Course Overview

The ability to secure information within a modern enterprise large or small is a growing challenge. Threats to information security are global, persistent, and increasingly sophisticated. Long gone are the days when managers could hope to secure the enterprise through ad hoc means.

Effective information security at the enterprise level requires participation, planning, and practice. It is an ongoing effort that requires management and staff to work together from the same script. Fortunately, the information security community has developed a variety of resources, methods, and best practices to help modern enterprises address the challenge. Unfortunately, employing these tools demands a high degree of commitment, understanding, and skill attributes that must be sustained through constant awareness and training.

It is important to note as well that effective security is not achieved in stovepipes. Ineffective physical security, for example, can undermine otherwise effective information system security, and vice versa. Effective security at the enterprise level requires the effective interaction of physical security, information security, personnel security, and so on indeed, all branches of security must interact effectively as a system to achieve overall enterprise security.

This course is designed to teach mid-level security practitioners how to engage all functional levels within the enterprise to deliver information system security. To this end, the course addresses a range of topics, each of which is vital to securing the modern enterprise. These topics include inter alia plans and policies, enterprise roles, security metrics, risk management, standards and regulations, physical security, and business continuity. Each piece of the puzzle must be in place for the enterprise to achieve its security goals; adversaries will invariably find and exploit weak links.

To this end, the course will emphasize the practical implications of Cybersecurity management to your institution’s roles and missions through the application and study of timely examples.

Target Audience/Prerequisites

This course is intended for any personnel who performs security leadership and management duties. 

Student Outcome/Objectives

At the end of this course, trainees will be expected to be able to:

Assess the current security landscape, including the nature of the threat, the general status of common vulnerabilities, and the likely consequences of security failures;

• Critique and assess the strengths and weaknesses of general cybersecurity models.
• Appraise the interrelationships among elements that comprise a modern security system, including hardware, software, policies, and people;
• Assess how all domains of security interact to achieve effective system-wide security at the enterprise level.
• Compare the interrelationships among security roles and responsibilities in a modern information-driven enterprise to include interrelationships across security domains (IT, physical, classification, personnel, and so on);
• Assess the role of strategy and policy in determining the success of information security;
• Estimate the possible consequences of misaligning enterprise strategy, security policy, and security plans;
• Design a hypothetical information security plan that incorporates relevant principles of lifecycle management;
• Evaluate the principles of risk and conduct a hypothetical risk management exercise;
• Assess the role of good metrics and Key Performance Indicators (KPIs) in security assessment and governance;
• Create a good set of information security metrics;
• Identify and contrast the most common security standards and associated catalogues of security controls;
• Contrast the various approaches to security training and formulate a simple training agenda;
• Justify the need for business continuity planning and propose how to implement such a plan successfully within a modern enterprise;
• Compare and contrast logical and physical security;
• Appraise the current structure of cyber security roles across your organization, including the roles and responsibilities of the relevant organizations;
• Assess the strengths and weaknesses of the certification and accreditation approach to cybersecurity;
• Evaluate the trends and patterns that will determine the future state of cybersecurity.