The course is intended for employees in the organization who would need to uderstand information security mostly from the organizational and partialy from the technical field. Participants might be employees of IT, management or other employees who needs to understand the foundation of information security. Course presents the basis of the rules, the purpose and the concept of organizational security of information. The basis of each company is information or data; their safety is the basis of the security of the entire organization.  

Review of the area of ​​information security

Presentation of the problem

• Definition of the protection of information
• Actuality of information security
• Computer security
• Global activity

Trends in the field of information security

• Results of research and analysis
• Trends

Basic concepts of information security

• Information and data
• Vulnerability and risk
• Ownership
• Controls

Guidelines for information security

• ISF
• ISSF
• ISACA
• OECD
• ISO

Computer security

Elements of computer security

• Supporting the mission of the organization
• Integral part of management
• Cost efficiency
• A holistic approach
• Periodic review
• Social factors

Roles and responsibilities

• Management
• Computer security staff
• Heads of units
• Service providers

Overview of basic threats

• Errors and negligence
• Tatvins
• Sabotage
• Hackers
• Inadequate infrastructure

Management controls

Security policy

• Types of Politicians

Information security program

• Program structure

Risk management

• Risk analysis methods
• Evaluation and analysis
• Reduction
• Usage statement

Life cycle

• Activities

Guarantees

Operational Controls

Staff

• Recruitment
• Contractors

Business continuity

• Determination of critical business processes
• Anticipating possible catastrophes
• Strategy

Management of incidents
Awareness and education
Security aspects of technical support and procedures

• User support
• Configuration management
• Backups
• Documentation
• Maintenance

Physical and environmental protection

• Physical access
• Fire, water, earthquake
• Mechanical and electrical installations
• Data interception

Technological aspects of security

Idetification and authentication

• Principles of behavior, possession

Logical access control

• Criteria
• Access Policy
• Management and coordination

Audit trails

• Importance
• Purpose

Cryptography

• Fundamentals
• Use

Human factors

Legislation

Slovenian laws

• The Copyright and Related Rights Act
• Electronic Commerce and Electronic Signature Act
• Classified Information Act
• Law on Protection of Personal Data
• Penal Code of the Republic of Slovenia

European Community Directives

Revision of information systems

ISACA - Information Systems Audit and Control Association

• Presentation of the association
• Organization
• Code

Standards of auditing

• IFAC - International Auditing Standards
• ISACA standards

Internal and external audit
Presentation of the work of external auditors

• Planning the audit
• Perform audit, evidence
• Completion, reporting

Standard BS 7799 / ISO 17799

Presentation of the standard

• History and development
• Structure

Preparation for certification
Certification

• Process
• Performers

Approach to implementation of ISMS

Methodology for introducing ISMS
Risk analysis as the basis
Examples of umbrella policies
Examples of elementary security policies

No pre-knowledge needed. Basic experience and understanding of business information systems are desirable.