Information Systems Security Manager (ISSM)
The target audience for training
Anyone required to perform the role of Information Systems Security Manager:
- CISO,
- Future CISOs,
- Deputy CISO, ...
What you will learn
On completion of the course, the trainee will be able to take over the role of IT Security Systems Manager.
Training programme
- Duration: 5 days
Day 1
Day 1 - Morning : Information systems security issues
- Introduction and vocabulary (ISS, cybersecurity, IT, information security)
- Cybersecurity objectives and strategic alignment with the organisation
- Criteria (confidentiality, integrity, availability, proof) and notions of incident/risk
- Activities and role of the CISO in the company
- Security policy, security programme and associated measures.
- CISO participation in projects and professional networks.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 1 - Afternoon: ISS incident management
- IS incident management: definitions and examples.
- Incident management objectives.
- Key steps in managing IS-related incidents.
- Common mistakes to avoid.
- Tools and resources available.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 2
Day 2 - Morning: Introduction to the cyber threat and risk management
- Introduction to the cyber threat and risk management.
- Thinking like an attacker: logic and methods.
- Fundamental good safety practice.
- Notions of cryptography: concepts and uses.
- Network security: basic principles, types of attack and protective measures.
- Filtering and interconnection components: firewall, proxy.
- Secure network architecture.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 2 - Afternoon : Application & system security / Protection of workstations / Security audits
- Application security: memory and web vulnerabilities.
- Secure development.
- System security: access control, monitoring, updates, backups, logging.
- Protection of workstations and mobile equipment.
- Introduction to IS security audits.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt
Day 3
Day 3 - Morning: Processes and Information Security Management System (ISMS) / ISO 27000 standards / Security policies
- Processes and Information Security Management System (ISMS).
- Overview of ISO27000-type standards.
- ISO 27001 and ISO 27002 standards.
- Use and benefits of standards in an ISMS.
- Safety policies: definition, hierarchy and usefulness.
- Policy development, implementation and review.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 3 - Afternoon : Safety indicators / Audit: types, procedure, corrective actions
- Safety indicators: principles, sources of collection, specification and examples.
- Risks associated with indicators and mistakes to avoid.
- Audit: types, objectives and vocabulary (ISO 19011).
- Audit stages: preparation, conduct, follow-up and corrective action.
- Hosting external auditors.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 4
Day 4 - Morning : IS risk management: methods (ISO 27001, EBIOS, Mehari), asset identification, risk assessment
- SSI risk management.
- Methods: ISO 27001, EBIOS, Mehari.
- Identification and valuation of assets.
- Threats, vulnerabilities, risk assessment and evaluation.
- Possible treatments: reduction, sharing, maintenance, refusal.
- Notion of residual risk and acceptance.
Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 4 - Afternoon : Legal aspects of ISS: obligations, prevention, repression
- Legal aspects of ISS.
- General and sectoral obligations: RGS, NIS 2, DORA, ....
- Prevention: legal rules, logging, supervision of use, contractualisation.
- Repression: crisis management, characterisation of incidents, penalties.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 5
Day 5 - Morning: Managing IS service providers / Raising awareness of IS security
- Management of ISS service providers: qualification, expression of requirements, contracting.
- Monitoring, auditing and control of service providers.
- Reaction in the event of a crisis involving a service provider.
- Raising awareness of IS security: objectives, roles, resources, levers and costs.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 5 - Afternoon : Final role-play / Feedback, closure, assessment
- Final simulation.
- Case studies incorporating the full range of skills.
- Feedback and debriefing.
- Closing and final assessment.
- Attendance certificates are handed out and participants evaluate the course.
Trainer profile
Expert consultant-trainer in safety management, combining technical expertise, field experience and teaching know-how, whose technical, professional and teaching skills have been rigorously assessed and validated as part of our internal selection procedures.
Teaching methods and resources:
The course is based on a balanced combination of theoretical and practical approaches, guaranteeing both the acquisition of knowledge and its operational application:
- Moderated by a CISO, presenting his or her strategy for taking up the role and providing feedback on concrete, detailed cases of security projects carried out in his or her organisation.
- Structured theoretical input, illustrated by practical examples tailored to the participants' professional context.
- Practical exercises at each stage to help you assimilate the knowledge you have acquired.
- A case study linking the different skill blocks.
- Strong interaction between trainers and trainees, making exchanges more concrete and in correlation with trainees' expectations.
- Full educational documentation, supplied in digital format.
- Course evaluation questionnaire at the end of the course, analysed by our teaching team.
- Certificate of acquired skills sent to the trainee at the end of the course.
- End-of-training certificate sent at the same time as the invoice to the company or funding organisation, confirming that the trainee has fully attended the session.
Training objectives
- Understand the challenges of IT service security within an organisation.
- Know the basic techniques of the CISO function.
- Master the ISO 27001 standard and implement an ISMS in your organisation.
- Knowing the safety policy and auditing safety and indicators.
- Be familiar with the regulations and legal aspects of IT systems security.
- Responding to incidents.
Assessment method
- Practical exercises at every stage of the course.
- A case study linking the different skill blocks.
- Quiz at the end of each day's training.
- Self-assessment of knowledge acquired by the trainee via a questionnaire.
Training prerequisites
- Experience in an IT department as an IT specialist.
- Basic knowledge of security applied to information systems and a good command of systems and infrastructures.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 5 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).