ISACA’s COBIT^® 5 framework provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. COBIT 5 for Information Security builds on the COBIT 5 framework in that it focusses on information security and provides more detailed and more practical guidance for information security professionals and other interested parties at all levels of the enterprise.

This course provides introductory and practical coverage of all aspects of COBIT 5 for Information Security, including its components, enablers and implementation guidance. Using relevant scenarios or case studies, the course will highlight how COBIT 5 for Information Security can be used in parts or holistically in a simple and pragmatic way. The course will also cover a high level overview of how COBIT 5 for Information Security can be leveraged to implement or improve an Information Security Management System (ISMS), compliant with ISO/IEC 27001 requirements. Chief Information Security Officers (CISOs), Information Security Managers (ISMs) and other information security professionals who are interested in realigning their Information Security function and / or initiatives will benefit from this course.

Gain a detailed understanding of COBIT 5 for Information Security framework

Familiarise with COBIT 5 framework and its components
Understand the differences between information security governance and management of information security.
Develop the knowledge and skills required to advise organisations on best practices in management of information security
Acquire the necessary expertise to support an organisation in implementing, managing and improving an Information Security program
Familiarise the concepts, approaches and guidance required in an effective management of an Information Security Management System (ISMS)
Understand components of COBIT 5 for Information Security guidance that can be leveraged for an ISMS implementation

This course is designed for anyone responsible for realigning the Information Security function in their organisation and for InfoSec initiatives more broadly. Typically this will include:

Chief Information Security Officers (CISOs),
Information Security Managers (ISMs)
Other Information Security professionals
Anyone with a direct or overview responsibility for Information Security

Session 1: Introduction to COBIT 5 for Information Security

Overview of COBIT 5 framework
Detailed overview of COBIT 5 for Information Security, and its components
Information Security governance vs Information Security management
An Information Security program: the COBIT 5 for Information Security way
Why should you choose COBIT 5 for Information Security

Session 2: Detailed understanding of COBIT 5 enablers for implementing information security

Principles, policies and frameworks
Processes
Organisational structures
Culture, ethics and behaviour
Information
Services, infrastructure and applications
People, skills and competencies

Session 3: (Re)-Aligning your information security initiatives using COBIT 5 for Information Security

Critical success factors of a successful Information Security program
Information Security program challenges
Assessing your Information Security needs
Enabling change using a life cycle approach
(Re)-Aligning your Information Security initiatives

Session 4: Implementing or improving an Information Security Management System (ISMS) using COBIT 5 for Information Security

Overview of ISMS (based on ISO/IEC 27001:2005 requirements)
Strengths and weaknesses of ISO 270xx series of standards and guidelines
Identifying an ISMS’ components that doesn’t work
Applying COBIT 5 for Information Security guidance to implement / improve an ISMS

Prerequisites:</h3

A basic knowledge of ISACA’s COBIT 5 or COBIT 4.1 frameworks is recommended.

Exams:

There are no exams associated with this course

Course

Fees A$ per person

COBIT® 5 for Information Security
$550 + gst

[Course_Fee]+ GST

[Course_Duration] day

[Book_Now_Button] [Enquiry_Button]

F1 – Security Strategy and Planning

This module provides participants with a comprehensive understanding of how the SABSA framework delivers successful security strategy and architecture. Through a series of innovative presentations, case studies and workshops, you will develop the skills to use the most proven security architecture design and management processes and find out how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organisation.

The top ten competencies developed on this course are:

Define enterprise security architecture, its role, objectives and benefits
Describe the SABSA model, architecture matrix, service management matrix and terminology
Describe SABSA principles, framework, approach and lifecycle
Use business goals and objectives to engineer information security requirements
Create a business attributes taxonomy
Apply key architectural defence-in-depth concepts
Explain security engineering principles, methods and techniques
Use an architected approach to design an integrated compliance framework
Describe and design appropriate policy architecture
Define security architecture value proposition, measures and metrics

F2 – Security Service Management and Design

This module leverages the strategy defined in Foundation Module One to create the roadmap to design, deliver and support a set of consistent and high-quality security services.

Covering the good practice lifecycle, participants will find out how to design, deliver and support a comprehensive security services architecture that integrates fully and seamlessly with their existing IT management and business infrastructure and practices.

The top ten competencies developed on this course are:

- Use SABSA to create an holistic framework to align and integrate standards
- Describe roles, responsibilities, decision-making and organisational structure
- Explain the integration of SABSA into a service management environment
- Define Security Services
- Describe the placement of security services within ICT Infrastructure
- Create a SABSA Trust Model
- Describe and model security associations intra-domain and inter-domain
- Explain temporal factors in security and sequence security services
- Determine an appropriate start-up approach for SABSA Architecture
- Apply SABSA Foundation level competencies to your own environment

CIO / CISO / CRO / CIRO
IT Strategists and Planners
IT Architects
IT Development Managers and Project Leaders
Software Managers and Architects
Computer / Information Security Managers, Advisors, Consultants & Practitioners
IT Line Managers
IT Service Delivery Managers
Risk Managers
Internal and External Auditors

SABSA Key Points

SABSA is used extensively by global business and governments around the world.

SABSA provides a world-leading approach to the development and deployment of solutions to manage cyber risk, assurance and security in a globally accelerating digital business environment.
Since the launch of the SABSA certification program in 2007, InfoSec professionals in 43 countries have obtained SABSA Certification
Top-tier banks around the globe have adopted SABSA for their security architecture framework
Major Government departments – particularly those concerned with defence, security and law enforcement – have adopted SABSA
The SABSA Institute and The Open Group have announced collaboration in the development of the next generation TOGAF. This joint development puts SABSA Business Attributes Profiling (BAP) at the heart of the TOGAF Architecture Development Method (ADM) for requirements management – not just for security, but also for all aspects of business requirements definition.

COBIT 5 for Information Security: Course Overview

COBIT 5 for Information Security: Learning Outcomes

Gain a detailed understanding of COBIT 5 for Information Security framework

COBIT 5 for Information Security: Who Should Attend

This course is designed for anyone responsible for realigning the Information Security function in their organisation and for InfoSec initiatives more broadly. Typically this will include:

COBIT 5 for Information Security: Course Contents

Session 1: Introduction to COBIT 5 for Information Security

Session 2: Detailed understanding of COBIT 5 enablers for implementing information security

Session 3: (Re)-Aligning your information security initiatives using COBIT 5 for Information Security

Session 4: Implementing or improving an Information Security Management System (ISMS) using COBIT 5 for Information Security

COBIT 5 for Information Security: Dates and Fees

COBIT 5 for Information Security: Exams and Stuff

Prerequisites:</h3

Exams:

COBIT 5 for Information Security: Sidebar Content

Course

Fees A$ per person

Customer Service Skills: Sidebar Content

Planning and Implementing ITIL: Sidebar Content

SABSA Foundation2: Sidebar Content

[Course_Fee]+ GST

[Course_Duration] day

SABSA Foundation2: Learning Outcomes

F1 – Security Strategy and Planning

The top ten competencies developed on this course are:

F2 – Security Service Management and Design

The top ten competencies developed on this course are:

SABSA Foundation2: Who Should Attend

SABSA Key Points