ITIBA

Information security manager training (internal IT security auditor)

Internal IT security auditor training
Form of participation
Form of training
Length of training
  • 4 day (4×8 Lessons)
  • daily 9:00 - 17:00
Available languages
  • Hungarian
Dates

Training price

359 000 Ft
+ VAT/person
Please choose the date and form of participation!
Would you like a custom made solution, group training on this topic?
Find out more about our customised training services here.

Description

The aim of the training is to train professionals who are able to carry out management and contributory tasks related to information protection in their organisations. The training is aimed at managers of corporate governance systems (IT, quality, security managers), IT and security specialists, staff responsible for information protection, its implementation and subsequent auditing. The training does not prepare for external, formal auditing activities, and its completion does not entitle the holder to an external audit.

The course consists of two parts: the first part is technological/cybersecurity, during which we will provide a comprehensive and basic overview of the technical and technological implementations of IT security and information security, which are important and may be necessary for the planning and implementation of IT security from a strategic, quality assurance and process management perspective. Examples are: threats, data protection solutions, encryption, intrusion protection, virus protection, internet and network protection solutions, backup, redundancy.

In the second, larger part, participants will be introduced to the principles of information security management and the practical implementation of these principles through concrete implementation steps and examples. We will not only show how important it is, for example, to have a close relationship between the human resources department and the IT systems management team, but we will also show, based on our experience, what concrete steps can be taken to create and improve this relationship. Students will acquire a process-oriented mindset, which will help them to place the information security process within the operational processes of their company; they will not be left to do this difficult work on their own. To do this work, project management and project organisation skills will be imparted.

We will show how and in what way company processes can be integrated into a whole, so that the company:

  • define its values and information assets
  • define its information security objectives
  • define its information assets, its information security goals, its information security assets, its information security objectives, and its information security objectives
  • will have transparent and clear processes in place
  • will assess IT and information protection in the light of its location and its importance
  • be able to carry out an internal audit of its information protection system, if necessary.

On the last day of the training, participants will be able to take a final exam set by the instructor and upon successful completion, an Information Security Manager Final Exam Certificate will be issued by Training360 (the training will otherwise end with a certificate). The fee for this exam is included in the course fee.

Suggested For

The training is recommended for managers, professionals, quality assurance experts responsible for the management and development of information security within the organisation, as well as for the implementation of information security organisational processes, NIS2 tasks. After the training, participants will be able to perform basic information security tasks, supply organisational measures, manage projects, conduct internal audits and cooperate with external security experts and auditors.

Outline

  • Protecting information: principles, concepts, possible attacks and their characteristics; virus and spyware management; protecting internet applications, browsers; the concept of social engineering; general security policies (privileges, risks, documentation)
  • Technology overview and summary: encryption, authentication, email protection, user and role-based security, access and identification solutions, network protection, IDS systems, internet protection, business continuity (backup, redundancy)
  • Basics of information security (what, why, how to protect); defining the value of information and the need to protect it; defining the level of trustworthiness of information
  • Identifying threats and risks, IT risk management basics
  • Information protection processes: identifying and modelling processes; identifying critical processes
  • IT security standards and regulations basics, comparison with other systems (ISO 9001, ISO/IEC 27001, COBIT®, IT service management standards and guidelines, recommendations' requirements); integrability of corporate management systems and information security systems
  • Organisational design of information security: design of security policies, design of security organisation
  • Operating the information security system: defining physical security measures, taking technical measures, taking organisational measures
  • Compliance: identification of legal background; identification of internal policies, requirements
  • Auditing process, compliance assessment: audit methodologies (COBIT®, ISO), audit conduct basics
  • Audit closure, documentation, evaluation; further action to be taken
Outline (PDF)

Prerequisites

General information technology, network and security basics. Previous management experience and knowledge of quality management an advantage. Completion or knowledge of ITRISK course is useful.