Each session will start at 10:15 and run for two hours.
Information is critical to most of the functions of an education organisation, whether for teaching, research, administration, employment or funding. The effective operation of all those functions depends on reliably accurate information being available when it is needed by those who are authorised to see it, and is not disclosed to those who are not authorised to see it.
This course takes a broad view of risks to these aspects – accuracy, availability and confidentiality – of information security. We examine the origin of these risks in behaviours, processes, physical, technical and environmental factors; and consider how policies can be used to mitigate and manage the risks.
This course is led by Andrew Cormack, chief regulatory adviser, Jisc technologies.
- Share good practice and learn from others from within academic networking
- Share best practice from the sector
- Targeted assignments let you apply your knowledge to your organisation
- No travel, attend from your own desk!
- Advice on how to assess risks and choose appropriate treatments
- One year of online support following the course
The sessions will involve presentations, audio and interactive chat both as a whole class and in break-out groups.
During the sessions you will have plenty of opportunities for discussions and communication with your peers. We encourage participation and hope that you will feel able to share your experiences and examples of good practice with the group.
The session will be run in Adobe Connect. In order to access the session you will require a web browser running Adobe Flash, and a headset or headphones and a microphone.
Who should attend
The course is intended for staff who will be developing or implementing systems, processes or policies affecting information security.
Delegates should have an awareness of risks to information and how these could affect their organisations.
What we cover
- Recognising risks
- Analysing risks
- Treating risks
- From risks to policies
- Managing information security
- Policies and the organisation
On completion of this online course, delegates will be able to:
- Describe the different sources of risk to information security
- Explain the different ways that risks can harm information security
- Describe the impact of user perception on information security
- Analyse, and give examples of, the different components of risk
- Propose and assess different ways of treating risks
- Use different approaches to identifying risks
- Identify which risks are a priority for treatment
- Understand the advantages and disadvantages of using standard security policy frameworks (e.g. ISO27001, UCISA toolkit)
- Use risk assessment as a basis for organisational policies that reduce risks
- Explain the need for policies to be part of an information security management system (ISMS)
- Explain the plan/do/check/act model of an ISMS
- Identify relevant feedback mechanisms to improve policies and the ISMS
- Explain the usefulness of an information security forum
- Analyse the criticality of a system and select appropriate risk mitigation
Pricing and eligibility
- Jisc institutional members: £200 + VAT1
- Other organisations - £350 + VAT
- 1 If, in addition to paying a subscription, your institution has opted to become a Jisc institutional member, then - as part of our VAT-exempt cost sharing group - you will not be charged VAT on your course fee. For more information visit our VAT-exempt cost sharing group page: https://www.jisc.ac.uk/about/vat-cost-sharing-group
For more information, email firstname.lastname@example.org or phone 01235 822242.