements for digital & physical information, control/limit removable media access and shall take appropriate measures to secure data/information."
- Establish an Information Security (IS) Awareness and Training policy, Establish roles and responsibilities of providers and recipients of IS awareness and training activities, Identify information security compliance policies and demands
- Understand the importance of Non-Disclosure Agreements for an organization, Understand roles and responsibilities of mid-management in establishing and meeting the information security objectives
- Review reported incidents and take suitable corrective & preventive measures. Encourage staff members to report incident, Create awareness among staff members based on lessons learnt from incidents and advise them on good and ethical security practices, Ensure implementation of Physical and Environmental Security policy and associated controls
- Understand the importance of formal, documented Trainings and Awareness programs, Review/Approve policy and associated controls for conducting required regular trainings within the company, Encourage/support adaption of security culture, and mandate periodic security awareness & workshops
- Understand the function of Information Security Committee, Understand the role and contribution of the senior management in the establishment, implementation, maintenance and continual improvement of information security in the entity
- Understand role of senior management in establishing and reviewing the Risk Management activities, Understand the assessment of risk posture to decide on technology/service (consultancy) initiatives
- To counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption, Enable establishment of the business continuity policy and associated controls
- Review and guide the testing of Business Continuity Plans, Understand the necessary support, resources needed to sustain identified services/operations.
