Without the ability to assess its effectiveness, the best information security program becomes a mere token effort. The purpose of information security auditing is to review whether your information security program achieves the objectives you have set yourself as an organization. Auditing is not about policing or assigning blame, but instead all about identifying weaknesses and opportunities as part of a process of continual improvement.
This webinar recaps on the core elements of information security like risk management and the CIA triad (confidentiality, integrity, availability) along with relevant standards and regulations, in particular ISO/IEC 27001:2013.
We discuss the scope of your information security program and how that impacts the auditing activities. This leads directly to the discussion of different audit techniques like sampling, testing, analyzing and interviewing.
Having laid the foundation, the webinar will look at different kinds of audits, how they differ and at the same time complement each other.
Finally, we will take a look at accredited certification, which is quickly becoming the dominant and most respected form of assurance that your information security program is effective.
Why should you attend: We are all well aware of the countless information security incidents that have made headlines world-wide in recent years: confidential data stolen, websites stalled by attacks, accidental change of data, faulty processes causing misrepresentation to name just a few. Aside from the immediate damage, such incidents cause tremendous reputational harm.
In response, many organizations have established information security programs with the aim to avoid being caught out by similar events.
Furthermore, in more and more areas proof of effective information security management is becoming a legal requirement or prerequisite to do business.
So, how can an organization evaluate the effectiveness of their information security program?
This webinar discusses different audit strategies on how to gain assurance that the information security program actually delivers and as such supports the strategic objectives of the organization.
Areas Covered in the Session:
- Principles of Information Security Management
- Applicable Standards and Regulations
- Determining the Scope of Your Information Security Program and Respective Audits
- Principles of Information Security Auditing
- Self-Assessment Audits
- Internal Audits
- External Audits
- Accredited Certification
Who Will Benefit:
- Chief Executive Officers
- Chief Financial Officers
- Chief Operation Officers
- Chief Security Officers
- Chief Information Officers
- Risk Managers
- Compliance Managers