Information security in organizations has developed from low-key technical solutions towards coherent, efficient security systems and processes. Nowadays information security contributes directly to the strategic value of an organization. Having a complex set of technical measures and processes in place is not enough to ensure security. You will also have to take the professional into account. Even though the professional may be flexible and experienced enough to anticipate and respond to problems, he can also be a vulnerable factor in the equation.
The Information Security Management program provides participants with insights into the most important aspects of information security management, compliant with the EU e-competency framework, and in particular related to leading and managing organizational information security activities.
After completing this program participants have further developed the professional skills:
- Management: developing information security and risk management strategies and policies suited to the organizational needs;
- Set up: setting up information security and risk management processes, and embedding them in other corporate processes to ensure good governance;
- Awareness: raising awareness in terms of information security and determining what information security measures need to be taken;
- Ensure organizational and procedural- based security measures designed and managed, taking into account all legal, business and user aspects;
- Coordination: collaborating constructively with technical information security experts, and harmonizing policy, operational activities and information security IT aspects.
The program is intended for professionals that operate at management level or have management-level aspirations.
Participants have jobs in different types of organizations. Positions held by participants include those of consultant, IT auditor, business analyst, service delivery manager, IT department manager, (corporate) information security officer, security manager, and governance, risk and compliance officer. They are active in various types of organizations, such as consulting and auditing firms, IT service suppliers, manufacturing, healthcare and governmental organizations.
Module 1: Understanding the strategic context (Tilburg)
This module discusses the broader organizational context of information security and provides a pragmatic approach to align the information security strategy to the organization’s strategic goals.
Also related governance, legal and compliancy aspects will be covered as well as the economics of information security.
Module 2: Translating information security strategy into action (Antwerp)
In this module participants will learn how to compose a professional information security management system for your organization, starting from identifying the relevant information risks up, getting approval to start the security initiative and launching it through a project based approach.
You will learn how to build and execute a short, mid and long term information security program.
Module 3: Maintaining operational aspects of information security management (Antwerp)
This module addresses all operational matters related to information security management, including questions such as how to keep information security on the agenda and how to control information security within the predefined requirements and agreements?
Also the module explores new security management challenges caused by new technological developments.