CILN - Centre for Innovative Leadership Navigation

Training

INFORMATION GOVERNANCE FOR LEADERS


Training Reference: CILN/MDP-IGL05

Dates of Training: 5-6th November 2018

Duration:  TWO DAYS

Location: Holiday Inn – London, Kensington, UK

Cyber security as a field is still developing at a rapid pace, with more information being discovered as time goes on.  However, it is rested upon the more mature field of Information Security and there are frameworks and standards available to assist in protection provision.
Our 2 day training course aims to provide managers and directors a strong comprehensive knowledge of the current state of the industry; types of threats facing every corporate, understanding of how efficient information governance can safeguard your data, and terminology needed to engage with CISOs, CSOs, security directors, security architects, legal team, auditors, insurers and procurement teams.

By the end of this programme, you will have a holistic understanding of the subject matter and be comfortable to discuss confidently with your team and to authorise well informed-decisions.

Objectives of the Programme: The programme aims to help participants sharpen the decision-making skills required for effective leadership. The main objectives of this short course would be to help the participants to:

  •  understand the nature of leadership in a dynamic environment
  •  look into new perspectives on institutional leadership
  •  Gain the knowledge, understanding and skills to improve their own institutional performance.
  •  Develop appropriate methodologies to manage “change” in both national and international context.

Learning Outcome
By attending this course, delegates can:

  • Gain a factual, procedural and theoretical understanding of Information Governance, Information Security and Data Protection Strategies
  • Understand the impact of the forthcoming EU General Data Protection Regulations (GDPR) and principles and their implications for an information governance policies and practices
  • Identify, select and use appropriate cognitive and practical skills, methods and procedures to address information governance ‘wicked problems’, e.g. the “right to be forgotten”
  • Design, apply and review strategies to embrace the requirements to address privacy within the constructs of data protection and data transfer legislation and practices

Programme Contents

  • Identifying information assets – understanding what needs to be protected and why (the information inventory)
    • Application layer (layer 7) inventory visibility and knowledge required
    • Addressing Intellectual Property (IP) protection
  • Addressing the top two causes of information loss:
    • Hardware errors
    • Human failures
    • Creating the governance plan – to ensure the right principles and policies are in place to manage information throughout its lifecycle and ensure staff engagement and involvement
  • Designing the information architecture
    • Intrusion vs Breach – today’s “breach detection” is actually intrusion detection – sandboxes etc – we’re not preventing the breach...
    • Prevention vs Detection - Detection is not enough – reviewing Incident Response procedures
    • Interpreting the signals – understanding what data is available and what it’s telling you
    • Buying the right protection vs improving processes to better protect yourself
    • Conducting activity reviews - Account modification, deletion, authentication
    • Output metrics vs input metrics – has your network been infiltrated?
  • Establishing howinformation can best be protected (the information strategy)
  • Data Protection Principles
  1. Maintaining public trust and respecting personal privacy
  2. Information Sharing/Data Transfers – benefits and constraints, protecting intellectual property
  3. Data Privacy Impact Assessments (DPIA)
  4. Gaining consent, Direct Marketing
  5. Managing cookies
  6. Data Quality management
  7. Data breach management – and links to Security Incident Management
  8. Data Protection in the workplace
  9. Use of personal data in system testing
  10. Criminal Offences and the regulatory body powers to fine

 

Why should you attend?
There is no end to the learning process. Once a leader says – what is there new for me to learn – his/ her ability to arouse motivation in followers might be that much more limited because a very important parameter would get sidelined – the changing nature of the environment.

Accordingly, at regular intervals, leaders/managers must engage themselves in “contemplation” – through programmes like these.

Who should attend?
Directors and managers who wish to gain a holistic understanding of Cyber Security and Information Governance for practical use and serve as a basis for future tailored training/courses.