Information Security Management Education Program - Concept Document

Information Security Management

An Unique Management Program to Build the Information Security Managers of Tomorrow:

A Professional With the Right Blend of Technology and Business Management

Version 1.0

May 2012

Confidential & Proprietary

Preamble

• Information Security (IS) is the fastest growing

profession due to increasing cyber threats and risks

• Reports state 0% unemployment level in InfoSec

• Demand for IS professionals is across all industries

• Annual estimated demand: 30,000 IS professionals

• Presently IS skills are learned on-the-job; through

short term courses; self learning

• Formal IS education is provided by few institutions

• Course content does not prepare managers

Confidential & Proprietary

Few Educational / Professional Programs

PG / PGD Programs -

• IIIT, Allahabad

• IIIT, Dwarka

• Institutes of Forensic Science

• University of Madras

• SCIT, Pune

• Various Law Colleges

• Various IIT’s

Professional Certifications -

• ISO 27001 (Imp / LA)

• CISA

• CISSP

• CISM

• CRISC

• SANS

• CGEIT

• CBCP

• CEH

• CFA

• CCSP

• CHFI

• etc…...

Confidential & Proprietary

Shortcomings in Formal Education

• Syllabus is outdated by the time it is approved

• Courses are usually wholly technical in nature

• Most programs breakdown IS into Technical, Audit / Governance and Cyberlaws buckets

• Learning is by rote following same teaching patterns as is common across all disciplines

• After 2 years Masters or 1 year PGD student is not ‘deployment ready’ and desperately seeks internship

• Lawyer is expected to learn technology, Techie is taught law – both are not taught business !

Confidential & Proprietary

Shortcomings in Professional Programs

• Focus is only one skill area or certification

• Certification programs mostly operated by US based institutions

• No Indian industry body or institution has promoted any program or certification of repute

• Local certification and training programs are in the unorganized sector operated by individuals, training companies or Infosec consulting firms

• Some certification bodies provide training or fee based endorsement of InfoSec certifications

Confidential & Proprietary

Essentials of IS Education / Training

• Required Understanding– IT Infrastructure concepts

– Organization Functions (HR, Finance etc)

– Business Management

– Project Management

– Processes

• Technical Skills– Technology, Architecture, Software Development, network devices, Security

devices and technology solutions

• GRC, Audit, Law. Ethics– Risk Management, Audit, Governance, Compliance etc

– Legal and regulatory concepts, laws, standards, guidelines…

• Soft Skills– Presentation, public speaking, documentation, communication, negotiation ..

• And more…

Confidential & Proprietary

The Information Security role is evolving

into a holistic techno-commercial

business manager who is hands-on in

managing IT infrastructure and

technology issues and can capably

translate this knowledge making it easy

for the business units to understand and

accept proposed changes

With the changes envisaged in the future and the increasing importance of the CISO, it is

necessary to equip the student with all round skills and knowledge to hold his / her own in

the professional domain. We present our the objectives on which we plan to build the

program along with a brief proposed plan of action.

Confidential & Proprietary

Our Objective

• Impart value based education to professionals in preparation of the role of a CISO in any organization

• Provide practical skill and knowledge based learning

• Use real life or lab based situations / scenarios

• Course will cover Information Security, IT, Business, current events

• Program will help develop maturity in thought and leadership skills

• Skill development will include soft skills like presentation / public speaking, documentation, writing, using productivity tools

• Mentor candidates to be ready for deployment

Confidential & Proprietary

Our Proposal

• Develop the course curriculum

• Design the lab architecture and setup

• Identify vendors and deploy hardware / software

• Deliver the education / training program

• Simultaneously identify and train alternate trainer(s)

• Deploy program operations as per plan

• Implement mentoring and placement assistance

• Require support for infrastructure and funding

Confidential & Proprietary

Differentiators

We are experienced

Information Security

professionals and practitioners.

The proposed program has

been conceived based on our

knowledge of weaknesses in

the various IS education,

training and certification

programs operating in India.

This is our USP and the goal is

to help build a quality InfoSec

management workforce that

will effectively fill the gap in

national requirements.

Confidential & Proprietary

A Few Differentiators

• College Lab and Facility designed to be a Center of Excellence for Information Security Management

• Lab to provide practice simulations setup

• Partnership with OEM manufacturers of security hardware and solutions for labs, trial versions

• Partnership with employer organizations, consulting firms for field trips and internships

• Opportunities to participate and work on live consulting projects, research projects and studies

• Author white papers, participate and present in industry conferences

Confidential & Proprietary

More Differentiators

• Visiting Guest Interactions with industry leaders -CISOs, CxO’s, foreign experts, government experts

• Candidates will be mentored to seek global

professional certifications during the program like

CISA, CISSP, SANS, CEH, LPT etc.

• Career growth planning and support

• Mock audits and assignments

• Pro bono assignments for government

• … and more…

Confidential & Proprietary

With the education and

training provided to our

students their superior

knowledge and skills will be

evident to employers within a

short span of time.

Our students

will be the

future leaders in

Information

Security domain

in the country

Confidential & Proprietary

Team Expertise and Experience

• Team comprises experienced and certified

Information Security experts / professionals

• Industry recognized team from diverse domains like

Forensics, Network Security, Audit, IS Management

etc.

• Members may be presently working with public /

private / government / law enforcement sector

• Certifications like CISA, CISM, Cyber Law, CEH etc.

• Courseware is developed by subject matter experts

Confidential & Proprietary

• We develop education, training and

awareness programs customized to

client / audience requirements

• Courseware development is done

for delivery in class, via e-learning or

static presentations

• Courseware is developed and peer

reviewed by subject matter experts

• CISOs, IS Managers, Individuals

contribute in development and

review of the program

Confidential & Proprietary

• The OSA team comprises

experienced and certified

Information Security experts and

practicing professionals

• Industry recognized team members

from diverse specialty domains like

Forensics, Network Security, Audit, IS

Management. Process etc.

• Team members have certifications

like CISA, CISM, Cyber Law, CEH etc.

Confidential & Proprietary

We are an organization passionate about Information Security in the country and we go about doing our own bit to raise awareness. We collaborate with enthusiasts, security organizations, institutions, non-profit and government bodies to further the cause of InfoSec.

Reach us…

… Via email

[email protected]

… Via Phone

+91.9769890505

© Open Security Alliance