HOME | SERVICES | ABOUT US | CONTACT

Information Security Training courses

Fitzgerald InfoSec provides training courses on the following subjects:

1. Business Continuity - covering Emergency, Crisis, ICT Disaster Recovery, and Busines Recovery plus associated topics

2. Risk Management - encompassing Risk Analysis and Risk Mitigation plus creating a Risk and Mitigation Management Register

3. Human Aspects of Information Security - focusing on the contribution that improvements to the employment cycle will make to security effectiveness

4. Physical Security - reviews and recommendations

5. Security Policies - discussions and reviews of the latest Information Security policy AS/NZS ISO/IEC 27001:2006

Click here to contact Fitzgerald InfoSec for the latest dates, times, venues, and course fees (Fitzgerald InfoSec is also prepared to conduct in-house programs as well)

1. Business Continuity
  • Introduction and scope
  • Early responder support information
  • Emergency Procedures
  • Crisis Management
  • Business Recovery Management (including BRM Policy and Standards )
    • Business Impact analysis
    • Site Hardening
    • Contingency Strategies
    • Detailed Recovery Plans
    • Training, Test, and Maintenance
  • ICT Disaster Recovery Management (including DRM Policy and Standards )
    • Recovery time Objectives
    • Recovery Point Objectives
    • Contingency Strategies
    • Detailed Recovery Plans
    • Training, Test, and Maintenance
  • Recovery Command & Control Management
  • Business Restoration
  • Practical Training Exercise

2. Risk Management
  • Introduction and scope
  • Defining your security exposure profile
  • What is risk exposure?
  • Creating and using the Threat/Asset Matrix
    • Developing the risk exposure profiles
    • Developing a Risk Exposure Scatter Diagram
    • Applying the Mitigation options
    • Developing the Mitigation controls
  • Mitigation Management
  • Risk Management using the Risk and Mitigation Management Register
  • Exercise – Conducting a Risk Analysis and developing a Risk and Mitigation Register

3. Human Aspects of Information Security
  • Introduction and scope
    • Creating a security conscious corporate culture
  • Human aspects v technical aspects
    • The roles of trust, deception, anger, bad habits, addictions, ignorance, opportunity, morale, carelessness
    • Clinical technology solutions alone can create a false sense of security and/or a challenge, often reactive and do not treat the root cause of the exposure
    • Both human and technical solutions are needed
  • Traditional human exposures
    • Fraud, collusion, theft, hacking, damage, misuse, carelessness,
    • Social engineering, break-ins, burglaries, con-men, protestors
  • Emerging human exposures
    • Information theft, malware, Internet shopping and personal email at work
    • Spam, external fraud
  • Generalised human risk exposure profiles
    • Risk analysis
  • Risk exposure mitigations
    • Policy, training, CPTED, teaming, role models, social behavior
    • Managing staff through the staffing lifecycle
  • Workshop exercise
  • HAIS Health Check
  • Lessons learned

4. Physical Security
  • Detailed on-site inspection
    • Overview of the Physical Environment
    • Building Layout
    • Locale, Neighbourhood and Buildings
    • Physical Access prevention, detection, alarm, maintenance, and testing
    • Prevention, detection, alarm, maintenance, and testing of:
      • Fire;
      • Water;
      • Power;
      • Air Conditioning; and
      • Communication infrastructures
    • Denial of Access
      • Physical
      • Logical
  • Creation of a Physical Asset Exposure Profile
    • All security exposures are ranked in order of priority after considering potential impacts
  • Development of Mitigation Strategies and agreed solutions
  • Creation of a Physical Security Exposure and Mitigation Register
  • Workshop exercise
  • Lessons learned

5. Security Policies
  • The focus of Information Security must be defined as encompassing information confidentiality, integrity, and availability protected from physical, logical, and personal based threats.
  • AS/NZS ISO/IEC 27001:2006 (replacing AS/NZS 7799.2:2003 and BS 7799.2:2002) is the current internationally accepted standard based upon:
    • Establishing an Information Security Management framework including the conduct of a Risk Assessment and selection of Control Objectives;
    • Implementation of the control objectives
    • Establishment of the detailed controls within an Information Security Policy, standards, and Procedures Manual
  • To create an Information Security Policy, Standards, and Procedures manual which both complies to these standards and is suited to the organisation requires the following:
    • Conduct of a Risk Assessment if not already current to assist in establishing the scope and objectives of Information Security;
    • Establishment of or review of the Information Security Management system;
    • Creation of a suitable Information Security Policy;
    • Creation of suitable Information Security Standards and Procedures encompassing:
      • Security organization and infrastructure applicable to both internal and external parties where appropriate and including Information Security Awareness training;
      • Asset classification and control;
      • Personnel security;
      • Physical and environmental security;
      • Communications and operations management;
      • Access control;
      • Systems development and maintenance;
      • Compliance; and
      • Business Continuity.
  • Workshop exercise
  • Lessons learned

Click here to contact Fitzgerald InfoSec for the latest dates, times and course fees

 

^ Return to top