Information Security Fundamentals: Organizational Security Measures

Course ID : UEC-003

Duration In-class (в days) : 2 days

Duration Online : 2 days

Сurriculum : in-class, Virtual Instructor-Led Training - ONLINE

Overview

The course is devoted to the selection and implementation of organizational measures of information security (IS) in the enterprise. Theoretical and methodological foundations of information security, planning activities for data protection, threat modeling and risk analysis are considered.

The requirements of the legislation of the Russian Federation, international standards and best practices in the field of information security are considered in detail.

Much attention is paid to the practical issues of developing an information security policy and other necessary internal documents regulating data protection.

Audience for this course

The course is intended for specialists of information security departments responsible for organizing data protection in an enterprise.

Objective

Students will acquire knowledge in the field of data protection planning in an enterprise, building a threat model, analyzing information security risks, implementing organizational data protection measures, and developing internal organizational and administrative documents of an enterprise.

Prerequisites for this course

Basic knowledge and skills in the field of information technology

Outcomes

Upon completion of the course, students will gain the knowledge and skills to:

• Select and implement the necessary organizational measures to protect information
• Plan and implement measures to protect data, taking into account the requirements of the legislation of the Russian Federation
• Develop an information security threat model for your organization
• Analyze IS risks and choose the best methods to reduce them
• Develop internal organizational and administrative documents in the field of information security

Outline

1. General approaches to ensuring information security
2. Building threat models and risk analysis
3. Choice of countermeasures and their economic justification
4. Requirements of the legislation of different countries in the field of information security
5. National and international standards in the field of information security
6. Development of internal organizational and administrative documents (information security policies, regulations, instructions, etc.)
7. Organizing security checks and conducting IS audits
8. Development of information security incident response plans