At a glance
View schedule & enroll Sorted by: location or date
Course number HL945S
Length 3 days
Delivery method Virtual Instructor-Led Training (VILT)
Instructor-led training (ILT)
Onsite dedicated training (OST)
Price USD $1,680
CAD $1,848
*Courses are supported in the delivery formats above, but are not necessarily scheduled in every delivery format listed. Please click the schedule links at the top of the page to see which delivery formats are currently scheduled.

Course overview

This 3-day course prepares you to look at your business through a information security lens, and to develop and implement a comprehensive information security strategy that will help your business to stay competitive. It covers key security concepts, providing real-world examples of how to implement security measures and risk mitigation methods in your organization.

Course description

Whether you are in management or have a technical role in security, this training is essential for the context you need to understand information security management including risk management, technical and management controls, legal framework, people and physical security, security standards (e.g. ISO 27001/2), business continuity and much more.

Accredited by multiple exam institutes, this training prepares you for the APMG-International ISO/IEC 27001 certification and Information Security Foundation based on ISO/IEC 27002 (ISFS) certification by EXIN. Also, attend the additional 2-day Information Security Essentials Plus (HL946S) and prepare to challenge the Certified Information Security Management Principles(CISMP) exam by BCS.

This course provides a stepping stone to more advanced certifications, either managerial or technical (such as CISSP, Security + and CCSK), and fits nicely with existing project management and service management programs.


  • A basic understanding of operating systems and networks
  • Some experience with managing networks is helpful but not required
  • Some experience in project management or organizational management may be helpful but not required


  • IT Managers or members of Information Security Management Teams
  • Security and Systems Managers
  • Anyone working towards an industry recognized certification such as ISO/IEC 27001, ISO/IEC 27002, CISMP, CISSP, Security+ or CCSK

Ways to save

Accredited Training

This course has been accredited by:

  • EXIN
  • APM Group Ltd (APMG)
  • BCS The Chartered Institute for IT

Next steps

  • Information Security Essentials Plus (HL946S) or
  • Information Security Risk Management and Business Continuity Planning (HL947S)
  • Information Security Governance and Policies (HL948S) – coming soon

Course outline

Module 1: Setting a Secure Foundation

  • Champion the business case for the importance of information security
  • Describe how security/IA can become a business advantage
  • Discuss information assurance maturity models
  • Identify relevant sources of compliance requirements: legislative, regulatory, client

Module 2: Defining Key Tenets of Information Security

  • Define information security and its key elements, Confidentiality, Integrity, and Availability
  • Map compliance requirements to securing information (CIA)
  • Differentiate between threats, vulnerabilities, and attacks
  • Apply definitions to an environment
  • Identify forms of threat
  • List common enterprise vulnerabilities
  • Describe what constitutes a security incident

Module 3: Managing Information Security in the Organization

  • Communicate the advantages of using an existing framework
  • Illustrate the security governance lifecycle
  • List the key roles, responsibilities, and interactions
  • Differentiate between policy, standard, procedure, and guideline
  • Distinguish what makes a good security policy
  • Describe the importance of communicating policies

Module 4: Introduction to IT Threats, Vulnerabilities, and Attacks

  • Describe vulnerabilities in client/server communication
  • Describe why large organizations are vulnerable
  • Identify physical, technical, and social forms of security threat
  • Identify and describe the most common attacks
  • Discuss common examples of social engineering

Module 5: Assessing Risk

  • Describe the role of risk management in information security and how the elements fit with the security governance lifecycle
  • Estimate your organization's risk appetite in various key areas and begin a plan to verify
  • Distinguish business impact analysis from risk assessment
  • Distinguish quantitative and qualitative risk analysis
  • Define vulnerability scanning
  • List sample tools for port scanning and other vulnerability scanning
  • Identify tool selection and comparison criteria
  • Develop a useful report of outcome of scanning

Module 6: Controlling Access

  • Describe the importance of access control in implementing information security
  • Demonstrate how authentication and authorization work together to provide access control
  • Outline why technical and physical controls for access are both important

Module 7: Selecting Controls

  • List common controls for each category of threat
  • List/categorize countermeasures by strategy
  • Discuss the importance of patch management
  • Categorize physical controls
  • Discuss technical countermeasures
  • Identify firewall positioning in network architecture and the DMZ network
  • List actions a firewall can take in response to types of traffic
  • Describe use of intrusion prevention systems
  • Describe how an IPS detects an attack
  • Compare types of IPS
  • Describe how virtual private networking supports security objectives
  • Describe how encryption aids security
  • Describe how encryption is performed
  • Distinguish between symmetric and asymmetric encryption
  • Describe the positioning of virus scanners

Module 8: Planning Security for Consumerization of IT and the Cloud

  • Describe the impact that the Consumerization of IT is having on IT
  • Discuss the threats and vulnerabilities in the mobile world
  • Summarize security interventions for mobile devices
  • Identify the risks of social media
  • Summarize controls for social media related threats
  • Describe the relationship between cloud computing and consumerization
  • Distinguish types of cloud based computing and services
  • Identify risks of different forms of cloud use
  • List controls for security in the cloud

Module 9: Business Continuity and Disaster Recovery Planning

  • Describe the importance of continuity planning
  • List conditions that make it necessary
  • Define continuity planning and terms
  • Describe the relationship with risk management
  • Identify elements of a business continuity plan
  • Compare and contrast BCP and DRP
  • Define key elements of service level agreements
  • Describe verification techniques for redundancy
  • Explain redundancy considerations

Module 10: Implementing Strategies for Security Success

  • Address some of the most overlooked threats in IT Security
  • List best practices in hiring and educating employees

HL945S - B.01