The core management activities of a modern information security leader includes the security governance process, the risk management process, the program management process and the incident management process.
This module will:
cover the job description of a typical CISO today and where the CISO fits within the organisation including reporting lines and responsibilities, skills and expertise;
talk about the typical challenges CISO’s face in their role;
address the design and implementation of an Information Security Strategy taking into account the assessment and handling of the relevant information security risks. Proper attention will be given to the application of the information security management system (ISMS) including proactive and reactive security incident management as well as tracking security leadership KPIs;
focus on the (self-)evaluation of the CISO.
Initial readings include the ISACA CISM body of knowledge, the ISO 27xxx security standards, the NIST Cybersecurity Framework, the ISACA Digital Trust approach, Hofstede cultural dimensions theory.
The case study involves the development of a new security strategy as well as the improvement of the current security organisation via a business case towards top management.
Learning Objectives
M1.1 – Learn how to develop and maintain Corporate added value of the Chief Information Security officer / Chief Security Officer
M1.2 – Learn how to develop the landscape of the Information Security Function in terms of Actors (Board, CEO, C XO, Internal clients, CIO, regulators, assurance providers; external suppliers serving the business, external suppliers supporting information security activities); Requirements, deliverables and maturity of those actors.
M1.3 – Learn how to develop department resources, skills, working methods, procedures.
M1.4 – Learn how to define KPI/ dashboard and periodicity of reporting
M1.5 Learn how to build and maintain a Governance model, Information Security management framework/system.
M1.6 – Learn how to define strategy, actions, activities, and programs/projects
Module Curriculum: FOUR CORE COMPONENTS OF MODULE 1: SECURITY LEADERSHIP
A/ THE ROLE OF THE CISO TODAY and TOMORROW
• Position (job description)
• Career path
o Towards CISO
o Next steps after CISO
• Skills (COBIT based)
o Planning & Strategy
o Executive stakeholder relations
o HR
o Finance
o Decision making
o Portfolio / Program / Project
o Vendor / Supplier
o Coach / Mentor / Sponsor
o Change enablement
o Innovation
B/ DESIGNING & IMPLEMENTING AN INFORMATION SECURITY STRATEGY (THURSDAY 23 MARCH 2023 - 14:00 – 18:00)
1. Build around high value assets (risk based)
2. Make people are central to the strategy (awareness)
3. Integrate security by design in any program/project
4. Implement a risk based approach on suppliers/vendors
5. Create highly effective lean security governance structures (including compliance)
C/ APPLYING THE INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) (FRIDAY 24 MARCH 2023 09:00 – 12:30 )
• Leadership Planning Support Operate Evaluate Improve
• Identify Protect Detect Respond Recover
D/ TRACKING INFORMATION SECURITY LEADERSHIP KPIs (FRIDAY 24 MARCH 2023 14:00 – 18:00 )
• Time management
• Security Budget
• Security Calendar
• Security Audits
CISO Packaging & Color Management at Danaher Corporation
Marc Vael will be the Topic Leader in charge of “Information Security Leadership” at the Executive Master in Cybersecurity Management.
Brussels, February 10, 2023. Professor Georges Ataya, Vice-President of the Belgian Cyber Security Coalition and academic Director, confirms the designation of Marc Vael as the Topic Leader for “Information Security Leadership (the CISO Fundamentals)”, a specific module delivered at Solvay Brussels School’s new Executive Master in Cybersecurity Management.
Marc is currently the Global Chief Information Security Officer at the Packaging & Color Management platform of Danaher comprising Esko, X-Rite and Pantone. Marc is currently also president of IT knowledge association SAI.BE. He has been International Vice-President at ISACA International, a research foundation, membership and certification organisation based in Chicago, Illinois, USA. Marc has achieved and is certified in good standing as CISM, CISSP, CRISC and Guberna Certified Director.
The Executive Master in Cybersecurity Management is part of the Digital Governance and Trust education series at the Brussels-based business school. Running since 2001, this postgraduate education evolved to the needs of digital professionals. After a two-year interruption, a renewed hybrid education method shall be launched on March 1, 2023.
“Combining monitored self-study, with in-person classes featuring senior European experts, and a case study in teams, will give a blended experience and an extensive knowledge base to our participants. Marc Vael is a reference in the leadership of digital trust with an extensive research activity at the leading research foundation ISACA”, commented Professor Ataya.
Karin Doguet, CEO of Solvay Lifelong Learning, reports that “this new education programme shall be leading the way for more hybrid education in the Lifelong Learning portfolio”.
For release 9.AM, February 10, 2023.
Participant from the 2024 Cohort
Participant from the 2024 Cohort
Participant from the 2024 Cohort
Digital Governance and Trust Academy
Avenue Louise - Louizalaan 500, 1050 Brussels, Brussels-Capital, Belgium
Copyright © 2024 Digital Governance and Trust Academy - All Rights Reserved.
Powered by GoDaddy