Module
1: Regulatory Compliance and Security
·
Core
Objectives
·
U.S.
Legislations
o
California
’s
Privacy and Security Requirements
o
FDA’s
CFR 21
o
GLB
·
Important
International Regulations
o
Japan
’s
PIP
o
Canada
’s
PIPEDA
o
Australia
’s
Privacy Act
o
European
Union’s DPD
o
EC Directive
o
UK
’s
Data Protection Act
o
UK
’s
Freedom of Information Act
Module
2: Sarbanes-Oxley and Security
·
Legislation
Fundamentals
·
Key Sections
·
Impact on For Profit
and Not For Profit Organizations
·
Technology and
Security Impact
o
Security Architecture and Infrastructure
·
CobiT
Security Baseline
o
Control
Objectives
o
Security Domains
|
Case Study:
Examine FFIEC Guidelines for Internet Banking
Step through key
requirements of
U.S. federal government mandates for strong
authentication that impacts banks offering
online banking. Understand why in today’s
online financial services environment,
authentication is the bedrock of information
security.
Learn about the FFIEC guidance and how
banks and financial institutions must balance
risk, cost and customer experience when choosing
authentication solutions.
|
Module
3: HIPAA Security Requirements
·
Legislation Fundamentals
·
HIPAA Privacy Rule
·
Administrative Safeguards
·
Physical Safeguards
·
Technical Safeguards
·
Security Policies
Module
4: ISO 17799:2005 Standard
·
Objective
·
Scope
·
Key Domains
o
Definition
o
Requirements
Module
5: Security Certification and Accreditation
·
U.S.
Federal System Requirements
·
Critical Processes & Phases
·
Common Security Controls
·
FISMA
o
Core Objectives & Requirements
o
Federal
Information
Security
Incident
Center
·
Key
U.S.
Government Security References & Guidelines
Module
6: Business
Continuity Planning (BCP)
·
Definition
and Scope
·
Components
of a Contingency Plan
o
Disaster
Recovery Plan
o
Emergency
Mode Operation Plan
·
Classification of Information
·
Classification
of Threats
·
Types
of Alternate Sites
·
Getting
Started
o
Conducting
a Business Impact Analysis (BIA)
§
Key
Activities
o
Developing
Your Disaster Recovery Plan (DRP)
§
Critical
Sections
Case
Study:
Conducting a Business Impact Analysis (BIA)
Step through key activities that organizations must
conduct to complete a comprehensive Business
Impact Analysis (BIA). Understand critical
processes for a BIA initiative and identify
areas that must be addressed in a BIA Report.
|
Module
7: Getting Compliant, Integrating Best Practices
·
Enterprise
Security Methodology
o
Critical
Steps
o
Integrate
Compliance Requirements
·
What is Your
Security Strategy?
·
Risk
Analysis
o
Definition
and Scope
o
Information
System Activity Review
o
Key Project Phases
o
Vulnerability
Assessment Tools
·
NIST
Security Guidelines
·
Getting
Started
o
Developing Your Information Security Policies
|
Case
Study:
Review Sample Information Security Policy
Templates
Step through key sections of critical information
security templates in-class. Review sample
policy types and organization. All CSCSTM
candidates that pass the exam will receive a
complete set of information security policy
templates free.
Use these templates to create or update your
enterprise information security policies.
Policies templates are influenced by the
requirements for several regulations.
|
|
