Course Description
Executives working in UK commercial and third sector companies of any size need to be aware of the requirements for information security. They also need to be aware of the context of their role and the roles of others in defining and implementing company policies and processes, and in some cases implementing management systems for meeting the requirements of standards which the company may be certified against. Information security is increasingly becoming critically important and good practices will ultimately benefit the company and its customers. This course delivers an overview and awareness of key topics for executives enabling them to understand the requirements and best practice activities for consideration in the context of their business. The key topics covered include those referenced in best practices guidance as set out in the National Cyber Security Centre (NCSC) and standards such as Cyber Essentials and ISO 27001 as well as references to related laws.
Who is the course for?
The course should be taken by all executives and senior managers accuontable for meeting strategic business objectives. This course is not intended for public sector or government organisations where special rules apply.
What training pre requisites are there for taking the course?
There are no training pre requisites. The training is best used when the organisation has established policies with regard to information security.
What level of knowledge is required?
No specific specialist knowledge is required. It is assumed that all employees have undertaken a company induction as it would be advantageous for the student to be aware of the location of and have access to company-specific policies, processes, and procedures.
What knowledge will be gained after taking the course
This particular course is not intended to provide training to be able to implement information security management systems, but will provide the executive with the following:
- Awareness and understanding of Information Security terms, concepts and frameworks
- Awareness and general understanding of the principles and objectives of information security.
- Awareness of the Law
- Awareness of governance best practices
- Awareness of core topics including Remote working, mobile devices, passwords, social engineering, phishing, malware, use of social media, physical security
- Awareness of roles and responsibilities to be delegated including Training, Identity and Access management, privilege access, patching, secure configuration, change management, backup, asset management, network security, operations and IT security
- Awareness of Risk management and controls
- Awareness of frameworks including NCSC Best practices, Cyber Essentials and ISO27001
- Awareness of incident management and reporting
- Awareness of Information security relating to business continuity management
