Course : Audit, indicators and safety control
Synthesis course - 2d
- 14h00 - Ref. UDI
|
Download in PDF format
Share this course by email
 | Understand the challenges and obligations of safety management |
| Understand how to create meaningful and effective dashboards |
| Understand the number and choice of indicators according to the chosen field of application |
| Safety audit methodology |
Intended audience
CISOs or security correspondents, security architects, IT managers, engineers or technicians who need to integrate security requirements.
Prerequisites
Basic knowledge of IT security.
Course schedule
1 Introduction: safety control
- Reminders. ISO 27000 terminology.
- Safety control implementation.
- Short-medium-long-term safety assessment.
- Safety management: the "manager" view.
- Safety reviews and input elements.
- The legibility of its security compared to publishers.
- Regulatory and standards constraints.
2 Safety audits
- The safety auditor's job.
- Identify the context of the mission.
- Preparing the mission, analyzing the reference framework.
- Gap classification, determining the risk criteria used.
- Literature review.
- Interview preparation.
- Technical tests.
- On-site audit: what to do (and what not to do).
3 Indicators and measuring instruments
- Presentation of indicators and dashboards, examples of formats.
- A typology of indicators. What is the purpose of my indicator?
- The number and choice of indicators according to the chosen field of application.
- ISO 27001 registration. ISMS reviews and re-examinations.
- The 27004 standard "Information Security Management Measurements": the essentials.
- Examples of 27001 controls and measures Appendix A.
4 Dashboards and safety management
- PSSI monitoring, the basis for calculating return on investment.
- Dashboards: for whom, for what? Monitoring actions and PSSI compliance for CISOs.
- Monitoring of acceptable risk levels for operational departments.
- The "Domains - Good practices" reference system as a monitoring tool.
- The "Type of practice/maturity" benchmark as a target to be achieved.
- Examples of standard dashboards.
5 Conclusion
- The choice of indicators.
- Building my first dashboard.
- Audit situation.
Case study
Exercises on typical projects "Logical security", "Protection of goods and people", "Communications security", "Application security".
Publication date : 02/23/2024
PARTICIPANTS
CISOs or security correspondents, security architects, IT managers, engineers or technicians who need to integrate security requirements.
PREREQUISITES
Basic knowledge of IT security.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
CISOs or security correspondents, security architects, IT managers, engineers or technicians who need to integrate security requirements.
PREREQUISITES
Basic knowledge of IT security.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class
Last places available
Guaranteed date, in person or remotely
Guaranteed session