Webinar EXIN Information Security 201302

23
Information Security training & certification that works! Webinar February 2013 Rita Pilon, Program Developer EXIN © EXIN
  • Upload

    exin
  • Category

    Career

  • view

    4.005
  • download

    1

description

Presentation with regard to EXIN's Information Security program based on ISO/IEC 27002

Transcript of Webinar EXIN Information Security 201302

Page 1: Webinar EXIN Information Security 201302

Information Security training & certification that works!Webinar February 2013Rita Pilon, Program Developer EXIN

© EXIN

Page 2: Webinar EXIN Information Security 201302

Content

1. EXIN’s philosophy on security

2. EXIN’s approach to security

3. Program Overview

4. Program benefits

5. Positioning

6. Supporting materials

7. Languages

8. Pricing

9. Where available?

04/12/20232

Page 3: Webinar EXIN Information Security 201302

04/12/20233

Security is about trust

• Information is most valuable asset• Relationship between IT & business is

changing (outsourcing, cloud computing, etc.)

• Complete dependency on information (suppliers)

• World wide use of mobile devices and global networks

• Complexity because of differences in international regulations and privacy rules

1. Philosophy

Page 4: Webinar EXIN Information Security 201302

04/12/20234

There’s no 100% security!

Cost Benefits

1. Philosophy

Page 5: Webinar EXIN Information Security 201302

Fill in the gap

04/12/20235

1. Philosophy

People are the weakest and the strongest link• Employees: awareness of value, risks and

measures• Managers: responsible for security aspects • Security professionals: integrity in their

work, career path

Page 6: Webinar EXIN Information Security 201302

04/12/20236

The process

Awareness

Implementation

Maintain

Evaluate

RISK ANALYSIS

SECURITY PLANNING

2. Approach

Page 7: Webinar EXIN Information Security 201302

04/12/20237

The need for EXIN’s Information Security certificate

1. Create awareness

2. Make a solid business case to get top management commitment (prevent incidents and reputation damage)

3. Motivate people to work on Information Security

4. Attention for management, organizational and process aspects

2. Approach

Page 8: Webinar EXIN Information Security 201302

04/12/20238

EXIN’s approach to security

• Start with people• Building a culture of awareness• Based on the international standard set of

ISO/IEC 27000 • Emphasizing practical learning

2. Approach

Page 9: Webinar EXIN Information Security 201302

04/12/20239 04/12/20239

2. Approach

Culture of awareness

Page 10: Webinar EXIN Information Security 201302

04/12/202310

• Code of practice for Information Security• 133 controls (counter measures)• The basics, learn what’s essential

2. Approach

ISO/IEC 27002

Page 11: Webinar EXIN Information Security 201302

04/12/202311

Practical learning

2. Approach

Page 12: Webinar EXIN Information Security 201302

04/12/202312

EXIN’s complete qualification

3. Program overview

Page 13: Webinar EXIN Information Security 201302

04/12/202313

Foundation

• Foundation training creates awareness and basic understanding of information protection and terminology

• Very practical (many examples)• No prerequisites• Training duration: 1-2 days (accreditation

voluntary but recommended)

• Every employee dealing with confidential information

• Starting security professional

3. Program overview

Page 14: Webinar EXIN Information Security 201302

04/12/202314

Advanced• Information security perspectives (Business, Customer,

Service provider/supplier)• Risk Management: Analysis, Controls, Remaining risks• Information security controls: Organizational, Technical,

Other.• Ideal add-on for ITIL® and other ITSM professionals• Prerequisite: F• Practical assignments mandatory• Training duration: 2-3 days (accreditation mandatory)

• Information Security Manager / Consultant

• Line manager• Process Manager• Project Manager

3. Program overview

Page 15: Webinar EXIN Information Security 201302

04/12/202315

Expert

• Establish an ISMS, Security policy, Risk analysis, Organizational change, Audit programs and ISO/IEC 27000 Certification

• Practical project paper & oral exam• Variable training duration (coaching &

classroom) • Prerequisites: F + A Level + 2 yrs experience

• Chief Information Security Officer• Security Manager• Information Security Lead Implementer• Business Information Security Architect

3. Program overview

Page 16: Webinar EXIN Information Security 201302

04/12/202316

Authorized Training Providers• Offer training to meet the growing demand for skilled and certified security

professionals

4. Program benefits

Organizations• Learn your employees how to deal with confidential information• Implementation of total security policy, focusing on people, next to tools and

processes• Work according to the ISO/IEC 27000 standard set• Anticipate legislation and regulations

Security Professionals• Meet the growing demand for skilled and certified security professionals• Know how to deal with security trends on mobile computing, cloud computing, etc.• Learn essentials of Information Security• Get acquainted with the ISO/IEC 27000 standard set• Offers complete career path

Page 17: Webinar EXIN Information Security 201302

Domains of EXINs Information Security program

04/12/202317

5. Positioning

• Access control• Architecture• Audits• Awareness• Business case• Business continuity• Business perspective• Classification• Cloud• Customer perspective• Employment cycle• Incident handling• Information governance• Information Security Management

System (ISMS)• Information security plan

• Legislation• Organization• Organizational change• Personal data• Physical, technical, organizational

measures• Policies and procedures• Reporting• Risk analysis• Roles and responsibilities• Service provider perspective• Standards• Suppliers• Threats• Value of information 

Page 18: Webinar EXIN Information Security 201302

04/12/202318

Management

People & organization

Processes

Technique

EXIN Other certifications

5. Positioning

Page 19: Webinar EXIN Information Security 201302

04/12/202319

6. Supporting materials

ISFS ISMAS ISMES

Preparation Guide Sample Exam Practical Assignments Basic Training Material

Workbook Case Study Candidate Guide

Page 20: Webinar EXIN Information Security 201302

04/12/202320

7. Languages

ISFS ISMAS ISMES

English English English

Dutch Dutch Dutch

Portuguese Portuguese

Japanese

Chinese

Spanish

French

Latin American Spanish

German

Page 21: Webinar EXIN Information Security 201302

04/12/202321

Price per level in Euros (2013)

• IS Foundation : 169,40• IS Management Advanced : 242,-• IS Management Expert : 544,50

8. Pricing

Page 22: Webinar EXIN Information Security 201302

04/12/202322

9. Where available?

ISFS ISMAS ISMES

Accredited Examination Centers worldwide

Open University (NL)

Prometric Pearson Vue EXIN Anywhere

Page 23: Webinar EXIN Information Security 201302

Thank you for your attentionThank you for your attention