קורס ניהול יחידת אבטחת מידע

הקורס כלול גם במסלול "מנהלי ומהנדסי אבטחת מידע CISO"

היקף התוכנית:

המסלול כולל 60 שעות כיתה וכן כ- 120 שעות שיעורי בית.

מטרת התוכנית:

הכשרת מנהלי רשתות ומיישמי אבטחת מידע לתפקידי תכנון אבטחה.

קהל יעד:

קורס זה מיועד לבעלי רקע בסביבת אבטחת מידע.

תמצית תוכנית הלימודים:

1.      CISO Role

•          History of ISO
•          “C” in Organizations
•          CISO Role
•          Challenges

2.      Decision Making Under Uncertainty

•          Decision Making
•          Business Transparency
•          Working Blindfolded
•          Management POV
•          The “Road” Strategy

3.      Organizational Management

•          Organizational Chart
•          CISO Function 5 Paradigms
•          Information Security Matrix

4.      IT Project Management (2 sessions)

•          Requirements Identification
•          Management Sponsorship
•          Project Initiation
•          Team and Resource Management
•          Budgeting
•          Project Process Management
•          Fade Out
•          Summary and Quality Assurance

5.      IT Risk Management

•          ISO 27005 Framework
•          IT Risk analysis
•          IT Risk Identification
•          IT Risk Estimation
•          IT Risk Evaluation

6.      Information Security Risk Analysis

•          Asset Identifying and Classification
•          Asset Management
•          Vulnerability and Threat Recognition
•          Microsoft MSAT
•          Scoping the Survey
•          Qualitative and Quantitative Risk assessment
•          Reporting

7.      Information Security Risk Management (2 sessions) - Plan, Build, Run

•          Introduction to security operation
•          TVM process
•          vulnerability assessment
•          Security configuration management
•          patch management
•          Communication and awareness
•          Penetration Testing

8.      Business Continuity Management

•          Corporate Continuity
•          Corporate Crisis Management
•          Corporate Systems
•          Corporate Facilities
•          Corporate People

9.      Disaster Recovery

•          Information Technology (IT)
•          Identification of risks
•          Identification of critical IT
•          Recovery
•          Providers
•          Network resilience
•          IT resilience
•          Data
•          Security
•          Site
•          Alternate site
•          Review, audit and changes
•          Testing
•          Telephony
•          Recovery
•          Site
•          Testing

10.  Incident Response

•          Selecting team members
•          Define roles, responsibilities and lines of authority
•          Define a security incident
•          Define a reportable incident
•          Training
•          Detection
•          Classification
•          Escalation
•          Containment
•          Eradication
•          Documentation

11.  Computer Crime and Forensics

•          Federal and Criminal Law
•          Computer Crime Investigation (Security case investigation)
•          Security event management
•          Evidence
•          Forensics
•          PC Examination Checklist

12.  Measuring Security

•          Security measurements and Metrics
•          Incident Management
•          Vulnerability Management
•          Patch Management
•          Application Security
•          Configuration Management
•          Financial Metrics
•          Future Functions

13.  Organizational Security Program

•          Putting it all together
•          Management Sponsorship
•          An Outsider POV
•          From Theory to Real Life
•          Testing the Program
•          Business Wide implementation

14.  Summary & Test