Security - From Risk to Treatment

Information is the lifeblood of the organisation; consequently data and information security cannot be decoupled from your network security - and together they are business critical to your organisation.

Increasingly, security is important to individuals - your customers, suppliers, employees - seeking assurances of privacy and anonymity, and to both governments and commercial organisations seeking assurances of legitimacy, accuracy, and control.

This one-day intensive workshop delivers a pragmatic framework for risk management that keeps up to date with standards, best practice and compliance whilst making sure that the focus remains squarely on your business or service objectives.

Topics will include:

The CIA (and N) of security
Risk: don't let assessments stop you!
So many standards. A route map though the numbers
Balancing the technology with the human vulnerabilities in information security
Practical templates to keep you applied and focused

What are the benefits of attending?

Leave with a comprehensive understanding of security in the context of your business/service.
Receive a copy of The National Computing Centre's standard 'Policy Tree'.
Find opportunities for quick wins to make immediate improvements to security.
Grasp a security framework that has the future in its sights.
Receive NCC's Best Practice Guide: Information Security Management.

Who should attend?

Delegates from organisations who would like a more formal approach to risk management that integrates business values with the more headline grabbing IT risks such as viruses and hackers.

Delegates from organisations who need to develop business-led security policies or who need to benchmark current policies with best practice.

About the course leader

Daniel Dresner, the National Computing Centre's information assurance analyst, delivers The National Computing Centre's information systems risk management research programme. A national expert on standards implementation, Daniel contributes to IT standards nationally (including IT Service Continuity and Software Quality/TickIT), across Europe (source code escrow), and through the International Standards Organisation (user documentation). He brought The National Computing Centre/DTI Towards Software Excellence scheme on- line, and wrote The National Computing Centre's definitive and pragmatic guide to ISO/IEC 27001/27002/BS 7799. Daniel is a trained facilitator and the technical authority for The National Computing Centre's assessment service for the e-Government Interoperability Framework (e- GIF).

Daniel also advises The National Computing Centre members on information assurance, security and business continuity, often working from The National Computing Centre's own policy template. His experience covers central government, construction and the financial sector. Daniel is an active member of the Manchester Business Continuity Forum. His recent research with the University of Manchester where he is a visiting lecturer in Computer Security has lead to a method for detecting the human vulnerabilities in network security.