1. Security Governance • Principles
• Different Views of InfoSec Management
• Introduction to Information Security Governance 2. Law, Regulations and Standards • Information Security and Privacy Laws
• Local Regulations
• International Regulations
• Information Security Standards
• Applicable Laws and Regulations
• Industry and International Standards
• The Need for Compliance
• Risks and Solutions 3. ISO Framework • The InfoSec Program Framework according to ISO/IEC 27001
• Establishing and Managing the ISMS
• Control Objectives and Controls 4. Security Architecture • Introduction
• SABSA Matrix 5. Security Policy and Procedures • The Need for a Corporate Wide InfoSec Policy
• Creating a Policy Paper
• Management Support |
|
6. Standards and Evaluation Criteria • Trusted Computers (TCSEC)
• Common criteria 7. Legal and Regulatory Aspects of Electronic Commerce • Federal Trade Commission (FTC)
• Privacy
• CAN-SPAM Act of 2003
• Ryan Haight Online Pharmacy Consumer Protection Act of 2008
• E-government
• E-business
• Electronic money
• Internet Economy 8. Privacy in the Digital Age • Following your footprint
• The Digital Dossier and Behavioral Targeting
• Do We Give A Damn?
• Regulators in the Cookie Jar
• Privacy’s Next Frontier
• RFID Technology and The Privacy Debate
• What It Means 9. Security Audit and Audit Controls • Introduction
• Audit Practices and Activities
• Auditors
• Aftermath and Follow-Up
• Create your own Security Audits |
