
Full course description
This course will introduce participants to the tenets of information
security and information privacy risk management, including information
risk governance; metrics and management reporting; and common frameworks
for identifying, treating, and managing risk. In particular, this
course will describe security policy and standard development; internal,
external, vendor risk assessments; and the function of external
certifications. Additionally, this course will address proactive
security design and testing techniques to reduce downstream risk;
security contract negotiations to reduce the potential for future
liability; and standard operational processes businesses need to
effectively manage ongoing risk.
Key Course Takeaways:
- Utilize a variety of risk frameworks to build a cybersecurity program.
- Draft a security process and create a security control framework to assess potential risks.
- Determine when third-party assessments are required, and be able to conduct a third-party assessment.
- Describe the role of external audits and assessments.
- Articulate the role of privacy documents, including privacy policies, notices, and other disclosures.