Course Schedule

• Weekly Plan

Slides

• Introduction
• Enterprise Information Security - Core Concepts Part 1
• Enterprise Information Security - Core Concepts Part 2
• Enterprise Information Security - Core Concepts Part 3

Guest Talks

• TBD
• TBD

Case Studies

Case Study 1

• Case Study 1 - Security Governance
• 1 Enterprise Information Security Policy
• 2 Enterprise Information Security Standards and Guidelines
• 3 Enterprise Acceptable Use Policy
• Sample - Vulnerability Management Policy
• Sample - Access Management Policy

Case Study 2

• Case Study 2 - BIA and Security Risk Assessment
• Sample Business Impact Assessment template
• Sample Asset Based Risk Assessment template

Case Study 3

• Case Study 3 - Security Compliance Assessment
• Security Compliance Checklist - Remote Access

Additional Readings

• Definition of Cybersecurity
• NIST Cybersecurity Framework (NIST CSF)
• Payment Card Industry Data Security Standards (PCI-DSS)
• ISO-27001 (2022)
• Enterprise Information Security Policy
• Enterprise Information Security Standards and Guidelines
• Enterprise Acceptable Use Policy
• User Security Monitoring and Investigation Process
• ISO-27001 (2013)
• OSFI Cyber Security Self-Assessment