Course Information
Cybersecurity Framework
Course Description
Since 2014 a large number of industries and special interest groups have created cybersecurity standards. All of these standard frameworks have been designed with a series of risk mitigating controls that are to be integrated into back off technology processes and front office business practices. Unfortunately to date all standard frameworks have failed to include a management system that would allow organizations to provide oversight including governance, risk management, internal audit, compliance management, continual improvement, communications, vulnerability management, incident management, awareness training, asset management, and continual management monitoring. Participants attending this course are going to leave with the skills necessary to initiate, plan, execute and control the adoption and integration of their own cybersecurity management system.
Course Objectives
Upon completion of this course, participants will be able to:
• Understand the principles and risk management of cybersecurity
• Facilitate the adoption and integration of a cybersecurity management program
• Adopt best practices in their cybersecurity program internal audit
1. Understanding the Principles and Practices of Cybersecurity Governance
• cybersecurity program scope statement
• cybersecurity strategic and tactical business plans
• cybersecurity committee terms of reference
• chief cybersecurity officer roles and responsibilities
2. Defining the Cybersecurity Risk Management Process and Components
• cybersecurity program risk management
• cybersecurity program risk management policy
• cybersecurity program legal registry
• cybersecurity program risk assessment procedure
• cybersecurity program risk treatment plan
• cybersecurity program statement of applicability
3. Assessing Opportunities for Continual Improvement of your Cybersecurity program
• continual improvement process
• corrective actions plans
• preventive actions plans
• continual improvement roadmap
4. Defining and Exploring the Fundamental Components of a Cybersecurity Internal Audit Program
• Cybersecurity Internal Audit Program
• Cybersecurity Internal Audit Process
• Cybersecurity Internal Audit Plan
• Cybersecurity Internal Audit Control Effectiveness
• Cybersecurity Internal Audit Security Testing
5. Developing a Cyber Program Communications Plan
• cybersecurity program strategic and tactical communication plan
6. Defining and Developing a Cybersecurity Training and Awareness Program
• cybersecurity program awareness and training plan
• conducting cybersecurity skills management
7. Exploring Cyber Program Document and Records Management
• cybersecurity program document and record registry
• cybersecurity program document and record retention policy
Instructors
Mary Siero (CISSP, CISM, CRISC) is Senior Instructor for MISTI. She is an executive level Information Technology Consultant and the President of Innovative IT, a leading North Carolina based information technology consulting firm that specializes in IT operational, compliance and security consulting. Ms. Siero’s career includes ten years in healthcare as a Chief Information Officer and five years in the gaming industry as Vice President of IT Operations, both heavily regulated industries. She has over 40 years’ experience in engineering and technology from industries such as Healthcare, Government, Education, Gaming and Hospitality, Consumer Products, and Manufacturing. Ms. Siero is active in the information system security community and has provided testimony on the record for the State of Nevada Information Technology Board regarding The Current and Future Cyber Threat. She routinely presents at national conferences on information technology topics; holds several professional IT security certifications including CISSP, CISM and CRISC; and is the author of Safeguarding Your Organizations Data: A Call to Action. She is a Charter Member of the FBI Citizen’s Academy Alumni Association in Las Vegas, and is a member in good standing of the International Information Systems Security Certification Consortium (ISC)2, the Information Systems Security Association (ISSA), , the Information Systems Audit and Control Association (ISACA), and the North Carolina Technology Association She is a graduate of the University of Detroit with a Master’s Degree in Polymer Chemistry and a graduate of Michigan State University where she obtained her Bachelor’s Degree in Chemistry.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.