Information about http://www.nccmembership.co.uk/SITE/UPLOAD/DOCUMENT/Information_Security_Adviser_DGD07.pdf
Information security: The…
Tags: attitude, centre limited, cia, circumstances, e mail, information assets, information security, intensive workshop, m1, mail info, national computing centre, ncc, objective, organisations, oxford house, oxford road, risk management, security risk, security support, staff training,Pages: 2
Language: english
Created: Fri Jul 4 06:09:19 2008
Display cached document
Page 1
Page 2
Information security: The National Computing Centre Limited
Oxford House, Oxford Road, Manchester M1 7ED
the people element Tel: +44 (0)161 228 6333 Fax +44 (0)161 242 2499
e-mail: info@ncc.co.uk http://www.ncc.co.uk
The National Computing Centre runs a unique information security support programme that balances the
people, technology and processes that protect your information assets. Our objective is to weave a web of
commitment amongst your staff based on understanding the issues and practical actions.
The programme can be taken as a whole or in parts. It can also be customised to your circumstances.
_____________________________________________________________________________________
We can tailor the briefing to incorporate any
Understanding the specific risks that you face.
Issues series Security risk to treatment seminar
A 1-day, intensive workshop delivering a
IS/IT risk seminar pragmatic framework for risk management...
For organisations starting out on the security Navigating standards, best practice and
journey... The ½ day seminar can kick start compliance
the appropriate attitude to a new IS/IT Risk The CIA (and N) of security
programme or be tailored to support other staff
training programmes: Risk: don't let assessments stop you!
Balancing the technology with the human
What are the key issues? vulnerabilities in information security.
What tools can help?
What happens? A `soup to nuts' workshop,
Best practice techniques applying the lessons of ISO/IEC 27001 (BS
Assessing risks and how to treat them 7799) and related standards. Useful whether
How to deal with inevitable security certification is sought or not. Practical action
incidents and assure business continuity. templates to keep you applied and focused.
Interactive awareness briefings Benefits of attending?
Insiders are likely to be the main source of Leave with a comprehensive
security breaches. Configure your human understanding of security in the context of
firewall with this unique ½ day briefing that your business/service
covers: Find opportunities for quick wins to make
immediate improvements to security
Business/service continuity
Grasp a security framework that has the
Data sharing future in its sights
Information as an asset Receive NCC's Best Practice Guide:
Internet Information Security Management and get
Policies a copy of The National Computing
Reducing risk of ID theft (like Phishing) Centre's standard 'Policy Tree'.
Regulation Needed if . . .
SCADA You need to develop business-led security
Taking responsibility - not being a human policies
vulnerability You need to benchmark current policies
Threats and impacts of loss and leakage with best practice
Where to go for help You would like a more formal approach to
What happens? Short sessions for up to 25 risk management that integrates business
participants provide an opportunity to get values with the more headline grabbing IT
involved. A pre-session questionnaire gets risks such as viruses and hackers.
staff in the mood and a post-session `crib-
sheet' of reminders takes the message
System security planning course
onwards. Each session includes a live A 3-day MSc level course covering system
assessment of the people .v. technology and security from acquisition to disposal with:
process status of your information risk culture. The need for information assurance
Introduction to standards
Information security management Customise the series of security
Risk management workshops
Vulnerabilities Ensure that your human vulnerability
Solutions and countermeasures 'radar' is configured correctly
Active security Lay foundations for successful cross-
business initiatives.
Business continuity.
What happens? Learning is assessed by the real work workshops
evaluation of a system security management
plan written for a selected case study (to be Workshop Identifying and assessing risk
submitted one month after completing the - Straight forward discovery and prioritisation
course). Delegates submitting an assignment of the risks to your business or service
earning over 60% will receive a National objectives.
Computing Centre Certificate in Information
Workshop Treating risk - A pragmatic
Security Management.
approach to managing the risks to your
Needed if you want to . . . objectives.
Understand how to define system security Workshop Security policies - Applying the
requirements National Computing Centre's 'Policy Tree'.
Be able to prioritise requirements
Match requirements to solutions and Workshop Policy writing - Use an NCC
countermeasures commensurate with the analyst to support your policy writing. We're
associated risks always careful to offer drafting and support and
Understand the correlation of business not take away ownership. We want you to
processes to technology in relation to have policies which the owners are able to
security requirements maintain.
Be familiar with the relevant industry
security standards and regulation, and Workshop Awareness and
their application. implementation - Worthwhile running in
parallel with workshops to to encourage
programme momentum and develop 'local
Practical Action series champions'.
Learning has to be followed by practical action for Ongoing support
maximum effect. These are in-house activities that
launch or advance your security agenda. Beyond the real work workshops we can
continue to support you in policy reviews and
We recommend that we tailor our materials to external monitoring of progress in embedding the
incorporate the specific risks you face and any right information security culture.
policies and standards you have already adopted.
On-site risk sampling and
benchmarking To benefit from this practical programme
or to obtain more information, contact:
We recommend visiting 2 or 3 of your sites/offices
to get to know you. Contact with the different Danny Dresner M.Inst.ISP
departments across your organisation becomes in National Computing Centre
itself a programme of security awareness. Oxford House, Oxford Road
Manchester, M1 7ED
Constructive policy formulation workshop(s) will
deliver the new policies you need to roll out (or mailto:daniel.dresner@ncc.co.uk
endorse those already adopted) and . . . DD 0161 242 2352
Break the perception that `security is an IT T 0161 228 6333
problem' F 0161 242 2499
Deliver an outline risk assessment report M 07703 501167
An audit of current security arrangements
W www.ncc.co.uk
Shape the upcoming awareness
programme
information security adviser dgd07.doc