Security Awareness training tailor made for your organisation
With a large number of “off-the-shelf” security awareness training options available, why use us?
We firmly believe that the more customised the training is to your business environment the better the results. Most people learn more effectively when they see how it directly applies to their work environment.
We can tailor make a training solution for your organisation that is both affordable and effective.
We can also adapt some of our existing training packages to suit your environment for an even more cost-effective solution.
Some of the subjects we can cover include:
Security Incident Response Workshop
In today’s complex world, an appropriate and usable incident response plan to deal with inevitable incidents and unforeseeable events and an agile, incident response capability are essential. How you prepare for and respond can minimise the impact of a damaging security incident. One of the most important ways to prepare is to ensure you have an effective information security incident response strategy.
Data Breach Notification in Australia
This session is designed as an overview of the Australian data breach notification obligations, introduced by the Privacy Amendment (Notifiable Data Breaches) Bill, and which became effective in February 2018. These data breach laws will be reviewed in detail as will other obligations to notify of unauthorised access to or disclosure of information, applicable to Australian organisations. This information can be customised to your organisation’s environment and considering specific risks or areas of concern.
Technology Supply Chain Management
This course will give non-lawyers an overview of some of the legal issues typically raised by contracts with outsourced service providers and cloud computing companies for Australian organisations. It is designed specifically for information security practitioners to help them identify possible issues but will be of interest to procurement teams and others with any involvement with negotiating or assessing the risks involved with entering third party technology contracts. A lot has been written about out-sourcing and computing contracts and this course will synthesise this available information, together with the presenter’s own experiences in contract negotiations. Common contractual issues – such as caps on liability, service levels, records management, termination rights and end of term arrangements – will be considered, together with issues raised specifically by these sorts of contracts including vendor due diligence, audit rights, data ownership, data sovereignty and sub contract and assignment rights. Particular attention will be given to service level agreements and transition out provisions.
Introduction to ISO 27001
For those wanting a high-level understanding of an Information Security Management System (ISMS) based on IEC/ISO 27001:2013, this is a good place to start.
The ISMS is a comprehensive risk identification, assessment and management system, comprising technology, policy and practice-based solutions, and directed at ensuring the security of all types of information. This course provides a good introduction to the concepts underlying the ISO 27001 ISMS, an overview of its main components and some tips on implementing an ISMS compliant with ISO 27001 in any organisation.
One of our experienced ISO 27001 trainers and consultants will:
- Explain the major components of the ISO 27001 Information Security Management System
- Review the benefits of implementing an ISO 27001 ISMS
- Consider the value of ISO 27001 certification to third parties
- Discuss an implementation approach including risk assessment and Annex A controls
Cloud Computing Contracts
This course gives non-lawyers an overview of the privacy issues typically raised by Cloud Computing Contracts for Australian organisations.
The Australian Privacy Act has some unique provisions and this course is designed to ensure an understanding of the Australian Privacy Principles and their application to cloud contracts. Using the presenter’s own extensive experiences in negotiating cloud contracts and knowledge of privacy law it will cover issues such as:
- what is ‘personal information’,
- the collection of personal information,
- how personal information can be ‘used’ and ‘disclosed’,
- trans-border data flows,
- access and correction rights,
- data breach notification.
The differences between Federal and State privacy regimes will be explained. The course will also cover how privacy might be managed within the context of cloud contracts and in keeping with the transparency principles contained in APP 1. Finally, reference will be made to some relevant standards including ISO/IEC 27018 and ISO/IEC 27017.
