The ability to secure information within a modern enterprise—large or small—is a growing challenge. Threats to information security are global, persistent, and increasingly sophisticated. Long gone are the days when managers could hope to secure the enterprise through ad hoc means.
When: 6-weeks, running: April 29 and May 6, 13, 20, 27 and June 3, 2017. Saturday from 9:00am-5:00pm.
Where: Moringa School, Ngong Lane Plaza, Ngong Lane, Nairobi, Kenya
Who: The course is intended for corporate individuals and graduates who perform or are looking to perform security leadership and management duties. No coding experience is required, but computer proficiency is necessary.
Cost: $500 ($1 = 100 Ksh)
At the end of this course, students will be able to:
Assess the current security landscape, including the nature of the threat, the general status of common vulnerabilities, and the likely consequences of security failures.
Critique and assess the strengths and weaknesses of general cybersecurity models, including the CIA triad.
Appraise the interrelationships among elements that comprise a modern security system, including hardware, software, policies, and people.
Assess how all domains of security interact to achieve effective system-wide security at the enterprise level.
Compare the interrelationships among security roles and responsibilities in a modern information-driven enterprise—to include interrelationships across security domains (IT, physical, classification, personnel, and so on).
Assess the role of strategy and policy in determining the success of information security.
Evaluate the risks of mobile application to personal privacy.
Design a notional information security plan that incorporates relevant principles of lifecycle management.
Evaluate the principles of risk and conduct a notional risk management exercise.
Be able to find and filter sensitive information using google.
Create a good set of information security metrics.
Critique the current legal and regulatory environment as it applies to cybersecurity.
Identify and contrast the most common security standards and associated catalogues of security controls.
Contrast the various approaches to security training and formulate a simple training agenda.
Justify the need for business continuity planning and propose how to implement such a plan successfully within a modern enterprise.
Compare and contrast logical and physical security.
Be able to understand and use hacking tools.
Be able to perform security assessment and penetration testing to small firms/websites.
Evaluate the trends and patterns that will determine the future state of cybersecurity in the country.
Effective information security at the enterprise level requires participation, planning, and practice, as well as individual awareness to issues affecting information security. It is an ongoing effort that requires management, staff and individuals to work together from the same script. Fortunately, the information security community has developed a variety of resources, methods, and best practices to help modern enterprises address the challenge. Unfortunately, employing these tools demands a high degree of commitment, understanding, and skill—attributes that must be sustained through constant awareness and training.
It is important to note as well that effective security is not achieved in stovepipes. Ineffective physical security or lack of device/application security used by individuals, for example, can undermine otherwise effective information system security, and vice versa. Effective security at the enterprise level requires the effective interaction of physical security, information security, personnel security, and so on—indeed, all branches of security must interact effectively as a system to achieve overall enterprise security.
This course is designed to teach mid-level security practitioners, individuals with interest in CyberSecurity and graduates who are looking to enter into Information Technology Enterprise world how to engage all functional levels to deliver information system security. To this end, the course addresses a range of topics, each of which is vital to securing the modern enterprise and personal privacy in digital world. These topics include inter alia plans and policies, enterprise roles, security metrics, risk management, standards and regulations, online privacy, device/application security, and business continuity. Each piece of the puzzle must be in place for the enterprise and individuals to achieve information security; adversaries will invariably find and exploit weak links.