Information Security Practitioner
Build your career as an information security manager
Information Security Practitioner (ISP) was designed for information security professionals who aspire to progress into a management or advisory role. ISP offers you the mindset, knowledge and practical skills you need to become a successful Information Security Officer or Manager. During the course, you will draft an information security vision statement, plan and perform information security risk assessments, develop an implementation plan for the ISO/IEC 27001 standard, assess and improve strategic information security policies, develop an effective information security awareness program using behavioural theory and learning theory, and start coordinating activities in the domains of Identity and Access Management and Incident Response. The training ends with a comprehensive case study assignment, where you will review an information security audit report and propose an actionable plan that will help the audited organisation achieve ISO 27001-compliance.
Lies Alderlieste-de Wit
Author & Trainer
CISO at Stater
Chris Wauters
Author & Trainer
Security Transition Manager,
Agile & Security Leadership
Koen Maris
Advisory Board
Cyber Security leader
at PwC Luxembourg
Michael Garceau
Trainer
Senior Risk Manager,
Founder CipherQuest
Mario Procopio
Trainer
Interim CISO &
Founder at Pro CISO®
At a Glance
Advanced level
Information Security Practitioner
Information security professionals looking to progress into a security management role. (Aspiring) information security officers, consultants, security managers, IT Auditors, line managers and project managers with a direct line to the information security practice.
Integrate information security into strategic management and organisational culture, while ensuring compliance with information security laws, regulations and standards.
Adopt a risk-based approach to information security. Balance interests and threats to improve organisational resilience. Apply resilience management principles. Contribute to effective information security governance. Plan and perform information security risk assessments in line with best practices. Develop an implementation plan for the ISO/IEC 27001 standard.
Apply best practice project management principles. Compose and lead a project team.
Evaluate types of information security risks posed by human behaviour. Develop an effective information security awareness action plan based on behavioural, learning and adoption theories.
Identify, prioritise and present key business drivers for Identity and Access Management. Evaluate user authentication methods, identity governance schemes, access governance and authorisation methods and how to achieve good accountability in IAM.
Evaluate organisational aspects of establishing a Computer Security Incident Response Team (CSIRT), the incident response process and fundamentals of incident response policy governance. Understand best practices for security report writing.
Understand how information security audits are performed and learn to interpret audit opinions. Review an audit report and create an actionable improvement plan.
What’s included
- Official SECO-Institute course materials
- Training from passionate instructors with exceptional skills
- Access to the SECO member portal
- Practice exam
- Exam voucher
- Membership to SECO’s Alumni Network after passing the exam
Syllabus
Day 1 – Core Values & Strategic Goals
Topics:
- Cyber Security and Information Security
- Information Security Management Framework (ISMF)
- Defining a Vision on Information Security
- Laws and Regulations
- Standards and Best Practices
- Developing an Information Security Vision
Exercises:
- Mission, Vision and Strategy
- Vision on Information Security
Day 2 – Developing an Information Security Management System
Topics:
- Interests, Threats and Resilience
- Resilience Management Framework
- Risk Management
- ISO/IEC 27001
- Information Security Policy
- Information Security Profile
Exercises:
- Resilience Management Framework implementation
- Risk Assessment
- ISO27001 implementation
- Information Security Governance
Day 3 – Human Aspects
Topics:
- Project Management: People
- Project Management: Leadership
- Project leadership
Exercises:
- Leadership skills
Topics:
- Information Security & Human Behaviour
- Security Awareness Measures
- Security Awareness Tools
- Measuring Behavioural Change
- Security Awareness Roadmap
Exercises:
- Security Awareness Program Part 1 – Gain Support
- Security Awareness Program Part 2 – Security Risks
- Security Awareness Program Part 5 – Gap Analysis and Awareness Measures
Self-study – Attacker perspectives
Topics:
- The Methods of the Hacker
- Open-Source Intelligence (OSINT)
- Google Hacking
Day 4 – Domains of IAM and Incident Response
Topics:
- Introduction to Identity & Access Management
- IAM Processes
- Authentication and Related Services
- Identity Governance
- Access Governance
- Accountability and Identity Intelligence
- Responsibilities and Implementation
Topics:
- Introduction to Incident Response
- Incident Response Process
- Policy and Agreements
- CSIRT Services
- Reporting
Exercises:
- Coordinating incident response
- CSIRT services
Day 5 – The Security Audit
Topics:
- Audit, Definition and goals
- Security audits
- Audit process
- In-control statement
In this last case study, students will review an information security audit report and propose an action plan that will help the organization to make this service ISO 27001-compliant.
The training ends with a test exam, followed up with an evaluation and discussion.
Collect your badge of honor
Exam
- Language: English
- Delivered: Online via a certified proctor
- Questions: 10 multiple choice, 5 open questions and one case
- Time: 120 minute