Course in Information Security Management - Advanced

Bucharest 09 December 2019 - 10 December 2019

Trainer: Theodor Adam, Victor Rotaru, Florin Andrei și Larisa Găbudeanu

Details

In this course, we propose discussing the main aspects of information security and to present to the audience useful methods for identifying and approaching risks, for defining, implementing and monitoring control measures that can prevent incidents and that can ensure a good level of security for the activities performed.

The increase in the complexity and the diversity of the security threats determines us not only to permanently adjust incident preventive measures, but also to drastically change the manner in which we think about security and about risks within and outside the business environment.

We are constantly in the situation to take decisions. In the majority of cases there is no similar precedent to be used because of the incredible dynamics with which new types of threats appear in our field of activity on a daily basis.

The evolution of technology and the increase in the mobility of users leads to difficulty in distinguishing between the professional and personal life. In this respect, it is necessary to take actions that take into account both perspectives: professional and personal, without affecting their independence. There is a change in paradigm taking place in terms of information security and we should have a holistic approach to efficiently protecting the business, organisation and employees.

This course presents the best practices in the field and is aligned with the ASF Norm no. 4/2018 and with European legislation in terms of data protection (GDPR), with concepts mentioned also in the “Operational Risk Management – Information Technology Risk”.

Target group

Employees in positions related to management of operational risk and information security in the financial services sector
Data Protection Officers (DPO)
Managers in the information security and operational IT fields
Managers from the financial services industry, especially from IT, Finance, Risk, Compliance, Operations, Legal departments
Individuals seeking a career path towards the respective fields (IT, Informational Risk, Operational Risk)

Level of expertise necessary for participating in the program:

University degree in technical or economic domains
General knowledge about management
Minimum 2 years experience in the above positions or (alternatively) completion of the introductory module

Course objectives

Understanding the purpose and the objectives of information security in the organisation and in the current legal context.
Gaining knowledge about management of information security through risk management.
Integration of data protection requirements into the information security model.
Gaining knowledge about a strong methodology for continuous implementation and optimisation of the concepts presented in this group.

Subjects

Topic

Introduction to information security
Approach for information security management through risk management
Using Six Sigma (method with immediate applicability) for implementing a system for management of information security (ISMS)
Techniques and practices used in information security for ensuring an efficient management of operational risk
Implementing the technical requirements for information security based on the legal obligations concerning data protection
Communication and expectation management
Human factor
Conclusions
Questions and answers
Examination

Teaching method

Flipchart, projector/TV set for presentations, flipchart and printed training manual. Topics are illustrated with examples and students interactions.

Bibliography included in the training material.

Trainer

Victor Rotaru - IT and DPO expert, with a vast experience in information security management and operational management, having an international and multicultural exposure in international banking groups, as well as teaching experience with IBR (Romanian Banking Institute) and ISF (Financial Studies Institute)

Larisa Găbudeanu – data protection specialist, with a vast experience as a lawyer in an international law firm, counselling international clients and coordinating projects related to baking, IT law and data protection . In addition, she has good knowledge about information security and risk management gathered in a banking regional group and from her specialized education (in addition to graduating the Law Faculty, Larisa also graduated from the Informatics Faculty at the University in Bucharest and is currently finalizing the Information Security Master with the Faculty of Cybernetics).

Theodor Adam – graduated from the Faculty of Electronics and Telecommunications (UPB, 1995) and Academic Postgraduate Management Studies (UPB, 2002), worked in the IT, Financial and Legal Services industries (as an engineer for IBM, IT Director for NN Romania and for Kinstellar). He has a 24 years experience in IT and 19 years in management, taught technical trainings on behalf of IBM Romania and led IT organizations in NN and Kinstellar. Experienced with application development management processes, infrastructure, business continuity and disaster recovery, strategic planning, management by objectives, project management, IT operations.

Florin Andrei – Information Security specialist, with broad experience and exposure in the field. He has fulfilled multiple roles spanning from helpdesk officer and network administrator to information security officer, risk and physical security officer as well as coordination roles for risk management and IT security activities. National and international exposure within various companies and fields such as outsourcing, insurance and IT Security services.

Duration / Period

The program will last for 12 hours and will take place in October 14th and 15th , 2019 between 09:00-15:00.

Investment

The necessary investment for participating to this program is of 550 lei + VAT/person. It includes written course support, coffe break, lunch and participation cerificate.