This course will introduce participants to the tenets of information security and information privacy risk management, including information risk governance; metrics and management reporting; and common frameworks for identifying, treating, and managing risk. In particular, this course will describe security policy and standard development; internal, external, vendor risk assessments; and the function of external certifications. Additionally, this course will address proactive security design and testing techniques to reduce downstream risk; security contract negotiations to reduce the potential for future liability; and standard operational processes businesses need to effectively manage ongoing risk.

Key Course Takeaways:

• Utilize a variety of risk frameworks to build a cybersecurity program.
• Draft a security process and create a security control framework to assess potential risks.
• Determine when third-party assessments are required, and be able to conduct a third-party assessment.
• Describe the role of external audits and assessments.
• Articulate the role of privacy documents, including privacy policies, notices, and other disclosures.