0 items Sign Up Sign In

Auditing Information Security - Evaluating the Effectiveness of Your Information Security Program

Training Options

  •   Duration: 90 Minutes  
  • Recorded Access recorded version only for one participant; unlimited viewing for 6 months ( Access information will be emailed 24 hours after the completion of live webinar)
    Price: US$289.00
  • Refund Policy

Overview:

Without the ability to assess its effectiveness, the best information security program becomes a mere token effort. The purpose of information security auditing is to review whether your information security program achieves the objectives you have set yourself as an organization. Auditing is not about policing or assigning blame, but instead all about identifying weaknesses and opportunities as part of a process of continual improvement.

This webinar recaps on the core elements of information security like risk management and the CIA triad (confidentiality, integrity, availability) along with relevant standards and regulations, in particular ISO/IEC 27001:2013. We discuss the scope of your information security program and how that impacts the auditing activities. This leads directly to the discussion of different audit techniques like sampling, testing, analyzing and interviewing. Having laid the foundation, the webinar will look at different kinds of audits, how they differ and at the same time complement each other. Finally, we will take a look at accredited certification, which is quickly becoming the dominant and most respected form of assurance that your information security program is effective.

Why should you attend: We are all well aware of the countless information security incidents that have made headlines world-wide in recent years: confidential data stolen, websites stalled by attacks, accidental change of data, faulty processes causing misrepresentation to name just a few. Aside from the immediate damage, such incidents cause tremendous reputational harm. In response, many organizations have established information security programs with the aim to avoid being caught out by similar events. Furthermore, in more and more areas proof of effective information security management is becoming a legal requirement or prerequisite to do business. So, how can an organization evaluate the effectiveness of their information security program? This webinar discusses different audit strategies on how to gain assurance that the information security program actually delivers and as such supports the strategic objectives of the organization.

Areas Covered in the Session:
  • Principles of Information Security Management
  • Applicable Standards and Regulations
  • Determining the Scope of Your Information Security Program and Respective Audits
  • Principles of Information Security Auditing
  • Self-Assessment Audits
  • Internal Audits
  • External Audits
  • Accredited Certification
  • Q&A

Who Will Benefit:
  • Chief Executive Officers
  • Chief Financial Officers
  • Chief Operation Officers
  • Chief Security Officers
  • Chief Information Officers
  • Risk Managers
  • Compliance Managers
Martin Holzke has been a freelance IT and Security Consultant for more than 20 years and is nowadays based in Scotland. Starting out in full life cycle systems development after studying Physics, he has worked with a broad range of technologies across virtually every industry as well as delivering technical training in the field across Europe and USA. Since the early days of the Sarbanes-Oxley Act of 2002, Martin has been involved in implementing and auditing information security programs. He is PECB Certified ISO/IEC 27001 Master, Lead Implementer, Lead Auditor and Trainer regularly teaching these subjects. More recently, he has also been appointed as ISMS Technical Assessor for the United Kingdom Accreditation Service (UKAS).


Related Webinars:

No Related Webinars Available

Back to Top