IT INFORMATION

SECURITY
MANAGEMENT
PRINCIPLES

15 - 18 MAY 2016
RADISSON BLU
DUBAI DEIRA CREEK
UNITED ARAB EMIRATES

IT
SERIES

COURSE OVERVIEW
With the rapid growth & development of the internet, organizations are taking
advantage of the new opportunities available. Likewise, unscrupulous individuals are
also exploiting the situation to collect & steal data from companies & their customers.
Information security is therefore critical for today's modern business models.
Organizations must be prepared to take crucial steps to strengthen their IT
infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business
operations while improving its security position. Successful security architecture
combines a mix of the latest policies & practices, technology, and a robust awareness
program.
This 4 day intensive training workshop addresses the latest concerns on IT
infrastructure and security. Participants will develop key skills and core competencies
that will allow them to meet the ever-changing security demands of the 21st century.

Security in IT is like locking your house or car

it doesn't stop the bad guys, but if it's good
enough they may move on to an easier target.
- Paul Herbka

BENEFITS OF ATTENDING
Course Participants will:

Master the tools & techniques for effective information & network security.
Discover how to create a complete & sustainable IT security architecture.
Gain knowledge on how to develop sound security policy together with your
security architecture.

Learn how to perform smart security risk assessment within your organization.
Learn how to perform an IT governance assessment using CoBIT 5.0.
Gain valuable insights on implementing a proactive & robust security management
system.

Learn how to detect & prevent information security breaches due to inadequate IT
security awareness within the organization.

EXCLUSIVE::

PRE COURSE QUESTIONNAIRE & TAKEAWAYS

1. An
An ex
exte
extensive
tens
nsiv
ive
e IT S
Sec
Security
eccur
urit
ityy Ar
Arch
Architecture
chit
itec
ectu
ture
re Q
Que
Questionnaire
uest
stio
ionn
nnai
aire
re that
ttha
hatt will
will help
h
hel
elp
p you
you
evaluate your organizati
i tii security
it position.
iti
organizations
2. Online access to course materials, case studies and other related items of the
training seminar.
3. Take with you templates and worksheets to aid you in applying and putting
into practice what you have learned from this workshop.
4. FREE CoBIT 5.0 IT Governance Assessment Evaluation Spreadsheet

YOUR INTERNATIONAL
COURSE FACILITATOR
Dr Mark T. Edmead
CISSP, CISA, COBIT, Lean IT, DevOpsB

IT Transformational
Consultant
MTE Advisors
Mark T. Edmead is a successful technology entrepreneur
with over 28 years of practical experience in computer
systems architecture, information security, and project
management.
Mark excels in managing the tight-deadlines and ever
changing tasks related to mission-critical project
schedules. He has extensive knowledge in IT security, IT
and application audits, Internal Audit, IT governance,
including Sarbanes-Oxley, FDIC/FFIEC, and GLBA
compliance auditing.
Dr. Edmead understands all aspects of information
security and protection including access controls,
cryptography, security management practices, network
and Internet security, computer security law and
investigations, and physical security.
He has trained Fortune 500 and Fortune 1000 companies
in the areas of information, system, and Internet security.
He has worked with many international firms, and has the
unique ability to explain very technical concepts in
simple-to-understand terms. Mr. Edmead is a sought after
author and lecturer for information security and
information technology topics.
Mark works as an information security and regulatory
compliance consultant. He has:

Conducted internal IT audits in the areas of critical

infrastructure/ systems and applications,
Assessed and tested internal controls of critical
infrastructure platform systems (Windows, UNIX, IIS, SQL,
Oracle)
Assessed and tested internal controls of various critical
financial applications.
Prepared risk assessments and determined risks to
critical financial data systems and infrastructure
components.
Created test plans & processes and executed test plans.
Conducted reviews of existing systems and
applications, ensuring appropriate security, management
and data integrity via control processes.

Prepared written reports to all levels of management

Participated in audit review panel sessions to address
results, conclusions and follow-up actions required.

Tel: +6016 3326360

Fax: +603 9205 7788

kris@360bsigroup.com

COURSE
CONTENT
DAY1 IT SECURITY - CONCEPTS & PRINCIPLES
We will cover the main concepts, principles, structures, and standards
used to design, monitor, and secure operating systems, equipment,
networks, applications and those controls used to enforce various levels
of confidentiality, availability, and integrity.
Laying the foundation
- The relationship between people, process and technology
- The information security triad: confidentiality, integrity and availability
- Concepts of security management
- Creating policies, standards, guidelines and procedures
- Promoting security awareness
Protecting our assets
- Where attacks come from
- Protecting from internal attacks
- Protecting from external attacks
- Threats and vulnerabilities overview
Security Architecture Basics
- Security as a design goal
- Security models
- Authentication methods
- Authorization
- Models for access control
The Objectives of Security
- The active defense approach to security
- Using the Defense in Depth concept
- Layered approach including perimeter security, network security, host
based security, and human awareness

DAY2 ESTABLISHING YOUR SECURITY POLICY

WHY THIS EVENT

The aim of this interactive workshop is to provide
you with the skills critical to developing your IT
Security Architecture & Policies.
After attending this workshop, you will leave
fully armed with the knowledge needed to
design and maintain a strong & secure IT
infrastructure.
The combination of interactive presentations,
hands-on exercises and open discussion groups
along with real case studies, ensures you will
obtain maximum value from attending.

COVERAGE
IT Security Concepts & Principles
Roles & Responsibilities
Security Awareness
Layered Security approach
Security Policy Implementation
Risk & Vulnerability Assessment
Threat Identification
Penetration testing
IT Network & System Security
IT Security Architecture
Security Design & Maintenance
Security Control Frameworks
ISO 27001 Security Standard
Laws & regulations

We will discusses the value of the information and what we need to do to

protect it. Effective security architecture begins with the establishment of
a security policy. Organizations should also perform a risk assessment in
order to better understand the important areas in their security
architecture.
Developing a Security Policy
- The overall plan of attack/defense
- Declaration of intent
- Characteristics of a good policy
- Policy examples
Objectives of Risk Management
- Benefits of performing a risk assessment
- Prioritizing vulnerabilities and threats
- Identifying the risk impact and determine acceptable risks
- Creating a risk matrix
The value of information
- Why you need to classify levels of information
- Managing data at rest and in transit
- Understanding data access controls
- The value of knowing where your data resides
Basic security threats and principles
- Vulnerabilities, threats and countermeasures
- Hacker probing and attack
- LAN, WAN, and wireless network technologies and protocols

WHO SHOULD ATTEND

Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Heads of Departments in Information Security
Management Information Systems, IT
Infrastructure, IT Architecture, Network
Operations, IT Operations, IT Data Center,
DataBase Management, IT Deployment
IT Business Enterprise, IT Risk Management,
IT Quality Assurance, IT Audit, Risk Management,
Internal Audit, Business Continuity Planning

DAY3 THREAT, RISK & VULNERABILITY

ASSESSMENT
We will discuss the vulnerabilities, threats, and risks to the system and
network environment. We will also discuss practical application of risk
assessment to an organization, how to conduct an assessment, and how
to use this information to improve the security posture.
Vulnerability and Penetration testing
- Why performing vulnerability and penetration testing is important
- Tools and techniques used in penetration testing
- Review of sample penetration testing report
- How to correct problems identified in the vulnerability and penetration
testing report
Protecting the network
- Firewalls and other perimeter security devices
- Intrusion detection systems
- Using a scanner to discover vulnerabilities
- Understanding network management tools
Hardening Operating Systems
- Unused user accounts
- Excessive rights and permissions
- Service packs and hotfixes

Latest TESTIMONIALS
1

- Habil Mutende, Manager Information Security & Change

Management, Central Bank of Kenya
2

Day Four wraps up the course by providing a guideline on how to design,

create, and maintain a strong security architecture. This includes a
discussion on best IT Governance practices. We will also discuss how to
make sure your technology infrastructure aligns with your security (and
business) objectives.

Excellent presentation, excellent attitude to

answer our questions & to share his experience.
- Senior Manager, IT Department, Deloitte

The programme is good for IT professionals...

[who] would like to setup ISO function or improve
ISO. - G. Ramgopal, Head IT Security, Bank Muscat Oman

I have used Mark in key roles with high visibility

clients. Without hesitation I would highly
recommend Mark for any and all IT audit
engagements. His professionalism, deep
knowledge, and results oriented work style are
deeply valued by not only myself, but more
importantly by the all those who are lucky enough
to use his services. - Russ Aebig, Director at Artesient

We have used Mark Edmead on several projects in

the past few years including SOX readiness for
publicly traded companies and IT vulnerability
assessments for major financial institutions. He
always delivers professional and detail-oriented
workpapers on-time and within budget. Mark is
highly recommended and we will continue to use
him on other projects. - Brenda Piazza, Director at CBIZ MHM

The importance of the Business Continuity and Disaster Recover Plans

- Introduction to BCP/DRP
- Conducting the Business Impact Assessment (BIA)
- Review of the BCP/DRP process
- Establishing data recover options

DAY4 DESIGNING & MAINTAINING YOUR

SECURITY ARCHITECTURE

Session well organized. The trainer is very

conversant with the subject matter. Well delivered
and would definitely recommend to anyone else.

Implementing a proactive security management system

- Justifying the cost of security
- Aligning your technology infrastructure to business objectives
- How to continually strengthen your security posture
Understanding the various security control frameworks
- COBIT 5 Governance and Management of IT Enterprise
- ISO 270xx Security Standards
- The NIST Standards
Developing and implementing a successful governance strategy
- The Balanced Scorecard and IT Governance
- Governance of outsourcing
- Managing risks and IT Governance
- Best practices for implementing continuous improvement concepts and
principles
Understanding Strategic Alignment
- Enterprise mission, objectives, and values
- Drivers and trigger points
- Benefits realization, risk optimization, and resource optimization
- Business objectives and goals alignment to facilitate IT governance

COURSE SCHEDULE
8.00
8.30
10.10 - 10.30
12.00 - 13.00
14.40 - 15.00
16.00

Registration & Coffee/Tea

Workshop commences
Morning coffee/tea
Lunch
Afternoon coffee/tea
End of day

IT INFORMATION
SECURITY
MANAGEMENT
PRINCIPLES

REGISTRATION FORM
Fax: +603 9205 7788
Tel: +603 9205 7772
Mobile: +6016 3326 360

15 - 18 MAY 2016
RADISSON BLU
DUBAI DEIRA CREEK
UNITED ARAB EMIRATES

Email: kris@360bsigroup.com

DELEGATES
1

Name

IN-HOUSE TRAINING

360 BSI is passionate about providing strategic IT programs

and high potential training solutions across the region to build
personal competencies and organizational capability.

Name on tag :
Job Title :

Email

Mobile

Name

You will receive practical training from a professionally

qualified educator with over twenty years of teaching and
training experience.
Please feel free to mix-and-match topics from the areas listed
below to get the right training content for your staff. Other
topics may be available upon request.

Name on tag :

OTHER RELATED PUBLIC COURSES

Job Title :

Email

Mobile

Name

IT Governance & Leadership

Document Management & Retention
Business Continuity and Disaster Recovery Planning
Preparing for the CISSP exam
Fraud Control & the COSO 2013 Framework
IT Risk Management
Project Management for IT Professionals

Name on tag :
Job Title :
Email

Mobile

Hotel Contact Details:

For Room Reservation, contact for 360BSI corporate rates.

Telephone: 00971 4 2057105 Fax: 00971 4 2234698
E-mail: reservations.dxbza@radissonblu.com
Radisson BLU Hotel, Dubai Deira Creek
Baniyas Road, P.O. Box 476, Dubai, UAE

AUTHORIZATION
(This form is invalid without a signature)

General Information:

Name

Job Title

1
2
3

Email

Tel :

4
5

Cancellations/Substitutions

Organization :
Address :

Signature :

Registrations close ONE (1) week before the training dates.

The fees cover lunch, tea breaks, materials and certificate.
Official confirmation will be sent, once registration has been
received.
Participants will need to arrange their own accommodation.
Attire: Smart Casual

Date:

FEES

USD 3,395 per delegate

15% discount - Special for Group of 3
The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable
the client has to ensure that the taxes are paid on top of the investment fee paid for the course.
Compliance with the local tax laws is the responsibility of the client.

* Save up to 50% for In-house Training program

Substitutions are welcome at any time. Please notify us at

least 2 working days prior to the event. All cancellations will
carry a 10% cancellation fee, once a registration form is
received. All cancellations must be in writing by fax or email
at least 2 weeks before the event date. Cancellations with
less than 2 weeks prior to the event date carry a 100% liability.
However, course materials will still be couriered to you.

Thank you for your registration!

PAYMENT DETAILS
Payment is required within 5 days upon receipt of
the invoice.
Bank transfer:
360 BSI MIDDLE EAST LIMITED
Abu Dhabi Commercial Bank
Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E
Account No: 10065721319001
Swift No: ADCBAEAAXXX
IBAN No: AE780030010065721319001

All payments must be received prior to the event date

360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia.

360 BSI Training Calendar 2016

Event Code
KK-MN-SIN-130
KK-MN-DUB-131
KK-MN-DUB-129
KK-TE-DUB-48

Type

COURSE TITLE
Document & Information Management, Security,
IT
Retention & Archiving
Management Green Supply Chain Management
Document & Information Management, Security,
IT
Retention & Archiving
Effective Technical Report Writing
General

DATE - 2016

VENUE

04 - 07 Apr 2016

Singapore

10 - 12 Apr 2016

Dubai

02 - 05 May 2016

Dubai

15 - 16 May 2016

Dubai

SV-IT-DUB-21

IT

IT Information Security Management Principles

15 - 18 May 2016

Dubai

KK-MN-KL-132
KK-TE-SIN-44

IT
General

Document Management, Security & Retention

Effective Technical Report Writing

23 - 24 May 2016
18 - 19 July 2016

Kuala Lumpur
Singapore

KK-TE-JAK-42

General

Effective Technical Report Writing

31 Aug - 01 Sep 2016 Jakarta

KK-TE-KL-41
KK-MN-KL-133

General
IT

Effective Technical Report Writing

Document Management, Security & Retention
Document & Information Management, Security,
Retention & Archiving

05 - 06 Sept 2016
05 - 06 Sept 2016

General

Effective Technical Report Writing

05 - 06 Oct 2016

General

Effective Technical Report Writing

10 - 11 Oct 2016

KK-MN-KL-117/118

General

10 - 13 Oct 2016

KK-MN-KL-119/120

General

10 - 13 Oct 2016

Kuala Lumpur

KK-MN-DUB-121/122

General

16 - 19 Oct 2016

Dubai

KK-MN-DUB-123/124

General

Negotiating Sales Success & Customer Loyalty

Effective Communication, Presentation Skills &
Report Writing
Negotiating Sales Success & Customer Loyalty
Effective Communication, Presentation Skills &
Report Writing
Document & Information Management, Security,
Retention & Archiving
Effective Technical Report Writing

Kuala Lumpur
Kuala Lumpur
Available for Inhouse
Available for Inhouse
Available for Inhouse
Kuala Lumpur

16 - 19 Oct 2016

Dubai

06 - 07 Nov 2016

Available for Inhouse

Doha

Behavioral Based Safety (BBS) & Leadership

Root Cause Analysis

To be confirmed 2016
To be confirmed 2016

Dubai
Dubai

Business Continuity & Disaster Recovery Planning

To be confirmed 2016

Kuala Lumpur

Fraud Control & The COSO 2013 Framework: Improving

To be confirmed 2016
Internal Controls and Organizational Effectiveness

Kuala Lumpur

IT

IT

25 - 28 Sept 2016

16 - 19 Oct 2016

KK-TE-DOH-47

General

SV-SS-DUB-104
SV-SS-DUB-105

Safety
Safety

SV-IT-KL-22

IT

SV-FI-KL-11/12

Finance

SV-MN-DUB-131

HR

Effective Performance Management

To be confirmed 2016

Dubai

SV-MN-DUB-132

HR

Preventing Workplace Bullying

To be confirmed 2016

Dubai

SV-FI-DUB-9/10

Finance

Fraud Control & The COSO 2013 Framework: Improving

To be confirmed 2016
Internal Controls and Organizational Effectiveness

Dubai

SV-IT-DUB-19

IT

Project Management for IT Professionals (23 PDUs)

To be confirmed 2016

Dubai

SV-SS-DUB-96

Safety

To be confirmed 2016

Dubai

SV-SS-DUB-97

Safety

To be confirmed 2016

Dubai

SV-IT-DUB-20

IT

Visible Safety Leadership

Quality, Behavior & the Bottom Line: The Human Side
of Quality Improvement
IT Governance: Governance & Management of
Enterprise IT

To be confirmed 2016

Dubai

Other Training Courses by Affiliated Training Partners

Technical
Security
Security
Security

Advanced Shutdown / Turnaround / Outage (STO)

Management
Advanced Certificate in Security Management
Advanced Certificate in Professional Investigation &
Covert Surveillance
Advanced Certificate in Field Incident Command

Management CSR Strategy & Value-creation Masterclass

HR

Training ROI Masterclass

Management Effective and Efficient Warehouse Operations

Finance

Effective Collection & Recovery Strategies

Contact Kris at kris@360bsi.com to register or for further details. Tel: +60 16 3326 360

Dubai
Kuala Lumpur
Dubai
Dubai
Dubai
Dubai
Dubai
Dubai