Getting the balance right

One Day 'Introduction to Information Security' Training Course

This one day introductory course provides essential guidance on how organisations can most effectively improve their information security. Based on best practice principles (as defined by ISO 27001 the International Standard for Information Security Management and ISO 27002, the Code of Practice) this course provides an introduction for staff intending to develop, implement and measure effective information security.

Who is this course suitable for?

This ‘Introduction to Information Security’ course is aimed at individuals who are looking to develop a good understanding of information security and practical ways in which information can be better protected within their organisation.

What are the pre requisites for attending this course?

There are no pre requisites for attending this course apart from a desire to learn the fundamentals of information security

The course will cover:

• What is information security and why is it important?
  • Confidentiality, integrity and availability (3 pillars of information security)
  • Essential language and terminology
  • What are the business drivers
• The importance of security standards and ISO 27001 in particular
  • Purpose of ISO 27001 and ISO 27002
  • Plan-Do-Check-Act model of continuous improvement
• The core requirements of an information security management system (ISMS)
  • From first steps, building to a mature system
• Identifying assets and assessing risks
  • What are information assets
  • Risk assessments taking into account threats, vulnerabilities and controls. Evaluating impacts and likelihood
• Key security controls and how to select and implement them
  • How to select appropriate controls
  • Deciding how and where to implement controls
• Auditing information security
  • What to audit and how
  • Deciding what is acceptable

Course format

The course is a combination of PowerPoint presentations and practical exercises. The focus is on providing an informal and interactive environment conducive to learning. There will be opportunities for delegates to have one to one access to URM’s trainer/consultants to discuss any specific or sensitive issues.

Why URM?

All of URM’s trainers are very experienced practising information security consultants who have a wealth of experience to call upon having worked with small and large organisations as well as organisations from all industry sectors, including public and private. URM has achieved certification to the ISO 27001 Standard itself and its consultants have assisted over 40 organisations to achieve and maintain certification with the Standard in the last three years. As such, all of URM’s trainers are able to impart practical and real world knowledge based on good practice principles.

• Training Introduction
• ISEB Accredited Courses
• Awareness & Implementation
  • 1 day Introduction to Information Security
  • 2 day ISO 27001 Implementation Course
  • 2 day BS 25999 Implementation Course
  • 1 day Essentials of Business Continuity Management
  • 1 day Compliance with Data Protection Act course
  • 1 day Introduction to Information Risk Management course
• Auditing Courses
• Training Schedule