Becoming an Information Systems Security Manager (ISSM)
The target audience for training
- Business or IT managers wishing to become CISOs
- Operational CISOs wishing to understand the new missions of the CISO
What you will learn
The protection of information and the security of information systems are now so important that those responsible for information systems security must be increasingly involved in the governance processes of the company or organisation. The role of the CISO is essential, as he or she is responsible for actions relating to the protection of information and the security of the company's systems, networks, applications and data. This course, illustrated by a number of practical case studies, will provide participants with all the key best practices they need to master the dimensions of this job.
Training programme
- Duration: 3 days
Part 1: THE ISSM PROFESSION, ITS ROLE, RESPONSIBILITIES, SCOPE OF ACTION AND WORKING METHODS
- What are the challenges of ISS?
- Some basic definitions, scopes and terminology
- The challenges of information security
- The nature of threats and risks Initiating penetration testing
- The missions of the CISO
- Advising General Management on legal obligations and ISS risks
- Formalise a strategy and define an action plan
- Defining an SSI repository
- Participate in setting up the governance structure
- Advising and assisting project owners in risk management
- Advising, assisting and supervising project managers in dealing with risks
- Training, raising awareness
- Proactive monitoring
- Auditing and carrying out compliance checks and measuring effectiveness
- Legal obligations and SSI requirements
- Liability in tort and contract
- Legal obligations
- PPST: Protection of information relating to the nation's technical potential
- Respect for privacy / Secrecy of correspondence
- GDPR
- Law for a digital republic
- SOX: Sarbanes Oaxley
- LSF: Financial Security Act
- LCEN: Law on Confidence in the Digital Economy
- LSQ: Loi Sécurité Quotidienne / Godfrain Law
- CPI: French Intellectual Property Code
- The directive "Network and Information Security
- LMP: Military Planning Law
- Identification of competent authorities and reference systems
- ANSSI, PSSI x, RGS
- French Agency for Digital Health
- PCI DSS
- CNIL
- Contracts
- ISS governance
- SSI maturity levels and types of organisation
- The steering, arbitration, monitoring and certification committee
- Hierarchical and functional channels
- Links with other sectors (hierarchical, facility safety, crisis management, etc.)
- Incident notification and alert management
- Formalising an IS strategy
- Adding tools and best practice
- Issue-oriented
- ISMS-oriented
- The stages in formalising a roadmap
- Risk management
- The ISO 31000 standard
- The ISO 27005 standard
- Assisting the project owner in assessing needs and feared events
- Assistance to project managers in dealing with risks
- Advice on validation or certification
- Case studies
- The ISO 27002 standard
- The ISO 27001 standard
- Definition of an SSI reference system
- Letter of commitment from management
- Letter appointing the CISO
- General information protection policy
- How to build an information system security policy
- Charters
- Guides and procedures
- Exercises
- Implementation of an SSI integration method in projects
- EBIOS
- Adapted
Part Two: FROM THEORY TO PRACTICE
- The state of the art in technical solutions for information system security
- Access security
- Network filtering
- Application filtering
- Authentications
- Approvals
- Intrusion detection
- Journalisations
- Supervision
- Trade security
- Symmetric and asymmetric encryption
- Public Key Infrastructure
- Declinations
- Trade security
- Symmetric and asymmetric encryption
- Public Key Infrastructure
- Declinations
- Server security
- Hardening
- Hosting
- Safety at sedentary and mobile workstations
- Application security
- Access security
- SSI architectures
- Peripherals
- In depth
- Introduction to business continuity plans and contingency plans
- Business continuity fundamentals
- The BCI model and the ISO 22301 standard
- The different plans: PCA, PCO, PSI, PGC, PCOM, etc.
- The phases of a BCP project
- Taking the human factor into account
- Awareness / Training / Communication
- Exercises
- SSI legal and technical monitoring
- Control and audit
- Definition of control indicators
- Formalising audits
- Intrusive testing
- Formalising and updating dashboards
- Exercises
- General advice for success as a CISO
- Obstacles and difficulties encountered by CISOs (feedback)
- Ensuring that the CISO's role is properly understood and communicated
- Mistakes not to be made, advice on change management
Training objectives
-
Identify all the facets of the IS Security Officer's job, his role and responsibilities
-
Building an effective safety policy and managing AIS risks Having an overview
-
technical IS protection measures
-
Have a methodology for implementing and monitoring safety
-
Knowing what best practice is for building your action plan and defining your indicators
Training prerequisites
The Fundamentals of Risk Management course (Ref. LFMR) is the ideal prerequisite for this course.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 3 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).