Detailed Seminar Outlines |
| |
SEC01E (S33) Introduction to Information Technology (IT) Security: the Management and Technology of Cyber Protection
Expert advice, program design, content and instruction for security courses given by the Communications Security Establishment (CSE).
Language(s)
English and French
Description
As more information migrates from traditional forms to electronic format and as electronic service delivery becomes a practical reality, both government institutions and Canadian citizens are increasingly dependent upon IT systems. Widespread internetworking, especially over the Internet, offers inestimable advantages for information sharing, rapid communication and inexpensive service delivery to meet important business needs of government and other client constituencies.
At the same time, however, the growing reliance upon IT systems and networks introduces significant vulnerabilities, opening sensitive assets, like personal information, and critical services to a variety of threats with potentially serious consequences.
To address these concerns, both program and project managers should have a sound knowledge of IT security principles and practices that will enable them to develop and implement cost-effective solutions for safe and sound service delivery. To that end, this course provides a broad overview of:
- the threats to IT systems and information assets;
- legal and policy obligations for safeguarding IT assets;
- the elements of a comprehensive IT security program, including -
- fundamental principles of security,
- basic approaches to risk management, especially the threat and risk assessment (TRA),
- a flexible governance framework for important roles and responsibilities,
- essential management processes, such as certification and accreditation,
- the application of traditional personnel and physical security to IT systems,
- an array of technical controls to meet varied operational requirements, and
- incident detection, response and reporting procedures.
Benefits and learning outcomes
This course will provide students with:
- a clear understanding of security risk management in an IT environment,
- a broad awareness of threats to IT systems and the appropriate solutions to achieve business objectives,
- a common vocabulary to communicate security issues and concerns more precisely,
- a solid foundation to pursue more specialized IT security training, and
- an array of references and support mechanisms to help address IT security issues.
Prerequisites
none
Target audience
Program and project management staff, IT professionals, systems administrators, system architects and IT procurement officers.
Instructor
John F. Clayton
John Clayton joined the Royal Canadian Air Force in 1963. After graduating from the Royal Military College, he trained as a computer programmer and systems analyst.
Four years later, he transferred to the Security Branch, where he served in a variety of security, counterintelligence and policing positions across Canada. In his last assignment, he was the Departmental Automated Data Processing (ADP) Security Authority at National Defense Headquarters.
Since leaving the Canadian Forces in 1989, he has worked with five departments or agencies in the Public Service: the Ministry of the Solicitor General, the Department of Foreign Affairs and International Trade, Public Works and Government Services Canada, the Treasury Board Secretariat and the Communications Security Establishment. During this time, he has performed varied functions as a Policy Analyst, Project Security Director, Departmental COMSEC Authority and Departmental Security Officer.
Schedule
1 day
| English |
|
| Not available |
|
| French |
|
| Not available |
|
| |
|
Times
8:30 am to 4:30 pm
Location
Place du Portage, Phase III
Tower B - 1E
11 Laurier Street
Gatineau, Quebec
Room 811 - English
Room 812 - French
Cost
$450
|
