CYBERSECURITY

MANAGEMENT
PRINCIPLES

11 - 14 SEPTEMBER 2017
KUALA LUMPUR
MALAYSIA

17 - 20 SEPTEMBER 2017
IT DUBAI
SERIES UNITED ARAB EMIRATES

COURSE OVERVIEW YOUR INTERNATIONAL

In todays world and further into the digital future, all organizations small and large
and especially regulated industries face an ever-increasing number of
information-related security challenges and risks against a backdrop of increasing
national and global compliance, and audit standards and legislation.
Cybersecurity is the protection of data from theft and damage, business information,
peoples identities, and how all businesses can be better equipped to work more
safely in an increasingly online world where sensitive and personal information is
stored, shared, and communicated.
In addition, Cybercrimes are offences that are committed against individuals or
groups with a criminal motive to intentionally harm the reputation of the victim or
cause physical or mental harm or loss using modern telecommunication networks
such as Internet (chat rooms, emails, notice boards and groups) and mobile phones.
Confidence in the digital future is essential to the growth of all organizations. It
means being aware of cybersecurity risks, and understanding industry standards and
compliance requirements while embracing opportunities for growth; and being able
to assess which threats could affect your business goals and having the agility to
deal with them as they arise.
This course covers effective strategies, techniques, systems, polices, and procedures
to establish stronger cybersecurity and cybercrime controls, reduce operational risk,
and improve online working whilst covering international best practices, ISO
standards, compliance, audit, and industry regulations.
COURSE FACILITATOR
Dr Mark T. Edmead
CISSP, CISA, COBIT, Lean IT, TOGAF
IT Transformational
Consultant
MTE Advisors
Mark T. Edmead is a successful technology entrepreneur
with over 30 years of practical experience in computer
systems architecture, information security, and project
management.
Mark excels in managing the tight deadlines and ever
changing tasks related to mission-critical project
schedules. He has extensive knowledge in IT security, IT
and application audits, Internal Audit, IT governance,
including Sarbanes-Oxley, FDIC/FFIEC, and GLBA
compliance auditing.
Dr. Edmead understands all aspects of information
security and protection including access controls,
cryptography, security management practices, network
and Internet security, computer security law and
investigations, and physical security.

BENEFITS OF ATTENDING
Course Participants will:
Understand todays and tomorrows cybersecurity and cybercrime threats, issues,
and risks; how to set up policies, train users, create strategies, and implement
systems and tools to help protect data, information and peoples identities making
online working more secure
Manage the growing volume of confidential, sensitive business information and
data to protect, keep safe, and communicate securely against a backdrop of
increasing cyber threats, as well as privacy, legal, and compliance regulations
Develop strategies and ways of working to improve detection of cybersecurity
threats and improve information compliance
Understand the security-related international information compliance and
regulations, including industry specific standards
Expand the expertise of personnel involved in developing skills and knowledge in
the latest techniques, processes, and systems on cybersecurity
EXCLUSIVE:: PRE COURSE QUESTIONNAIRE & TAKEAWAYS
He has trained Fortune 500 and Fortune 1000 companies
in the areas of information, system, and Internet security.
He has worked with many international firms, and has the
unique ability to explain very technical concepts in
simple-to-understand terms. Mr. Edmead is a sought after
author and lecturer for information security and
information technology topics.
Mark works as an information security and regulatory
compliance consultant. He has:
Conducted internal IT audits in the areas of critical
infrastructure/ systems and applications,
Assessed and tested internal controls of critical
infrastructure platform systems (Windows, UNIX, IIS, SQL,
Oracle)
Assessed and tested internal controls of various critical
financial applications.
Prepared risk assessments and determined risks to
critical financial data systems and infrastructure
components.

1.. An
1 An ex
exte
extensive
tens
nsiv
ive
e IT S
Sec
Security
eccur
urit
ityy Ar
Arch
Architecture
chit
itec
ectu
ture
re Q
Que
Questionnaire
uest
stio
ionn
nnai
aire
re that
ttha
hatt will
will help
h
hel
elpp you
you
Created test plans & processes and executed test plans.
evaluate your organizatii tii security
organizations it position.
iti Conducted reviews of existing systems and
2. Online access to course materials, case studies and other related items of the applications, ensuring appropriate security, management
and data integrity via control processes.
training seminar.
3. Take with you templates and worksheets to aid you in applying and putting Prepared written reports to all levels of management
into practice what you have learned from this workshop.
Participated in audit review panel sessions to address
results, conclusions and follow-up actions required.

Tel: +6016 3326360 Fax: +603 9205 7788 kris@360bsigroup.com 1

 COURSE
CONTENT
DAY1 CYBERSECURITY - CONCEPTS &
PRINCIPLES
We will cover the main concepts, principles, structures, and standards
used to design, monitor, and secure operating systems, equipment,
networks, applications and those controls used to enforce various levels
of confidentiality, availability, and integrity.
WHY THIS EVENT
The aim of this interactive workshop is to provide
Laying the foundation you with the skills critical to developing your
- The relationship between people, process and technology Cyber Security Architecture & Policies.
- The information security triad: confidentiality, integrity and availability After attending this workshop, you will leave
- Concepts of security management fully armed with the knowledge needed to
- Creating policies, standards, guidelines and procedures design and maintain a strong & secure IT
- Promoting security awareness infrastructure.
Protecting our assets The combination of interactive presentations,
- Where attacks come from hands-on exercises and open discussion groups
- Protecting from internal attacks along with real case studies, ensures you will
- Protecting from external attacks obtain maximum value from attending.
- Threats and vulnerabilities overview

Security Architecture Basics COVERAGE

- Security as a design goal Cybersecurity Concepts & Principles
- Security models Roles & Responsibilities
- Authentication methods Security Awareness
- Authorization Layered Security approach
Security Policy Implementation
- Models for access control Risk & Vulnerability Assessment
Threat Identification
The Objectives of Security Penetration testing
- The active defense approach to security IT Network & System Security
- Using the Defense in Depth concept IT Security Architecture
- Layered approach including perimeter security, network security, host Security Design & Maintenance
based security, and human awareness Security Control Frameworks
ISO 27001 Security Standard
Laws & regulations

DAY2 ESTABLISHING YOUR SECURITY POLICY

We will discusses the value of the information and what we need to do to
protect it. Effective security architecture begins with the establishment of
a security policy. Organizations should also perform a risk assessment in
order to better understand the important areas in their security
architecture.

Developing a Security Policy

- The overall plan of attack/defense
- Declaration of intent
- Characteristics of a good policy
- Policy examples

Objectives of Risk Management

- Benefits of performing a risk assessment
- Prioritizing vulnerabilities and threats
- Identifying the risk impact and determine acceptable risks
- Creating a risk matrix

The value of information WHO SHOULD ATTEND

- Why you need to classify levels of information Vice Presidents, Directors, General Managers
- Managing data at rest and in transit Chief Information Officers
- Understanding data access controls Chief Security Officers
- The value of knowing where your data resides Chief Information Security Officers
Chief Technology Officers
Basic security threats and principles
- Vulnerabilities, threats and countermeasures Heads of Departments in Information Security
- Hacker probing and attack Management Information Systems, IT
- LAN, WAN, and wireless network technologies and protocols Infrastructure, IT Architecture, Network
Operations, IT Operations, IT Data Center,
DataBase Management, IT Deployment
IT Business Enterprise, IT Risk Management,
IT Quality Assurance, IT Audit, Risk Management,
Internal Audit, Business Continuity Planning

2
DAY3 THREAT, RISK & VULNERABILITY
ASSESSMENT
We will discuss the vulnerabilities, threats, and risks to the system and
network environment. We will also discuss practical application of risk
assessment to an organization, how to conduct an assessment, and how
to use this information to improve the security posture.
Latest TESTIMONIALS
Vulnerability and Penetration testing
- Why performing vulnerability and penetration testing is important 1 Session well organized. The trainer is very
- Tools and techniques used in penetration testing conversant with the subject matter. Well delivered
- Review of sample penetration testing report and would definitely recommend to anyone else.
- How to correct problems identified in the vulnerability and penetration - Habil Mutende, Manager Information Security & Change
testing report Management, Central Bank of Kenya

2 Excellent presentation, excellent attitude to

Protecting the network
- Firewalls and other perimeter security devices answer our questions & to share his experience.
- Senior Manager, IT Department, Deloitte
- Intrusion detection systems
- Using a scanner to discover vulnerabilities
3 The programme is good for IT professionals...
- Understanding network management tools
[who] would like to setup ISO function or improve
Hardening Operating Systems ISO. - G. Ramgopal, Head IT Security, Bank Muscat Oman
- Unused user accounts
4 I have used Mark in key roles with high visibility
- Excessive rights and permissions
- Service packs and hotfixes clients. Without hesitation I would highly
recommend Mark for any and all IT audit
The importance of the Business Continuity and Disaster Recover Plans engagements. His professionalism, deep
- Introduction to BCP/DRP knowledge, and results oriented work style are
- Conducting the Business Impact Assessment (BIA) deeply valued by not only myself, but more
- Review of the BCP/DRP process importantly by the all those who are lucky enough
- Establishing data recover options to use his services. - Russ Aebig, Director at Artesient

5 We have used Mark Edmead on several projects in

DAY4 DESIGNING & MAINTAINING YOUR
SECURITY ARCHITECTURE
Day Four wraps up the course by providing a guideline on how to design,
create, and maintain a strong security architecture. This includes a
discussion on best IT Governance practices. We will also discuss how to
make sure your technology infrastructure aligns with your security (and
business) objectives.
the past few years including SOX readiness for
publicly traded companies and IT vulnerability
assessments for major financial institutions. He
always delivers professional and detail-oriented
workpapers on-time and within budget. Mark is
highly recommended and we will continue to use
him on other projects. - Brenda Piazza, Director at CBIZ MHM

Implementing a proactive security management system

- Justifying the cost of security
- Aligning your technology infrastructure to business objectives
- How to continually strengthen your security posture

Understanding the various security control frameworks

- COBIT 5 Governance and Management of IT Enterprise
- ISO 270xx Security Standards
- The NIST Standards

Developing and implementing a successful governance strategy

- The Balanced Scorecard and IT Governance
- Governance of outsourcing
- Managing risks and IT Governance
- Best practices for implementing continuous improvement concepts and
principles
COURSE SCHEDULE
8.00 Registration & Coffee/Tea
Understanding Strategic Alignment 8.30 Workshop commences
- Enterprise mission, objectives, and values
10.10 - 10.30 Morning coffee/tea
- Drivers and trigger points
- Benefits realization, risk optimization, and resource optimization 12.00 - 13.00 Lunch
- Business objectives and goals alignment to facilitate IT governance 14.40 - 15.00 Afternoon coffee/tea
16.00 End of day

3
CYBERSECURITY
MANAGEMENT REGISTRATION FORM
PRINCIPLES
Fax: +603 9205 7788
Tel: +603 9205 7772
11 - 14 SEPTEMBER 2017 Mobile: +6016 3326 360
KUALA LUMPUR
17 - 20 SEPTEMBER 2017 Email: kris@360bsigroup.com
DUBAI

DELEGATES IN-HOUSE TRAINING

1 Name : 360 BSI is passionate about providing strategic IT programs
and high potential training solutions across the region to build
Name on tag : personal competencies and organizational capability.
Job Title : You will receive practical training from a professionally
qualified educator with over twenty years of teaching and
Email : training experience.
Mobile : Please feel free to mix-and-match topics from the areas listed
below to get the right training content for your staff. Other
2 Name : topics may be available upon request.
Name on tag :
OTHER RELATED PUBLIC COURSES
Job Title :
IT Governance & Leadership
Email : Document Management & Retention
Business Continuity and Disaster Recovery Planning
Mobile : Preparing for the CISSP exam
Fraud Control & the COSO 2013 Framework
3 Name :
IT Risk Management
Name on tag : Project Management for IT Professionals
Job Title :
Hotel Contact Details:
Email : Grand Millennium Kuala Lumpur
160 Jalan Bukit Bintang, 55100 Kuala Lumpur
Mobile : Tel: +60 3 2117 4899 Fax: +60 3 2142 1441
Radisson BLU Hotel, Dubai Deira Creek
AUTHORIZATION Baniyas Road, P.O. Box 476, Dubai, UAE
Tel: +971 4 2057105 Fax: +971 4 2234698
(This form is invalid without a signature)
General Information:
Name : 1 Registrations close ONE (1) week before the training dates.
2 The fees cover lunch, tea breaks, materials and certificate.
Job Title : 3 Official confirmation will be sent, once registration has been
Email : received.
4 Participants will need to arrange their own accommodation.
Tel : ( ) 5 Attire: Smart Casual
Cancellations/Substitutions
Organization :
Substitutions are welcome at any time. Please notify us at
Address : least 2 working days prior to the event. All cancellations will
carry a 10% cancellation fee, once a registration form is
received. All cancellations must be in writing by fax or email
at least 2 weeks before the event date. Cancellations with
less than 2 weeks prior to the event date carry a 100% liability.
However, course materials will still be couriered to you.
Signature : Date: / /
Thank you for your registration!
FEES & VENUES PAYMENT DETAILS
KUALA LUMPUR, MALAYSIA: 11 - 14 SEPTEMBER 2017 Payment is required within 5 days upon receipt of
the invoice.
DUBAI, UAE: 17 - 20 SEPTEMBER 2017
Bank transfer:
USD 3,395 per delegate 360 BSI MIDDLE EAST LIMITED
Abu Dhabi Commercial Bank
USD 8,685 - Group of 3 delegates Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E
USD 13,475 - Group of 5 delegates Account No: 10065721319001
The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable Swift No: ADCBAEAAXXX
the client has to ensure that the taxes are paid on top of the investment fee paid for the course.
Compliance with the local tax laws is the responsibility of the client. IBAN No: AE780030010065721319001
* Save up to 50% for In-house Training program All payments must be received prior to the event date

360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. 4