In this course, students will study the leading and practical approaches for Security Management and Security Operations at an enterprise.

The course comprises of two major components:

1. Aspects of Enterprise Security Management conducted primarily at the management level by the likes of a Chief Information Security Officer (CISO) including how it is orchestrated in an organization at various levels of the functional hierarchy in the business, in IT and within the security function; and how it is held together through an Information Security Management Systems (ISMS). Key aspects of Security Management would include:

(a) Strategic alignment with organization mission and business strategy,

(b) Integration with Business & IT processes, Development of management systems,

(c) Close cooperation and coordination with other enterprise stakeholder functions,

(d) Governance through a cross functional Security Council,

(e) Detailed tactical security metrics rolling up to business level risk metrics,

(f) Public/press relations.

2. Aspects of Integrated Security Operations conducted mostly at operational levels by the SecOps function usually under the CISO including how it is orchestrated in an organization at various levels of the functional hierarchy in the business, in IT and within the security function; and coming together at the Security Operations Center (SOC). Key aspects of Security Management would include:

(a) Asset lifecycle management including hardening & configuration management,

(b) Vulnerability assessment and Penetration Testing; Security logging and monitoring,

(c) Collation, correlation & event management,

(d) Security incident management and orchestration; Mitigation and auto-remediation,

(e) Breach response and Forensics; Recovery and rebuild; RCA (root cause analysis),

(f) SLAs (service level agreements); RTO & RPO (recovery time/point objective),

(g) Reporting and interaction with internal stakeholders (management and the Board), and external stakeholders (customers, shareholders, public, press and law enforcement),

(h) Integration with risk management/assessment and security awareness.

Students will learn about key aspects of Security Management through Information Security Management Systems (ISMS) and Security Operations through a Security Operations Center (SOC), and a Security Incident Response program, their implications for all domains of security, and further to all types of security roles in an average enterprise.

Students will understand how the strategic approach of Security Management through ISMS is complemented by a tactical capability built around Security Operations, and how the two programs orchestrate value together.

Students will learn about the key domains associated with Security Management and Security Operations, key technologies in vogue across enterprises globally, how these technologies integrate and collaborate for enterprise business protection.

Students will explore the Capability Maturity Model (CMM) for assessing Security Management and ISMS, and benchmarking practices across industry sectors using various global standards and industry frameworks.

Students will understand the leading technology platforms and vendors serving the domains of security operations, and best practices around effective deployment and integration of such technologies.

Students will learn about the Security Kill Chain and how Integrated Security Operations provides approaches to deal effectively with threats and vulnerabilities across the kill chain.

Course Learning Outcomes: After successful completion of this course, the students will be able to:

1. Describe how to build an Information Security Management Systems (ISMS) and orchestrate security management in an enterprise.

2. Explain how Information Security aligns strategically with enterprise goals and business processes and works in sync with a host of enterprise collaborators.

3. Have clarity on Security Governance through enterprise level Security Risk Management, Architecture, Compliance, Security Operations and Metrics.

4. Develop and deploy an enterprise security awareness program.

5. Describe how to build a Security Operations Center (SOC) and orchestrate security operations in an enterprise by leveraging various technical & operational capabilities.

6. Enumerate the benefits of building incremental security maturity in an enterprise and achieving it.

7. Analyze and discuss case studies on synergistic orchestration of Security Management and Security Operations and bring out lessons to be learnt and opportunity areas.

8. Present assignments (in writing and presentation) on building and implementation of an Information Security Management System (ISMS) and a Security Operation Center (SOC).