Practical Network Security: Course Overview


The Quest for Better Metrics

Despite organisations having managed their information risks and security controls for decades, most still struggle with the related measurements, begging big questions about the nature of that ‘management’. It could be argued that the lack of appropriate metrics is partly, perhaps largely responsible for the ongoing stream of information security incidents, privacy breaches, ransomware attacks and the like, plus the shortages of skilled cybersecurity professionals. The quest for better metrics – and professionals who truly understand this stuff – is becoming ever more urgent as the profession matures and expectations rise.

Light on mathematics, statistics and theory, the course provides a wealth of practical tips and techniques, giving you the tools and the confidence to make real progress on this challenging topic. The course emphasises real-world challenges, situations and applications for the tools and techniques, with exercises to try-out new techniques in a safe environment.

This 2-day course moves rapidly through the basics to cover advanced topics likely to be of interest to experienced professionals in senior roles. Although the course directly addresses measurement challenges in information risk and security management, the tools and techniques are more broadly applicable making the learning equally valuable for other metrics used elsewhere in the business. It covers but extends well beyond the technical/cybersecurity metrics typically used at an operational level e.g. in network security.

Tailoring to Your Situation 

When it comes to metrics, there is no off-the-shelf list of ‘good practice’ metrics you can simply adopt. Numerous example metrics are discussed during the course to illustrate the pros and cons of various measurement, analysis and reporting approaches. They serve to demonstrate and practice the tools and techniques you will use to craft a custom suite of information security measures for your organisation given its unique business situation and goals, information risks, security controls, maturity level and compliance obligations. Rather than supplying an ill-fitting uncomfortable off-the peg suit(e) of generic metrics, this course teaches you the tailoring skills you need to shine.