Webinar EXIN Information Security 201302
description
Transcript of Webinar EXIN Information Security 201302
Information Security training & certification that works!Webinar February 2013Rita Pilon, Program Developer EXIN
© EXIN
Content
1. EXIN’s philosophy on security
2. EXIN’s approach to security
3. Program Overview
4. Program benefits
5. Positioning
6. Supporting materials
7. Languages
8. Pricing
9. Where available?
04/12/20232
04/12/20233
Security is about trust
• Information is most valuable asset• Relationship between IT & business is
changing (outsourcing, cloud computing, etc.)
• Complete dependency on information (suppliers)
• World wide use of mobile devices and global networks
• Complexity because of differences in international regulations and privacy rules
1. Philosophy
04/12/20234
There’s no 100% security!
Cost Benefits
1. Philosophy
Fill in the gap
04/12/20235
1. Philosophy
People are the weakest and the strongest link• Employees: awareness of value, risks and
measures• Managers: responsible for security aspects • Security professionals: integrity in their
work, career path
04/12/20236
The process
Awareness
Implementation
Maintain
Evaluate
RISK ANALYSIS
SECURITY PLANNING
2. Approach
04/12/20237
The need for EXIN’s Information Security certificate
1. Create awareness
2. Make a solid business case to get top management commitment (prevent incidents and reputation damage)
3. Motivate people to work on Information Security
4. Attention for management, organizational and process aspects
2. Approach
04/12/20238
EXIN’s approach to security
• Start with people• Building a culture of awareness• Based on the international standard set of
ISO/IEC 27000 • Emphasizing practical learning
2. Approach
04/12/20239 04/12/20239
2. Approach
Culture of awareness
04/12/202310
• Code of practice for Information Security• 133 controls (counter measures)• The basics, learn what’s essential
2. Approach
ISO/IEC 27002
04/12/202311
Practical learning
2. Approach
04/12/202312
EXIN’s complete qualification
3. Program overview
04/12/202313
Foundation
• Foundation training creates awareness and basic understanding of information protection and terminology
• Very practical (many examples)• No prerequisites• Training duration: 1-2 days (accreditation
voluntary but recommended)
• Every employee dealing with confidential information
• Starting security professional
3. Program overview
04/12/202314
Advanced• Information security perspectives (Business, Customer,
Service provider/supplier)• Risk Management: Analysis, Controls, Remaining risks• Information security controls: Organizational, Technical,
Other.• Ideal add-on for ITIL® and other ITSM professionals• Prerequisite: F• Practical assignments mandatory• Training duration: 2-3 days (accreditation mandatory)
• Information Security Manager / Consultant
• Line manager• Process Manager• Project Manager
3. Program overview
04/12/202315
Expert
• Establish an ISMS, Security policy, Risk analysis, Organizational change, Audit programs and ISO/IEC 27000 Certification
• Practical project paper & oral exam• Variable training duration (coaching &
classroom) • Prerequisites: F + A Level + 2 yrs experience
• Chief Information Security Officer• Security Manager• Information Security Lead Implementer• Business Information Security Architect
3. Program overview
04/12/202316
Authorized Training Providers• Offer training to meet the growing demand for skilled and certified security
professionals
4. Program benefits
Organizations• Learn your employees how to deal with confidential information• Implementation of total security policy, focusing on people, next to tools and
processes• Work according to the ISO/IEC 27000 standard set• Anticipate legislation and regulations
Security Professionals• Meet the growing demand for skilled and certified security professionals• Know how to deal with security trends on mobile computing, cloud computing, etc.• Learn essentials of Information Security• Get acquainted with the ISO/IEC 27000 standard set• Offers complete career path
Domains of EXINs Information Security program
04/12/202317
5. Positioning
• Access control• Architecture• Audits• Awareness• Business case• Business continuity• Business perspective• Classification• Cloud• Customer perspective• Employment cycle• Incident handling• Information governance• Information Security Management
System (ISMS)• Information security plan
• Legislation• Organization• Organizational change• Personal data• Physical, technical, organizational
measures• Policies and procedures• Reporting• Risk analysis• Roles and responsibilities• Service provider perspective• Standards• Suppliers• Threats• Value of information
04/12/202318
Management
People & organization
Processes
Technique
EXIN Other certifications
5. Positioning
04/12/202319
6. Supporting materials
ISFS ISMAS ISMES
Preparation Guide Sample Exam Practical Assignments Basic Training Material
Workbook Case Study Candidate Guide
04/12/202320
7. Languages
ISFS ISMAS ISMES
English English English
Dutch Dutch Dutch
Portuguese Portuguese
Japanese
Chinese
Spanish
French
Latin American Spanish
German
04/12/202321
Price per level in Euros (2013)
• IS Foundation : 169,40• IS Management Advanced : 242,-• IS Management Expert : 544,50
8. Pricing
04/12/202322
9. Where available?
ISFS ISMAS ISMES
Accredited Examination Centers worldwide
Open University (NL)
Prometric Pearson Vue EXIN Anywhere
Thank you for your attentionThank you for your attention