IT Information Security Management Principles, 28 February - 02 March 2016 Dubai UAE

IT INFORMATION SECURITY MANAGEMENT PRINCIPLESIT 28 FEBRUARY - 02 MARCH 2016SERIES RADISSON BLU DUBAI DEIRA CREEK UNITED ARAB EMIRATESCOURSE OVERVIEW YOUR INTERNATIONAL COURSE FACILITATORWith the rapid growth & development of the internet, organizations are takingadvantage of the new opportunities available. Likewise, unscrupulous individuals are Dr Mark T. Edmeadalso exploiting the situation to collect & steal data from companies & their customers. CISSP, CISA, COBIT, Lean IT, DevOpsBInformation security is therefore critical for today's modern business models.Organizations must be prepared to take crucial steps to strengthen their IT IT Transformationalinfrastructure from both internal & external threats. Consultant MTE AdvisorsOrganizations must look to develop a security network that enhances businessoperations while improving its security position. Successful security architecture Mark T. Edmead is a successful technology entrepreneurcombines a mix of the latest policies & practices, technology, and a robust awareness with over 28 years of practical experience in computerprogram. systems architecture, information security, and project management.This 4 day intensive training workshop addresses the latest concerns on ITinfrastructure and security. Participants will develop key skills and core competencies Mark excels in managing the tight-deadlines and everthat will allow them to meet the ever-changing security demands of the 21st century. changing tasks related to mission-critical project schedules. He has extensive knowledge in IT security, IT“Security in IT is like locking your house or car and application audits, Internal Audit, IT governance,– it doesn't stop the bad guys, but if it's good including Sarbanes-Oxley, FDIC/FFIEC, and GLBAenough they may move on to an easier target.” compliance auditing. - Paul Herbka Dr. Edmead understands all aspects of information security and protection including access controls,BENEFITS OF ATTENDING cryptography, security management practices, network and Internet security, computer security law and Course Participants will: investigations, and physical security. • Master the tools & techniques for effective information & network security. He has trained Fortune 500 and Fortune 1000 companies • Discover how to create a complete & sustainable IT security architecture. in the areas of information, system, and Internet security. • Gain knowledge on how to develop sound security policy together with your He has worked with many international firms, and has the unique ability to explain very technical concepts in security architecture. simple-to-understand terms. Mr. Edmead is a sought after author and lecturer for information security and • Learn how to perform smart security risk assessment within your organization. information technology topics. • Learn how to perform an IT governance assessment using CoBIT 5.0. • Gain valuable insights on implementing a proactive & robust security management Mark works as an information security and regulatory compliance consultant. He has: system. • Conducted internal IT audits in the areas of critical • Learn how to detect & prevent information security breaches due to inadequate IT infrastructure/ systems and applications, security awareness within the organization. • Assessed and tested internal controls of criticalEXCLUSIVE: PRE COURSE QUESTIONNAIRE & TAKEAWAYS infrastructure platform systems (Windows, UNIX, IIS, SQL,1. An extensive IT Security Architecture Questionnaire that will help you Oracle) evaluate your organization’s security position. • Assessed and tested internal controls of various critical2. Online access to course materials, case studies and other related items of the training seminar. financial applications.3. Take with you templates and worksheets to aid you in applying and putting • Prepared risk assessments and determined risks to into practice what you have learned from this workshop. critical financial data systems and infrastructure4. FREE CoBIT 5.0 IT Governance Assessment Evaluation Spreadsheet components. • Created test plans & processes and executed test plans. • Conducted reviews of existing systems and applications, ensuring appropriate security, management and data integrity via control processes. • Prepared written reports to all levels of management • Participated in audit review panel sessions to address results, conclusions and follow-up actions required.Tel: +6016 3326360 Fax: +603 9205 7788 [email protected] 1

COURSE WHY THIS EVENT CONTENT The aim of this interactive workshop is to provideDAY1 IT SECURITY - CONCEPTS & PRINCIPLES you with the skills critical to developing your IT Security Architecture & Policies. We will cover the main concepts, principles, structures, and standards After attending this workshop, you will leave used to design, monitor, and secure operating systems, equipment, fully armed with the knowledge needed to networks, applications and those controls used to enforce various levels design and maintain a strong & secure IT of confidentiality, availability, and integrity. infrastructure. The combination of interactive presentations, Laying the foundation hands-on exercises and open discussion groups - The relationship between people, process and technology along with real case studies, ensures you will - The information security triad: confidentiality, integrity and availability obtain maximum value from attending. - Concepts of security management - Creating policies, standards, guidelines and procedures COVERAGE - Promoting security awareness IT Security Concepts & Principles Protecting our assets Roles & Responsibilities - Where attacks come from Security Awareness - Protecting from internal attacks Layered Security approach - Protecting from external attacks Security Policy Implementation - Threats and vulnerabilities overview Risk & Vulnerability Assessment Threat Identification Security Architecture Basics Penetration testing - Security as a design goal IT Network & System Security - Security models IT Security Architecture - Authentication methods Security Design & Maintenance - Authorization Security Control Frameworks - Models for access control ISO 27001 Security Standard Laws & regulations The Objectives of Security - The active defense approach to security WHO SHOULD ATTEND - Using the Defense in Depth concept - Layered approach including perimeter security, network security, host Vice Presidents, Directors, General Managers based security, and human awareness Chief Information Officers Chief Security OfficersDAY2 ESTABLISHING YOUR SECURITY POLICY Chief Information Security Officers Chief Technology Officers We will discusses the value of the information and what we need to do to Heads of Departments in Information Security protect it. Effective security architecture begins with the establishment of Management Information Systems, IT a security policy. Organizations should also perform a risk assessment in Infrastructure, IT Architecture, Network order to better understand the important areas in their security Operations, IT Operations, IT Data Center, architecture. DataBase Management, IT Deployment IT Business Enterprise, IT Risk Management, Developing a Security Policy IT Quality Assurance, IT Audit, Risk Management, - The overall “plan of attack/defense” Internal Audit, Business Continuity Planning - Declaration of intent - Characteristics of a good policy - Policy examples Objectives of Risk Management - Benefits of performing a risk assessment - Prioritizing vulnerabilities and threats - Identifying the risk impact and determine acceptable risks - Creating a risk matrix The value of information - Why you need to classify levels of information - Managing data at rest and in transit - Understanding data access controls - The value of knowing where your data resides Basic security threats and principles - Vulnerabilities, threats and countermeasures - Hacker probing and attack - LAN, WAN, and wireless network technologies and protocols 2

DAY3 THREAT, RISK & VULNERABILITY Latest TESTIMONIALS ASSESSMENT 1 “Session well organized. The trainer is very We will discuss the vulnerabilities, threats, and risks to the system and conversant with the subject matter. Well delivered network environment. We will also discuss practical application of risk and would definitely recommend to anyone else.” assessment to an organization, how to conduct an assessment, and how to use this information to improve the security posture. - Habil Mutende, Manager Information Security & Change Management, Central Bank of Kenya Vulnerability and Penetration testing - Why performing vulnerability and penetration testing is important 2 “Excellent presentation, excellent attitude to - Tools and techniques used in penetration testing answer our questions & to share his experience.” - Review of sample penetration testing report - How to correct problems identified in the vulnerability and penetration - Senior Manager, IT Department, Deloitte testing report 3 “The programme is good for IT professionals... Protecting the network [who] would like to setup ISO function or improve - Firewalls and other perimeter security devices ISO.” - G. Ramgopal, Head IT Security, Bank Muscat Oman - Intrusion detection systems - Using a scanner to discover vulnerabilities 4 “I have used Mark in key roles with high visibility - Understanding network management tools clients. Without hesitation I would highly recommend Mark for any and all IT audit Hardening Operating Systems engagements. His professionalism, deep - Unused user accounts knowledge, and results oriented work style are - Excessive rights and permissions deeply valued by not only myself, but more - Service packs and hotfixes importantly by the all those who are lucky enough to use his services.” - Russ Aebig, Director at Artesient The importance of the Business Continuity and Disaster Recover Plans - Introduction to BCP/DRP 5 “We have used Mark Edmead on several projects in - Conducting the Business Impact Assessment (BIA) the past few years including SOX readiness for - Review of the BCP/DRP process publicly traded companies and IT vulnerability - Establishing data recover options assessments for major financial institutions. He always delivers professional and detail-orientedDAY4 DESIGNING & MAINTAINING YOUR workpapers on-time and within budget. Mark is SECURITY ARCHITECTURE highly recommended and we will continue to use him on other projects.” - Brenda Piazza, Director at CBIZ MHM Day Four wraps up the course by providing a guideline on how to design, create, and maintain a strong security architecture. This includes a COURSE SCHEDULE discussion on best IT Governance practices. We will also discuss how to make sure your technology infrastructure aligns with your security (and 8.00 Registration & Coffee/Tea business) objectives. 8.30 Workshop commences 10.10 - 10.30 Morning coffee/tea Implementing a proactive security management system 12.00 - 13.00 Lunch - Justifying the cost of security 14.40 - 15.00 Afternoon coffee/tea - Aligning your technology infrastructure to business objectives 16.00 End of day - How to continually strengthen your security posture Understanding the various security control frameworks - COBIT 5 – Governance and Management of IT Enterprise - ISO 270xx Security Standards - The NIST Standards Developing and implementing a successful governance strategy - The Balanced Scorecard and IT Governance - Governance of outsourcing - Managing risks and IT Governance - Best practices for implementing continuous improvement concepts and principles Understanding Strategic Alignment - Enterprise mission, objectives, and values - Drivers and trigger points - Benefits realization, risk optimization, and resource optimization - Business objectives and goals alignment to facilitate IT governance 3

IT INFORMATION REGISTRATION FORMSECURITYMANAGEMENT Fax: +603 9205 7788PRINCIPLES Tel: +603 9205 777228 FEB - 02 MAR 2016 Mobile: +6016 3326 360RADISSON BLU Email: [email protected] DEIRA CREEKUNITED ARAB EMIRATESDELEGATES IN-HOUSE TRAINING1 Name : 360 BSI is passionate about providing strategic IT programs Name on tag: and high potential training solutions across the region to build Job Title : personal competencies and organizational capability. Email : Mobile : You will receive practical training from a professionally qualified educator with over twenty years of teaching and2 Name : training experience. Name on tag: Job Title : Please feel free to mix-and-match topics from the areas listed Email : below to get the right training content for your staff. Other Mobile : topics may be available upon request.3 Name : OTHER RELATED PUBLIC COURSES Name on tag: Job Title : IT Governance & Leadership Email : Document Management & Retention Mobile : Business Continuity and Disaster Recovery Planning Preparing for the CISSP examAUTHORIZATION Fraud Control & the COSO 2013 Framework IT Risk Management(This form is invalid without a signature) Project Management for IT ProfessionalsName : Hotel Contact Details:Job Title : For Room Reservation, contact for 360BSI corporate rates. Telephone: 00971 4 2057105 Fax: 00971 4 2234698Email : E-mail: [email protected] : ( ) Radisson BLU Hotel, Dubai Deira Creek Baniyas Road, P.O. Box 476, Dubai, UAEOrganization : General Information:Address : 1 Registrations close ONE (1) week before the training dates.Signature : Date: / / 2 The fees cover lunch, tea breaks, materials and certificate. 3 Official confirmation will be sent, once registration has been received. 4 Participants will need to arrange their own accommodation. 5 Attire: Smart Casual Cancellations/Substitutions Substitutions are welcome at any time. Please notify us at least 2 working days prior to the event. All cancellations will carry a 10% cancellation fee, once a registration form is received. All cancellations must be in writing by fax or email at least 2 weeks before the event date. Cancellations with less than 2 weeks prior to the event date carry a 100% liability. However, course materials will still be couriered to you. Thank you for your registration!FEES PAYMENT DETAILS USD 3,395 per delegate Payment is required within 5 days upon receipt of the invoice. 15% discount - Special for Group of 3 Bank transfer: The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable 360 BSI MIDDLE EAST LIMITED the client has to ensure that the taxes are paid on top of the investment fee paid for the course. Abu Dhabi Commercial Bank Compliance with the local tax laws is the responsibility of the client. Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E* Save up to 50% for In-house Training program Account No: 10065721319001 Swift No: ADCBAEAAXXX IBAN No: AE780030010065721319001 All payments must be received prior to the event date© 360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. 4

Event Code Type 360 BSI Training Calendar 2016 DATE - 2016 VENUEKK-TE-DOH-46 General 13 - 14 Dec 2015 Doha COURSE TITLE Effective Technical Report Writing KK-TE-KL-41 General Effective Technical Report Writing 13 - 14 Jan 2016 Kuala LumpurKK-TE-JAK-42 General Effective Technical Report Writing 18 - 19 Jan 2016 JakartaKK-TE-DOH-47 General Effective Technical Report Writing 21 - 22 Feb 2016 Doha SV-IT-KL-22 IT Business Continuity & Disaster Recovery Planning 23 - 25 Feb 2016 Kuala LumpurSV-IT-DUB-21 IT IT Information Security Management Principles 28 Feb - 02 Mar 2016 DubaiKK-MN-DUB-129 IT Document & Information Management, Security, 06 - 09 Mar 2016 Dubai Retention & ArchivingSV-SS-DUB-102 Safety BBS: Safety & Leadership 06 - 08 Mar 2016 DubaiSV-SS-DUB-103 Safety Root Cause Analysis 09 - 10 Mar 2016 DubaiKK-MN-KL-117/118 General Negotiating Sales Success & Customer Loyalty 07 - 10 March 2016 Kuala LumpurKK-MN-KL-119/120 General Effective Communication, Presentation Skills & 07 - 10 March 2016 Kuala Lumpur Report WritingKK-MN-DUB-121/122 General Negotiating Sales Success & Customer Loyalty 13 - 16 March 2016 DubaiKK-MN-DUB-123/124 General Effective Communication, Presentation Skills & 13 - 16 March 2016 Dubai Report Writing KK-MN-SIN-130 04 - 07 Apr 2016 Singapore KK-MN-DUB-131 IT Document & Information Management, Security, 10 - 12 Apr 2016 Dubai Retention & Archiving Management Green Supply Chain Management SV-FI-KL-11/12 Finance Fraud Control & The COSO 2013 Framework: Improving To be confirmed 2016 Kuala Lumpur Internal Controls and Organizational EffectivenessSV-MN-DUB-131 HRSV-MN-DUB-132 HR Effective Performance Management To be confirmed 2016 Dubai Preventing Workplace Bullying To be confirmed 2016 DubaiSV-FI-DUB-9/10 Finance Fraud Control & The COSO 2013 Framework: Improving To be confirmed 2016 Dubai SV-IT-DUB-19 IT Internal Controls and Organizational Effectiveness SV-SS-DUB-96 Safety SV-SS-DUB-97 Safety Project Management for IT Professionals (23 PDUs) To be confirmed 2016 Dubai Dubai SV-IT-DUB-20 IT Visible Safety Leadership To be confirmed 2016 Dubai Quality, Behavior & the Bottom Line: The Human Side of To be confirmed 2016 Dubai Quality Improvement IT Governance: Governance & Management of To be confirmed 2016 Enterprise IT Other Training Courses by Affiliated Training Partners Technical Advanced Shutdown / Turnaround / Outage (STO) Dubai Management Kuala Lumpur Security Advanced Certificate in Security Management Dubai Security Advanced Certificate in Professional Investigation & Covert Surveillance Dubai Dubai Security Advanced Certificate in Field Incident Command Dubai Dubai Management CSR Strategy & Value-creation Masterclass Dubai HR Training ROI Masterclass Management Effective and Efficient Warehouse Operations Finance Effective Collection & Recovery StrategiesContact Kris at [email protected] to register or for further details. Tel: +60 16 3326 360