Since 04.09.2019, within the Erasmus+ LMPI project, UTM teachers have been trained in the field of Information Security, with the trainer Valeriu Cernei, consultant and certified auditor in the field of Information Security, BSD Management.
The training seminar “Aspects of management and audit of Information Security” aims to provide knowledge to the participants in order to understand the specific aspects of information security and audit. At the end of the training sessions, the participants will be able to demonstrate a better understanding of the objectives of the SMSI, the internal organization of the SMSI, the security of the information of the organization, the audit, the analysis and the evaluation of the security risks, the applicability of different organizational and technical security measures, the applicability of the international standards and methodologies. and national standards in the field of information security, in particular standards in the ISO / IEC 27000 family and in particular ISO / IEC 27001: 2005. Also, participants will know and understand how information security is applied at different levels and components of the information system. The topics of the seminar were established by taking into account the areas of interest of the participants, based on the training programs developed within the LMPI project.
The training course lasts 14-16 hours and contains the following modules:
- Module 1. Basic notions and concepts of SMSI – information security, security objectives, information resources, threats, vulnerabilities, security measures, security risks, risk management, etc .;
- Module 2. International standards in the field – the family of ISO 27000 standards, in particular ISO 27001, ISO 27002, ISO 27005, ISO 27006, the relationship between standards and their applicability;
- Module 3. Implementation of the SMSI – the stages of the implementation of the SMSI according to ISO 27001: setting the SMSI objectives, defining the SMSI field, defining the security policy, establishing the roles and responsibilities, identifying and classifying resources, identifying and evaluating risks, risk management plan, risk mitigation strategy, preparation of the declaration of applicability, training and training of personnel, monitoring and control of SMSI performance, maintenance of SMSI and continuous improvement;
- Module 4. Multi-level security – IT environment, system architectures, logical path of access to resources, typical security threats, layered security approach. Application security, security of operating environments, Data security, network security mechanisms, Physical security;
- Module 5. Risks and risk management process – definition, types, methods of risk assessment, risk management process;
- Module 6: IT control system – definitions, types and categories, identification of controls, evaluation of the control procedure, testing of controls, compensatory controls, documentation of deficiencies;
- Module 7: Audit process – IT audit, place of audit in the organization, standards, competencies, communication rules in the audit process, the audit universe, prioritizing audible objects, annual planning, execution of audit missions, audit evidence, sampling , thematic audits (IT management, applications, information security, databases, physical infrastructure);
- Module 8: Business continuity – SMCA, continuity risk analysis, impact analysis, continuity strategies, continuity plans, testing, training.
The LMPI project is implemented with EU support through the Erasmus+ program.