Managers associated with information systems have a legal responsibility for the security of those information systems deployed in their organizations. This includes protecting the confidentiality, integrity and appropriate availability of information processed by architected systems that make use of that information. The development of these architected systems must apply effective CM, software change control, and release management processes to establish a chain of security custody which gives accreditors justification to authorize operational release of reviewed systems. This four-day course provides a total systems perspective on incorporating security throughout the system lifecycle, from the initial phases of architecting systems through securing data-at-rest and data-in-transit to audits for performance evaluation. A risk-based, cost-benefit approach is presented for selecting controls to protect against identified threats. This approach is also applied for securing the infrastructural and contextual aspects of the architected system including policy guidance as well as behavioral and physical security considerations.
What you will learn:
The critical concepts of information security.
The security systems development life cycle, and gathering the right security requirements.
Information security responsibilities in an organization
The threats posed to information security and common attacks.
CM processes that establish a security chain of custody.
Key laws that shape the field of information security.
Integrating security into software release management.
Management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines.
A risk management, cost-benefit approach to fulfilling security responsibilities.
A survey of security controls to protect against both external and internal threats.
Implementation and change management of information security.
Who should attend:
- Federal government managers and project managers are personally responsible for the security of information system in their organization, governed by the statutes and Executive Branch policies
- Managers and project managers in publicly traded corporations are likewise personally responsible for information security are governed by the Sarbanes-Oxley Act.
- Staff who need to understand the NIST prepared guidelines for information security should attend this course.
- The critical concepts of information security.
- The security systems development life cycle, and gathering the right security requirements.
- Information security responsibilities in an organization
- The threats posed to information security and common attacks.
- CM processes that establish a security chain of custody.
- Key laws that shape the field of information security.
- Integrating security into software release management.
- Management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines.
- A risk management, cost-benefit approach to fulfilling security responsibilities.
- A survey of security controls to protect against both external and internal threats.
- Implementation and change management of information security.
REGISTRATION: There is no obligation or payment required to enter the Registration for an actively scheduled course. We understand that you may need approvals but please register as early as possible or contact us so we know of your interest in this course offering.
SCHEDULING: If this course is not on the current schedule of open enrollment courses and you are interested in attending this or another course as an open enrollment, please contact us at (410)956-8805 or firstname.lastname@example.org. Please indicate the course name, number of students who wish to participate. and a preferred time frame. ATI typically schedules open enrollment courses with a 3-5 month lead-time. To express your interest in an open enrollment course not on our current schedule, please email us at email@example.com.
Dr. George M. Ray Director of Research and Development, BGM Group. Adjunct Professor, CMSC & ENMG Faculty, UMBC. Adjunct Professor, CIS Faculty, Shepherd University . Chief Application Services, United States Judiciary (15 yrs) Senior Architectural Engineer, Microsoft. Dr. Ray has 39 years’ experience as an IT solution developer and Project Manager, including systems development experience with national and international financial institutions, various Federal Reserve Banks, Bureau of Public Debt, and NASDAQ; data warehouse development with national and regional health care providers.
Dr. Jeffrey S. Ray, PMP, CSEP, PE, Esq. CTO, BGM Group. Member of the Graduate Faculty, UMBC). Adjunct Professor, SMC University. Project Manager, Sr. Systems Engineer Northrop Grumman. Dr. Ray has 35 years of project and organizational management, and senior systems engineering experience that includes broad – based problem solving related to the structured acquisition of military and information technology systems. He teaches graduate-level courses in Management, Systems Engineering and Organizational Learning. He is an SME in the systems engineering process, systems architecting, requirements allocation and traceability, and functional analysis and decomposition fields.
Contact this instructor (please mention course name in the subject line)