information security management education program - concept document
Post on 19-Oct-2014
953 views
DESCRIPTION
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.TRANSCRIPT
Information Security Management
An Unique Management Program to Build the Information Security Managers of Tomorrow:
A Professional With the Right Blend of Technology and Business Management
Version 1.0
May 2012
Confidential & Proprietary
Preamble
• Information Security (IS) is the fastest growing
profession due to increasing cyber threats and risks
• Reports state 0% unemployment level in InfoSec
• Demand for IS professionals is across all industries
• Annual estimated demand: 30,000 IS professionals
• Presently IS skills are learned on-the-job; through
short term courses; self learning
• Formal IS education is provided by few institutions
• Course content does not prepare managers
Confidential & Proprietary
Few Educational / Professional Programs
PG / PGD Programs -
• IIIT, Allahabad
• IIIT, Dwarka
• Institutes of Forensic Science
• University of Madras
• SCIT, Pune
• Various Law Colleges
• Various IIT’s
Professional Certifications -
• ISO 27001 (Imp / LA)
• CISA
• CISSP
• CISM
• CRISC
• SANS
• CGEIT
• CBCP
• CEH
• CFA
• CCSP
• CHFI
• etc…...
Confidential & Proprietary
Shortcomings in Formal Education
• Syllabus is outdated by the time it is approved
• Courses are usually wholly technical in nature
• Most programs breakdown IS into Technical, Audit / Governance and Cyberlaws buckets
• Learning is by rote following same teaching patterns as is common across all disciplines
• After 2 years Masters or 1 year PGD student is not ‘deployment ready’ and desperately seeks internship
• Lawyer is expected to learn technology, Techie is taught law – both are not taught business !
Confidential & Proprietary
Shortcomings in Professional Programs
• Focus is only one skill area or certification
• Certification programs mostly operated by US based institutions
• No Indian industry body or institution has promoted any program or certification of repute
• Local certification and training programs are in the unorganized sector operated by individuals, training companies or Infosec consulting firms
• Some certification bodies provide training or fee based endorsement of InfoSec certifications
Confidential & Proprietary
Essentials of IS Education / Training
• Required Understanding– IT Infrastructure concepts
– Organization Functions (HR, Finance etc)
– Business Management
– Project Management
– Processes
• Technical Skills– Technology, Architecture, Software Development, network devices, Security
devices and technology solutions
• GRC, Audit, Law. Ethics– Risk Management, Audit, Governance, Compliance etc
– Legal and regulatory concepts, laws, standards, guidelines…
• Soft Skills– Presentation, public speaking, documentation, communication, negotiation ..
• And more…
Confidential & Proprietary
The Information Security role is evolving
into a holistic techno-commercial
business manager who is hands-on in
managing IT infrastructure and
technology issues and can capably
translate this knowledge making it easy
for the business units to understand and
accept proposed changes
With the changes envisaged in the future and the increasing importance of the CISO, it is
necessary to equip the student with all round skills and knowledge to hold his / her own in
the professional domain. We present our the objectives on which we plan to build the
program along with a brief proposed plan of action.
Confidential & Proprietary
Our Objective
• Impart value based education to professionals in preparation of the role of a CISO in any organization
• Provide practical skill and knowledge based learning
• Use real life or lab based situations / scenarios
• Course will cover Information Security, IT, Business, current events
• Program will help develop maturity in thought and leadership skills
• Skill development will include soft skills like presentation / public speaking, documentation, writing, using productivity tools
• Mentor candidates to be ready for deployment
Confidential & Proprietary
Our Proposal
• Develop the course curriculum
• Design the lab architecture and setup
• Identify vendors and deploy hardware / software
• Deliver the education / training program
• Simultaneously identify and train alternate trainer(s)
• Deploy program operations as per plan
• Implement mentoring and placement assistance
• Require support for infrastructure and funding
Confidential & Proprietary
Differentiators
We are experienced
Information Security
professionals and practitioners.
The proposed program has
been conceived based on our
knowledge of weaknesses in
the various IS education,
training and certification
programs operating in India.
This is our USP and the goal is
to help build a quality InfoSec
management workforce that
will effectively fill the gap in
national requirements.
Confidential & Proprietary
A Few Differentiators
• College Lab and Facility designed to be a Center of Excellence for Information Security Management
• Lab to provide practice simulations setup
• Partnership with OEM manufacturers of security hardware and solutions for labs, trial versions
• Partnership with employer organizations, consulting firms for field trips and internships
• Opportunities to participate and work on live consulting projects, research projects and studies
• Author white papers, participate and present in industry conferences
Confidential & Proprietary
More Differentiators
• Visiting Guest Interactions with industry leaders -CISOs, CxO’s, foreign experts, government experts
• Candidates will be mentored to seek global
professional certifications during the program like
CISA, CISSP, SANS, CEH, LPT etc.
• Career growth planning and support
• Mock audits and assignments
• Pro bono assignments for government
• … and more…
Confidential & Proprietary
With the education and
training provided to our
students their superior
knowledge and skills will be
evident to employers within a
short span of time.
Our students
will be the
future leaders in
Information
Security domain
in the country
Confidential & Proprietary
Team Expertise and Experience
• Team comprises experienced and certified
Information Security experts / professionals
• Industry recognized team from diverse domains like
Forensics, Network Security, Audit, IS Management
etc.
• Members may be presently working with public /
private / government / law enforcement sector
• Certifications like CISA, CISM, Cyber Law, CEH etc.
• Courseware is developed by subject matter experts
Confidential & Proprietary
• We develop education, training and
awareness programs customized to
client / audience requirements
• Courseware development is done
for delivery in class, via e-learning or
static presentations
• Courseware is developed and peer
reviewed by subject matter experts
• CISOs, IS Managers, Individuals
contribute in development and
review of the program
Confidential & Proprietary
• The OSA team comprises
experienced and certified
Information Security experts and
practicing professionals
• Industry recognized team members
from diverse specialty domains like
Forensics, Network Security, Audit, IS
Management. Process etc.
• Team members have certifications
like CISA, CISM, Cyber Law, CEH etc.
Confidential & Proprietary
We are an organization passionate about Information Security in the country and we go about doing our own bit to raise awareness. We collaborate with enthusiasts, security organizations, institutions, non-profit and government bodies to further the cause of InfoSec.
Reach us…
… Via email
… Via Phone
+91.9769890505
© Open Security Alliance