Library

Course: Constructs of Information Security Management System

Constructs of Information Security Management System

  • Life Time Access
  • Certificate on Completion
  • Access on Android and iOS App
About this Course

Cyber threats are one of the most clear and present danger looming over organisation in the current digital world. Cyber security is an area where technology, people, process and control work together hand-in-gloves to thwart any information leak and hence saving organisation from financial and reputational loss. Information security is fundamental to cyber security as it prepares the organisation to defend the breach of information assets. Any organisation’s cyber security programs is a combination of security of IT and telecom infrastructure, application, data and people. This is the data, also called as Information, that is vital for organisation’s survival. Hence, Information security management is of fundamental importance in any cyber security initiative adopted my organisations. 

In the new age of digital economy, organisations are struggling to protect their digital asset also called as Information. The Information security management system a.k.a ISMS is one of the framework for organisations to adopt to become proactive to the internal as well as external threat to information security. The risk of information security breach is far-fetched than the old days phenomenon. These RISKs are not only monetary but also brand image, collapse of a business, property damage etc.

The five axes of digital technology viz. Social, Mobility, Analytics, Cloud and Internet of Everything(IOE) are disrupting the conventional method of doing business. Not adopting these technologies is questioning the basic survivability of organisation. As these technologies are getting adopted, the threat surface for information security breach has multiplied many folds. However, only technology does not lead to a super cyber defense mechanism. As high as, 90% of the information security breach has been attributed to employee or partners and their awareness of information security.

Hence, a good information security management system does not have technology as the only facet, but it has people, process, policy and guidelines as the governing principles with ever evolving strategy tuned to the emerging threat vectors in cyber world.

As a matter of fact, a new employee is required to sign information security non-disclosure and compliance document when they join an organisation. But is that effective? Do organisations see the informal chit-chat among employee a threat? Why can’t they create a work culture where information security become a habit of employees like the personal and family security engrained in their habits.

This course is all about understanding the components of information security management systems. It will bring clarity to technical person about the importance of people, process, policy and controls that governs the information security management in an organisation. This is a must course for all seeking a corporate career and being a good corporate citizen. Also, this is the first step for seeking a career in information security management with a gradual rise to the top position in Information security domain in corporate also called as Chief Information Security Officer(CISO).

This course dissects the information security myth from enterprise architect's point of view with the course name titled ‘Constructs of Information Security Management System’. It systematically builds from information to information security to all elements of ISMS starting with fundamental of information characteristics also called as Confidentiality, Integrity, Availability(CIA). As you know information security is the major building block toward a step toward cyber security, learning ISMS basics is a must for all. 

As a bonus lecture, three lectures has been add for the professionals who wants to understand the Enterprise Security Architecture from a technology deployment perspective. This will help the working professional to decide which all technology elements to be implemented in order to secure the enterprise information and be ready to response to a cyber attack. The Chief Enterprise Security Officer (CISO) will have a refresher on technology elements.

Basic knowledge
  • The course requires students to know a brief about digital world like PC, internet and an appreciation of 'Business'.The students should have basic idea of hacking and impacts on organisation. You should appreciate the management aspect of cyber security
What you will learn
  • At the end of course, Students will start believing in policy, process and control aspects of information security management system and they will change their attitude toward cyber security casual to serious. An employed or aspiring to be employed person will change their attitude and will appreciate organisation's information security policy.The students will be able to clearly understand the Confidentiality, Availability and Integrity aspect of Information asset.The information security professions will clearly understand the meaning of Vulnerability, RISK, Policy, Process, Control, guidelines with ample example. Know the Information security standards and frameworks.This course will guide in implementing all elements of Information security management system.The existing cyber security professional will be able to understand and implement enterprise security architecture elements with context to business.
Curriculum
Lectures quantity: 17
Common duration: 02:02:07
Introduction to ISMS
  • Introduction  

    This section provides a brief on topics, you will learn in this course

Setting the context
  • What is Information?  

    This lecture sets the definition of information as an asset.

  • Challenges of Information  
  • Factors of Production  

    In this lecture , you will understand the basic setup of a company and what are the resources that establishes the company. Information is one of the resource aka factor of production.

  • What is Security and Risk  

    Clearly understand the difference between security and RISK

Information security
  • What is Information security?  

    In this lecture, you will understand the information security concepts.

Information Risk Management
  • What is Information Risk Management  

    Information risk management aka IRM has been explained in this lecture.

Information Asset Classification
  • Asset and It's type: Classification of Documents  
Threat, Vulnerability and Control
  • Threat, Vulnerability, Risk and Counter Measures  
  • Controls: Category and Types  
Information Security Governance
  • What is Information security governance?  
Summary: Information Security Management System
  • ISMS,Why Develop, Business and Organisation Objectives  
  • Company Business is the Key  
  • Various Standards  
Information Security program is a Combination of People,Process and Technology
  • Enterprize security architecture  

    A holistic view of enterprize security architecture and its components

  • Identity and Access Management  

    Identity is the new perimeter for modern digital enterprize

  • Security Intelligence and Event management  

    Security Operation centre is the key to managing the information security of any enterprize.

Reviews (0)