NAC, ID 2.0 and Other Top Issues
May 14, 2008, Washington, D.C.
Register now at no charge.
MEMBER LOGIN: PASSWORD:
Log-in Questions? Forgot/Change Password
 
 
The CSI View
Conferences & Events
Awareness & Training
Membership
About CSI
 
 

How to Be an Effective Information Security Professional

If you already do the security job well, but want to become even more effective, this course is for you. Learn to develop the programs — physical, software, hardware and administrative — that will serve as foundation stones for your organization's information security effort. Help plan a path for appropriate security over time, given organizational imperatives and realistic constraints. Build the skills to develop these crucial programs, whether you're creating them from the ground up, or administering or improving programs already in place. In this participative workshop, we'll take a careful look at the key skills you will need to perform the crucial multi-disciplinary job of information security professional effectively, and show you how to acquire and enhance them. We'll emphasize the need for continuous learning in the security arena and in the business and technological aspects of your environment.

Day 1Day 2

ORGANIZATION OF THE FUNCTION — Start by identifying what real-life information security practitioners actually do. What are the key security responsibilities of an information security professional? Take a look at the function from the point of view of other organizational departments, and understand how other groups' perceptions of the security function affect your ability to get the job done. Learn the pros and cons of placing the security function at various organizational levels, and how organizational placement can increase — or hinder — effectiveness.

REQUIRED SKILLS — Learn which skills are most necessary and valuable for a practitioner in this field and how you can develop them. Identify sources of information to help build those skills, and evaluate the long-range career opportunities. Learn why this position emphasizes managerial, rather than technical skills, and how effectively written communication can make or break the security program. We'll also cover specialized terminology you should know for systems and network security, contingency planning and encryption.

STAFFING THE FUNCTION — One of your major challenges is finding qualified, motivated people. We'll analyze the advantages and disadvantages of different backgrounds for the IS security job and cite some successes and failures in bringing people into this discipline. Investigate what security tasks can reasonably be outsourced for your organization.

RESPONSIBILITIES — Compare the steps that different organizations have taken in building their security programs. Learn which steps from which methods would work for you. Find out why appropriate, well-crafted policies, standards and procedures build the foundation for an entire security program and why security awareness is such a vital element. Learn the components of a risk analysis and the difference between a qualitative and a quantitative risk assessment. Identify the three components of computer viruses; how they work and what you can do to protect your organization. Determine whether the information classification scheme in use at your shop is realistic, and discuss the renewed emphasis on physical security. Examine the three phases of activity for a business continuity plan and learn effective ways of building and testing a plan including critical parts of the client/server environment.

MANAGING SECURITY — Learn strategies for managing data security successfully, how to obtain support and commitment from all levels of the organization. Select strategies for goal setting and determining priorities that will support the mission of your organization. Investigate ways to measure your progress, pitfalls associated with the information systems security function and how to avoid them; and keys to the effectiveness of your program and your performance as a security professional.
You Will Learn How To:
  • Identify key projects to implement in order to "raise the bar"
  • Develop and fine-tune a security policy statement
  • Raise the level of security awareness throughout your organization
  • Interface more effectively with internal groups whose support and commitment you need
  • Deliver on planned objectives, building your credibility and track record
You Will Leave With:
  • An appreciation of how your strengths in security fit your organization's needs
  • An understanding of areas you must emphasize to be even more effective in the security profession
  • A list of pitfalls to avoid
  • Techniques to cope when you don't avoid the pitfalls

 
 
HOME   ABOUT   CONTACT US   Privacy Statement   Copyright © CMP Media LLC