Course Outline
Module 1 – Information Security Governance
- Principles of information security governance
- Alignment of security strategy with business objectives
- Roles and responsibilities of security management
- Security policies, standards, and procedures
- Legal, regulatory, and compliance requirements
Module 2 – Risk Management
- Risk management frameworks and methodologies
- Risk identification, assessment, and analysis
- Qualitative vs quantitative risk analysis
- Risk treatment options (mitigate, transfer, accept, avoid)
- Risk appetite and tolerance
Module 3 – Information Security Program Development
- Building an information security program
- Security program lifecycle
- Budgeting and resource planning
- Metrics and key performance indicators (KPIs)
- Continuous improvement of security programs
Module 4 – Asset Management and Data Classification
- Information asset identification
- Data classification models
- Data ownership and custodianship
- Information lifecycle management
- Data handling and retention requirements
Module 5 – Security Architecture and Controls
- Information asset identification
- Data classification models
- Data ownership and custodianship
- Information lifecycle management
- Data handling and retention requirements
Module 5 – Security Architecture and Controls
- Security architecture concepts
- Defense-in-depth strategy
- Administrative, technical, and physical controls
- Network, application, and endpoint security
- Cloud and virtualization security fundamentals
Module 6 – Identity and Access Management (IAM)
- Authentication and authorization models
- Role-based and attribute-based access control
- Privileged access management (PAM)
- Identity lifecycle management
- Single sign-on (SSO) and federation
Module 7 – Security Operations and Incident Management
- Security monitoring and logging
- Incident response lifecycle
- Threat detection and analysis
- Digital forensics fundamentals
- Security operations center (SOC) function
Module 8 – Business Continuity and Disaster Recovery
- Business impact analysis (BIA)
- Business continuity planning (BCP)
- Disaster recovery strategies
- Backup and recovery mechanisms
- Crisis management and communication
Module 9 – Vendor, Third-Party, and Cloud Risk Management
- Third-party risk assessment
- Contractual and SLA security requirements
- Cloud shared responsibility model
- Supply chain security risks
- Ongoing vendor monitoring
Module 10 – Security Compliance, Audit, and Assurance
- Security audits and assessments
- Compliance frameworks
- Internal and external audit coordination
- Security reporting to management
- Continuous compliance monitoring
