Introduction to the Information Security Framework
Module 3 - Information Security Framework
The course is part of this learning path
This course looks at where the security function fits within the organizational structure and the role of the Information Security Officer in developing information security policies, standards, and procedures. It then provides an understanding of the principles of information security governance, how to carry out a security audit and the importance of stakeholder engagement in implementing the organization’s information assurance program. Finally, it looks at the incident management process and investigates the role digital forensics play in this, before reviewing the legal framework information security operates within.
The objectives of this course are to provide you with and understanding of:
- Where the security function fits within the organizational structure
- The role of the Information Security Officer
- Developing information security policies, standards, and procedures
- The principles of information security governance
- How to carry out a security audit
- Implementing an information assurance program and the importance of stakeholder engagement
- The incident management process and the role of digital forensics
- The legal information security framework
- Information assurance standards and how they should be applied within an organization
This course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.
There are no specific pre-requisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.
We welcome all feedback and suggestions - please contact us at firstname.lastname@example.org if you are unsure about where to start or if would like help getting started.
Welcome to the Information Security Framework Learning Path.
Information security affects the entire organization, so, everybody from the top down must know their responsibilities and the processes they should follow. However, for an organization to be able to meet its information security obligations, it needs to have the right policies, governance, processes and standards in place. It also needs to operate within the appropriate legal framework.
This will not only provide the right direction but will also enable the organization to react quickly and efficiently when a security incident occurs.
This learning path has seven videos:
• It starts by looking at where the security function fits within the organizational structure and the role of the Information Security Officer;
• The second video then identifies the process to develop information security policies, standards and procedures;
• The third video provides a basic understanding of the principles of information security governance and looks at how to carry out a security audit;
• After that, the fourth video is about implementing the organization’s information assurance programme, focusing on the importance of stakeholder engagement;
• Then the fifth video looks at what happens if things go wrong; it defines the incident management process and investigates the role digital forensics play in this;
• The sixth video is about the legal framework information security operates within, and specifies the laws that must be followed by organizations and their suppliers; and
• We conclude by looking the information assurance standards and how they should be applied within an organization
The videos are supported by quizzes for you to check your understanding as you work through them
About the Author
Fred is a trainer and consultant specializing in cyber security. His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics. However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking. From networking it was a natural progression to IT security and cyber security more generally. As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.