Evidence-Based Information Security Management
What you'll learn
- Use information security metrics for the effective management of cybersecurity
- Represent cybersecurity metrics in compact and engaging dashboards or reports
- How to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions
- Apply continuous improvement to cybersecurity
- The student should be working or preparing to work as an information security manager
In this course you will master the design and operation of information security processes with metrics and you will be able to represent this metrics in compact and engaging dashboards or reports. You will learn what is a measurement, how your choice of a model influences what gets measured, what is the relationship between security activity and business goals, and how to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions. This course is for experienced information security managers to want to move their ISMS beyond simple Compliance.
If you want to avoid the following ISMS common failings, then this course is for you:
When specific people go on leave or get sick, performance is affected.
Audits are painful and it takes a significant effort to pass successfully.
Changes in the ways things are done are difficult and slow to implement.
The same errors are made over and over again.
More than 20% of the time of the team is used trying to determine what to do or how to do it.
It is no infrequent to enter discussions with other teams about who is responsible for what.
The available Metrics do not reflect the performance of the team or the level of security.
Magic bullets are tried by management on a monthly basis and forgotten shortly after.
New ticketing software was supposed to solve all management issues. Instead, it has introduced issues of its own.
Your ISMS is certified, but you are conscious that this wouldn't prevent a serious incident from happening.
Who this course is for:
- Experienced information security professionals
Evidence-based Cybersecurity management leader.
My subjects of interest are the application of scientific method to cybersecurity management, maturity and capability as indications of the ability of organizations to improve cybersecurity, and Identity Management.
Over 20 years experience in management of information security, I am the lead author of the Information Security Management Standard O-ISM3, published by The Open Group in 2011 (updated version to be published in 2017). I have been long involved in the development of my profession: former President of the Spanish chapter of the Information Security Systems Association; former President of the First Information Security Testing Conferences. Member of the Security Forum Steering Committee of The Open Group; ISMS Forum Member, ISACA member. My articles have been published in ISACA's Control, the ISSA Journal, SC Magazine Online, Pentest Magazine, ENISA Quarterly, Revista SIC and Red/Seguridad, among others.