ISM3 Courses

ISM3 Consortium

Standards that work

	Terms and Conditions

	Return On Investment

ISM3 Courses

Implementation of high-performance Security Management Processes

Course Description

This course is specifically designed to improve your skills as an information security manager. Using ISM3 as a framework, you will master process management, and you will be able to:

Prioritize security efforts using business significant criteria.

Communicate the value that the Information Security Department brings to the organization.

Design, implement and use information security metrics proven in the field, enabling short cycle continuous improvement.

Use ISM3 to simplify ISO27001 compliance, complement ITIL security, and manage outsourced security services with SLA's.

Trainer Profile

Vicente Aceituno is the main author of the method Information Security Management Maturity Model, author of the information security book “Seguridad de la Información” (ISBN: 84-933336-7-0), and President of the Spanish chapter of the Information Security Systems Association. A list of publications and speaking engagements is can be obtained at his blog.

Course Outline

Day 1 - 9:00am 17:00pm

Introduction: The teacher will understand better what you expect from the course, and you will understand what is expected from you.
Concepts: You will gain a deeper understanding of complex security concepts.
Assets & Goals: You will be able to set security objectives aligned with your organization's mission, and you will be able to communicate what is the value that the information security department brings to the organization.
Security Objectives: You will be able to set requirements for information systems that satify security objectives.
Access Control: You will gain an understanding of the management ramifications of access control.
Classification of Systems: You will be able prioritize efforts using business significant criteria for systems classification.
Activities & Deliverables: You will gain an understanding of the relationship between activity and achievement of goals.
Bottom-up Process Implementation: You will learn how to apply ISM3 to processes under your own responsibility.

Day 2 - 9:00am 17:00pm

Top-down Security Program: You will learn how to apply ISM3 when you have support from top IT management.
General Processes: You will familiarize yourself with auxiliary but essential processes.
Strategic Processes: You will familiarize yourself with processes related to goals definition and provision of resources.
Tactical Processes: You will familiarize yourself with processes related to continuous improvement and resource distribution.
Operational Processes: You will familiarize yourself with technical hands-on processes.

Day 3 - 9:00am 17:00pm

Management Practices: You will learn the basics about process management activities.
Metrics: You will learn in detail how to design, implement and use information security metrics.
Maturity: You will become familiar with the relationship between metrics, management practices, capability and maturity.
Reports, Dashboards & Visualization: You will learn how to make the best of metrics, enabling interpretation and communication.
Security Organization: You will understand how the distribution of responsibilities make processes tick, and how to avoid related risks.
Security Modeling: You will gain a working knowledge of advanced security models.

Day 4 - 9:00am 15:00pm

ISM3-RA: You will learn to perform a simple yet meaningful Risk Assessment.
ISO27001: You will learn how to make ISM3 help you with ISO27001 compliance.
ITIL & SLA's: You will learn how to complement ITIL with ISM3, and how to design SLA in order to manage outsourced security processes.
Certification: You will peek at ISM3's certification process
Techniques & References: You will learn general security techniques in order to treat security threats

Recapitulation: You will look back at the last four days highlighting the most important ideas and concepts.

What You Will Learn:

Deep understanding of complex security and management concepts.
Alignment of security objectives with an organization's mission. Classifying and setting requirements for information systems that satisfy security objectives.
Communication of the value of information security.
Access control management concepts.
Implementation of security processes.
Process management activities.
Design, implementation and use information security metrics.
Understanding of the relationship between metrics, management practices, capability and maturity.
Techniques for visualization of security metrics.
Understanding of distribution of responsibilities concepts.
ISM3-RA Risk Assessment.
Management of Outsourced Security processes.

Who Should Attend

This course is designed for security professionals who are or have the goal to adquire management level responsibilities in their organizations.

Student/Instructor Ratio

The maximum number of students is 10.

Mark your calendar

Madrid (course language: Spanish) - Martes 21 a Viernes 24 de Septiembre 2010
London (course language: English) - Tuesday 19th to Friday 22nd October 2010
Madrid (course language: English) - Monday 23rd to Thursday 26th November 2010

Book It At Your Convenience

You can book your course, online, via fax, or telephone:

Online: Click “Buy" then "Checkout", fill your contact information and then the "Continue" button for your course's schedule and location.
Via telephone: Call us on +34 696470328, and we will take your details.

Bookings are subject to our terms and conditions.