COURSE OUTLINE
INFORMATION SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT
- Establish and maintain the information security program in alignment with the information security strategy.
- Ensure alignment between the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to support integration with business processes.
- Identify, acquire, manage and define requirements for internal and external resources to execute the information security program.
- Establish and maintain information security architectures (people, process, technology) to execute the information security program.
- Establish, communicate and maintain organizational information security standards, procedures, guidelines and other documentation to support and guide compliance with information security policies.
- Establish and maintain a program for information security awareness and training to promote a secure environment and an effective security culture.
- Integrate information security requirements into organizational processes (for example, change control, mergers and acquisitions, development, business continuity, disaster recovery) to maintain the organization’s security baseline.
- Integrate information security requirements into contracts and activities of third parties (for example, joint ventures, outsourced providers, business partners, customers) to maintain the organization’s security baseline.
- Establish, monitor and periodically report program management and operational metrics to evaluate the effectiveness and efficiency of the information security program.
