Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Security Management Education Program - Concept Document


Published on

Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.

Published in: Education
  • Be the first to comment

Information Security Management Education Program - Concept Document

  1. 1. Information Security Management An Unique Management Program to Build the Information Security Managers of Tomorrow: A Professional With the Right Blend of Technology and Business Management Version 1.0 May 2012
  2. 2. Preamble• Information Security (IS) is the fastest growing profession due to increasing cyber threats and risks• Reports state 0% unemployment level in InfoSec• Demand for IS professionals is across all industries• Annual estimated demand: 30,000 IS professionals• Presently IS skills are learned on-the-job; through short term courses; self learning• Formal IS education is provided by few institutions• Course content does not prepare managersConfidential & Proprietary
  3. 3. Few Educational / Professional ProgramsPG / PGD Programs - Professional Certifications -• IIIT, Allahabad • ISO 27001 (Imp / LA)• IIIT, Dwarka • CISA • CBCP• Institutes of Forensic • CISSP • CEH Science • CISM • CFA• University of Madras • CRISC • CCSP• SCIT, Pune• Various Law Colleges • SANS • CHFI• Various IIT’s • CGEIT • etc…...Confidential & Proprietary
  4. 4. Shortcomings in Formal Education• Syllabus is outdated by the time it is approved• Courses are usually wholly technical in nature• Most programs breakdown IS into Technical, Audit / Governance and Cyberlaws buckets• Learning is by rote following same teaching patterns as is common across all disciplines• After 2 years Masters or 1 year PGD student is not ‘deployment ready’ and desperately seeks internship• Lawyer is expected to learn technology, Techie is taught law – both are not taught business !Confidential & Proprietary
  5. 5. Shortcomings in Professional Programs• Focus is only one skill area or certification• Certification programs mostly operated by US based institutions• No Indian industry body or institution has promoted any program or certification of repute• Local certification and training programs are in the unorganized sector operated by individuals, training companies or Infosec consulting firms• Some certification bodies provide training or fee based endorsement of InfoSec certificationsConfidential & Proprietary
  6. 6. Essentials of IS Education / Training• Required Understanding – IT Infrastructure concepts – Organization Functions (HR, Finance etc) – Business Management – Project Management – Processes• Technical Skills – Technology, Architecture, Software Development, network devices, Security devices and technology solutions• GRC, Audit, Law. Ethics – Risk Management, Audit, Governance, Compliance etc – Legal and regulatory concepts, laws, standards, guidelines…• Soft Skills – Presentation, public speaking, documentation, communication, negotiation ..• And more…Confidential & Proprietary
  7. 7. The Information Security role is evolving into a holistic techno-commercial business manager who is hands-on in managing IT infrastructure and technology issues and can capably translate this knowledge making it easy for the business units to understand and accept proposed changesWith the changes envisaged in the future and the increasing importance of the CISO, it isnecessary to equip the student with all round skills and knowledge to hold his / her own inthe professional domain. We present our the objectives on which we plan to build theprogram along with a brief proposed plan of action. Confidential & Proprietary
  8. 8. Our Objective• Impart value based education to professionals in preparation of the role of a CISO in any organization• Provide practical skill and knowledge based learning• Use real life or lab based situations / scenarios• Course will cover Information Security, IT, Business, current events• Program will help develop maturity in thought and leadership skills• Skill development will include soft skills like presentation / public speaking, documentation, writing, using productivity tools• Mentor candidates to be ready for deploymentConfidential & Proprietary
  9. 9. Our Proposal• Develop the course curriculum• Design the lab architecture and setup• Identify vendors and deploy hardware / software• Deliver the education / training program• Simultaneously identify and train alternate trainer(s)• Deploy program operations as per plan• Implement mentoring and placement assistance• Require support for infrastructure and fundingConfidential & Proprietary
  10. 10. We are experienced Information Security professionals and practitioners. The proposed program has been conceived based on our knowledge of weaknesses in the various IS education, training and certification programs operating in India. This is our USP and the goal is to help build a quality InfoSec management workforce that will effectively fill the gap in national requirements. DifferentiatorsConfidential & Proprietary
  11. 11. A Few Differentiators• College Lab and Facility designed to be a Center of Excellence for Information Security Management• Lab to provide practice simulations setup• Partnership with OEM manufacturers of security hardware and solutions for labs, trial versions• Partnership with employer organizations, consulting firms for field trips and internships• Opportunities to participate and work on live consulting projects, research projects and studies• Author white papers, participate and present in industry conferencesConfidential & Proprietary
  12. 12. More Differentiators• Visiting Guest Interactions with industry leaders - CISOs, CxO’s, foreign experts, government experts• Candidates will be mentored to seek global professional certifications during the program like CISA, CISSP, SANS, CEH, LPT etc.• Career growth planning and support• Mock audits and assignments• Pro bono assignments for government• … and more…Confidential & Proprietary
  13. 13. Our students will be the future leaders in Information Security domain in the country With the education and training provided to our students their superior knowledge and skills will be evident to employers within a short span of time.Confidential & Proprietary
  14. 14. Team Expertise and Experience• Team comprises experienced and certified Information Security experts / professionals• Industry recognized team from diverse domains like Forensics, Network Security, Audit, IS Management etc.• Members may be presently working with public / private / government / law enforcement sector• Certifications like CISA, CISM, Cyber Law, CEH etc.• Courseware is developed by subject matter expertsConfidential & Proprietary
  15. 15. • We develop education, training and awareness programs customized to client / audience requirements• Courseware development is done for delivery in class, via e-learning or static presentations• Courseware is developed and peer reviewed by subject matter experts• CISOs, IS Managers, Individuals contribute in development and review of the programConfidential & Proprietary
  16. 16. • The OSA team comprises experienced and certified Information Security experts and practicing professionals• Industry recognized team members from diverse specialty domains like Forensics, Network Security, Audit, IS Management. Process etc.• Team members have certifications like CISA, CISM, Cyber Law, CEH etc.Confidential & Proprietary
  17. 17. We are an organization passionate aboutInformation Security in the country and we goabout doing our own bit to raise awareness. Wecollaborate with enthusiasts, securityorganizations, institutions, non-profit andgovernment bodies to further the cause ofInfoSec.Reach us…… Via email… Via Phone +91.9769890505© Open Security AllianceConfidential & Proprietary