About the course
The objective of the course is to provide a comprehensive but necessarily high level overview of Information Assurance and how it is addressed within HMG organisations and commercial supply chain companies. It will provide delegates with an initial understanding of the basic concepts and language of Information Assurance so that they can subsequently work directly in this complex field or work indirectly with security professionals. This course contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level.
The course is related to other Information Assurance courses and provides the basis for the Information Assurance Risk Management for HMG and the Introduction to Accreditation courses. Where appropriate this course links to aspects covered in both of those courses, such as how risk management can be conducted and the possible role in that process of an Accreditor.
The course objectives are:
· To give delegates an overview of what Information Assurance is, what it comprises, the terminology used and why it is relevant to them.
· To explain what the nature of cyber security threats are and how they can be realized.
· To describe information risk management and explain how it can be used to mitigate risks to the business.
· To tell delegates where they can get advice and guidance on all aspects of security.
This course is aimed at those in government organisations or commercial companies with little or no previous knowledge of cyber security. Ideally delegates should have some understanding of wider business risk management and of security in general. It is designed to teach the fundamentals of Information Assurance for HMG and is intended to provide sufficient understanding of the subject to enable delegates to progress to other aspects of security.
The course will benefit:
· Those who are new to Information assurance and who want a baseline of understanding so that they can go on to learn more about the subject.
· Government staff who want a better understanding of the subject to be able to assess how it can affect them in their own roles.
· Staff who have taken on responsibilities where a knowledge of cyber security is required.
· Senior managers of both government organisations and HMG supply chain companies who want a better understanding of Information assurance and how it impacts their business so that they can make better informed decisions;
· Project manager's delivering IT projects to government and who need to demonstrate that security risks have been balanced with business benefit.
· Those who are tasked with providing awareness training on Information Assurance in their organisations.
· Those who are concerned with the review of Information assurance in their organisation in response to a contractual or other compliance requirement.
Support for CESG Certified Professional
This course contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level:
Security and Information Risk Advisor, IA Auditor, Accreditor, IT Security Officer, Security Architect, Penetration Tester, Communications Security roles.
The course supports CCP Level 1: Awareness (understands the skill and its application). It provides skills against the following competencies used in the CCP assessment process:
A1: Governance, A2: Policy and Standards, A6: Legal and Regulatory Environment, B1: Risk Assessment, B2: Risk Management, D1: IA Methodologies.
IISP Skills Alignment
This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.
· A1, A2, A5, A6, B1, G1
Continuous Professional Development (CPD)
CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).
Delegates will learn how to
At the end of this course you will be able to understand:
· What Information Assurance is, what the terminology is and why it is important to their organisations.
· What risks their organisations face when operating in the modern world.
· Who wants to attack their organization, why and how?
· What the drivers are for HMG to manage security issues.
· What the basic components of information risk management are.
· How they can adopt a risk managed approach to balance business benefits with the risks of doing business.
The course is 1 day and is divided into 4 modules:
Module 1 - What is Information Assurance?
To include: the terminology used, the major components, the drivers for it, its relevance to all government and commercial organisations and how it is managed.
Module 2 - What are the Risks of Doing Business?
To include: the nature of the risk, who the threats are and what type of attack is likely.
Module 3 - What is Information Risk Management?
To include: the components of risk, risk management concepts, information risk management, governance.
Module 4 - Where can I get help with Information Assurance?
To include: sources of HMG policy and commercial guidance, where to get advice, sources of information and where to get specialist support.