The objective of the course is to provide a comprehensive but necessarily high level overview of Information Assurance and how it is addressed within HMG organisations and commercial supply chain companies. It will provide delegates with an initial understanding of the basic concepts and language of Information Assurance so that they can subsequently work directly in this complex field or work indirectly with security professionals. This course contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level.
The course is related to other Information Assurance courses and provides the basis for the Information Assurance Risk Management for HMG and the Introduction to Accreditation courses. Where appropriate this course links to aspects covered in both of those courses, such as how risk management can be conducted and the possible role in that process of an Accreditor.
The course objectives are:
This course is aimed at those in government organisations or commercial companies with little or no previous knowledge of cyber security. Ideally delegates should have some understanding of wider business risk management and of security in general. It is designed to teach the fundamentals of Information Assurance for HMG and is intended to provide sufficient understanding of the subject to enable delegates to progress to other aspects of security.
The course will benefit:
Support for CESG Certified Professional
This course contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level:
Security and Information Risk Advisor, IA Auditor, Accreditor, IT Security Officer, Security Architect, Penetration Tester, Communications Security roles.
The course supports CCP Level 1: Awareness (understands the skill and its application). It provides skills against the following competencies used in the CCP assessment process:
A1: Governance, A2: Policy and Standards, A6: Legal and Regulatory Environment, B1: Risk Assessment, B2: Risk Management, D1: IA Methodologies.
IISP Skills Alignment
This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.
Continuous Professional Development (CPD)
CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).
At the end of this course you will be able to understand:
The course is 1 day and is divided into 4 modules:
Module 1 – What is Information Assurance?
To include: the terminology used, the major components, the drivers for it, its relevance to all government and commercial organisations and how it is managed.
Module 2 – What are the Risks of Doing Business?
To include: the nature of the risk, who the threats are and what type of attack is likely.
Module 3 – What is Information Risk Management?
To include: the components of risk, risk management concepts, information risk management, governance.
Module 4 – Where can I get help with Information Assurance?
To include: sources of HMG policy and commercial guidance, where to get advice, sources of information and where to get specialist support.