HOME | SERVICES | ABOUT US | CONTACT

Information Security Training courses

Fitzgerald InfoSec provides training courses on the following subjects:

1. Business Continuity - covering Emergency, Crisis, ICT Disaster Recovery, and Busines Recovery plus associated topics

2. Risk Management - encompassing Risk Analysis and Risk Mitigation plus creating a Risk and Mitigation Management Register

3. Human Aspects of Information Security - focusing on the contribution that improvements to the employment cycle will make to security effectiveness

4. Physical Security - reviews and recommendations

5. Security Policies - discussions and reviews of the latest Information Security policy AS/NZS ISO/IEC 27001:2006

Fitzgerald InfoSec also provides private mentoring services to individuals requiring support in careers in Information Security. Call for a confidential discussion on how we can assist you to fast track your performance.

Click here to contact Fitzgerald InfoSec for the latest dates, times, venues, and course fees (Fitzgerald InfoSec is also prepared to conduct in-house programs as well)

1. Business Continuity
  • Introduction and scope
  • Early responder support information
  • Emergency Procedures
  • Crisis Management
  • Business Recovery Management (including BRM Policy and Standards )
    • Business Impact analysis
    • Site Hardening
    • Contingency Strategies
    • Detailed Recovery Plans
    • Training, Test, and Maintenance
  • ICT Disaster Recovery Management (including DRM Policy and Standards )
    • Recovery time Objectives
    • Recovery Point Objectives
    • Contingency Strategies
    • Detailed Recovery Plans
    • Training, Test, and Maintenance
  • Recovery Command & Control Management
  • Business Restoration
  • Practical Training Exercise

2. Risk Management
  • Introduction and scope
  • Defining your security exposure profile
  • What is risk exposure?
  • Creating and using the Threat/Asset Matrix
    • Developing the risk exposure profiles
    • Developing a Risk Exposure Scatter Diagram
    • Applying the Mitigation options
    • Developing the Mitigation controls
  • Mitigation Management
  • Risk Management using the Risk and Mitigation Management Register
  • Exercise – Conducting a Risk Analysis and developing a Risk and Mitigation Register

3. Human Aspects of Information Security
  • Introduction and scope
    • Creating a security conscious corporate culture
  • Human aspects v technical aspects
    • The roles of trust, deception, anger, bad habits, addictions, ignorance, opportunity, morale, carelessness
    • Clinical technology solutions alone can create a false sense of security and/or a challenge, often reactive and do not treat the root cause of the exposure
    • Both human and technical solutions are needed
  • Traditional human exposures
    • Fraud, collusion, theft, hacking, damage, misuse, carelessness,
    • Social engineering, break-ins, burglaries, con-men, protestors
  • Emerging human exposures
    • Information theft, malware, Internet shopping and personal email at work
    • Spam, external fraud
  • Generalised human risk exposure profiles
    • Risk analysis
  • Risk exposure mitigations
    • Policy, training, CPTED, teaming, role models, social behavior
    • Managing staff through the staffing lifecycle
  • Workshop exercise
  • HAIS Health Check
  • Lessons learned

4. Physical Security
  • Detailed on-site inspection
    • Overview of the Physical Environment
    • Building Layout
    • Locale, Neighbourhood and Buildings
    • Physical Access prevention, detection, alarm, maintenance, and testing
    • Prevention, detection, alarm, maintenance, and testing of:
      • Fire;
      • Water;
      • Power;
      • Air Conditioning; and
      • Communication infrastructures
    • Denial of Access
      • Physical
      • Logical
  • Creation of a Physical Asset Exposure Profile
    • All security exposures are ranked in order of priority after considering potential impacts
  • Development of Mitigation Strategies and agreed solutions
  • Creation of a Physical Security Exposure and Mitigation Register
  • Workshop exercise
  • Lessons learned

5. Security Policies
  • The focus of Information Security must be defined as encompassing information confidentiality, integrity, and availability protected from physical, logical, and personal based threats.
  • AS/NZS ISO/IEC 27001:2006 (replacing AS/NZS 7799.2:2003 and BS 7799.2:2002) is the current internationally accepted standard based upon:
    • Establishing an Information Security Management framework including the conduct of a Risk Assessment and selection of Control Objectives;
    • Implementation of the control objectives
    • Establishment of the detailed controls within an Information Security Policy, standards, and Procedures Manual
  • To create an Information Security Policy, Standards, and Procedures manual which both complies to these standards and is suited to the organisation requires the following:
    • Conduct of a Risk Assessment if not already current to assist in establishing the scope and objectives of Information Security;
    • Establishment of or review of the Information Security Management system;
    • Creation of a suitable Information Security Policy;
    • Creation of suitable Information Security Standards and Procedures encompassing:
      • Security organization and infrastructure applicable to both internal and external parties where appropriate and including Information Security Awareness training;
      • Asset classification and control;
      • Personnel security;
      • Physical and environmental security;
      • Communications and operations management;
      • Access control;
      • Systems development and maintenance;
      • Compliance; and
      • Business Continuity.
  • Workshop exercise
  • Lessons learned

Click here to contact Fitzgerald InfoSec for the latest dates, times and course fees

 

^ Return to top