 |
|
|
|
|
|
|
|
|
|
|
The objective of this course is to provide delegates with the necessary skills to implement a corporate Information Security Management System (ISMS) framework that is compliant with the requirements of ISO 27002, UK Data Protection Act, EU Directive on Privacy, HIPAA Security, FFIEC, GLB Act, Sarbanes-Oxley Act (Security), FACT Act, PCI Data Security, California SB-1386, OSFI, PIPEDA, PIPA, Canadian Bill C-198 and meets certification requirements of ISO 27001. |
|
|
|
|
|
The course is designed for people who have a reasonable awareness of Information security management. |
|
|
 History of ISO 17799 / BS 7799 / ISO 27000 series. |
|
|
Comparison of ISO 17799:2000 and ISO 27002:2005 |
|
|
ISO 27001 certification requirements. |
|
|
Determination of scope. |
|
|
Identification of information assets. |
|
|
Determination of the value of information assets. |
|
|
Determination of risk. |
|
|
Determination of policy(ies) and the degree of assurance required from controls. |
|
|
Identification of control objective and controls. |
|
|
Definition of polices, standards and procedures to implement the controls. |
|
|
Production and implementation of policies, standards and procedures. |
|
|
Completion of ISMS documentation requirements. |
|
|
Establishment of Management Framework and Security Forum. |
|
|
Audit and review of ISMS. |
|
|
Case Studies. |
|
|
|
|
|
|
|
|
|
The objective of this course is to provide delegates with the necessary skills to implement an Information Security Program at a federal, state or local government agency that is compliant with the requirements of the Clinger-Cohen Act of 1996, the Federal Information Security Management Act (FISMA) of 2002, Office of Management and Budget (OMB) Circular A-130, and the National Institute of Standards and Technology (NIST). |
|
|
|
|
|
The course is designed for people who have a reasonable awareness of Information Technology Controls, including. |
|
|
Clinger-Cohen Act of 1996 |
|
|
FISMA (Federal Information Security Management Act) |
|
|
Office of Management and Budget (OMB) Circular A-130, (Management of Federal Information Resources). |
|
|
FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) |
|
|
FIPS 200 (Minimum Security Requirements for Federal Information and Information Systems) |
|
|
NIST SP800-30 (Risk Management Guide for Information Technology Systems) |
|
|
NIST SP800-37 (Guide for the Security Certification and Accreditation of Federal Information Systems) |
|
|
NIST SP800-34 (Contingency Planning Guide for Information Technology Systems) |
|
|
NIST SP800-53 (Recommended Security Controls for Federal Information Systems) |
|
|
NIST SP 800-53A (Guide for Assessing the Security Controls in Federal Information Systems) |
|
|
NIST SP800-100 (Information Security Handbook: A Guide for Managers) |
|
|
Privacy Act/Privacy Impact Analysis |
|
|
DITSCAP/NIACAP Process (Department of Defense Technology Security Certification & |
|
|
Accreditation Process/National Information Assurance Certification and Accreditation Process) |
|
|
DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) |
|
|
NIST SP 800-53 VS. ISO/IEC 27002:2005 MAPPING |
|
|
Case Studies: C&A, POA&M Creation and Management, Information Security Program implementation and Leadership Styles in Information Security Implementation |
|
|
