Overview Next training
Our teachers for the training: Security Leader : Security Governance and Compliance
Module 1 Security Governance and Compliance - presentation video
Our teacher of this module Eric De Smedt, tells you in this clip what the Security Governance and Compliance Module is all about!
This training is taught in English.
To kick off the Security leader training (part of the Certified CISO programme’s) , we’ll start with the basics. That means explaining the difference between information security and cybersecurity. Because yes – there is a difference!
We’ll guide you through the process of defining, implementing, and managing an Information Security Governance Programme. That includes how to organise security, the various personnel involved, and their responsibilities.
You’ll get an overview of the fundamental laws, regulations, and standards that could or absolutely will affect your Security Governance Programme. If you plan to work for a multinational, knowing the ins and outs is essential for your strategic planning.
Some of the critical questions we cover include issues like:
- How should you go about establishing and communicating policies, processes, and standards to form the basis of your security programme?
- And how do you turn those things into an effective information security strategy, one that is actionable, measurable, and in line with your company’s corporate objectives?
- Is a security awareness programme really that important?
- And why do we do it all?
Ultimately, these steps all reduce corporate risk, which is why the programme has a solid focus on raising awareness about the current risk management frameworks and how you can practically and efficiently assess and mitigate risks.
We also share the facts and tools you need to make these programs inherently appealing, leading to the smooth, gradual development of a robust company security culture.
Lastly, there’s a good chance that your security setup will be subject to internal and/or external audits. Audits are required for all sorts of reasons, from verifying that your security program is working and certifying that it meets a specific standard to satisfying a client’s contractual stipulations, etc. We show you the ropes, summarizing what’s essential for putting your own audit program in place, along with how to comply with external audits.
Why take this course?
By the end of this course, you’ll have a firm grasp on:
- The basics of creating and running a Security Governance Program
- How to operationalize this program with the appropriate expertise and effectively boost your company’s security stance
- How to measure and improve your program, based on regular risk assessments and audits
- How to demonstrate the imperative worth of a Security Governance Program to management
- Why conducting regular security awareness initiatives is crucial and how to put them together
This course is also the first module in a unique program intended to lead to formal CISO certification. To check out other modules, download this file: CISO Brochure download.
Target group
Who is the Certified CISO program’s ‘Security Governance & Compliance’ module intended for? This module targets cybersecurity officers, managers, and other security professionals who are tasked with crafting a company-wide information security upgrade strategy. Those working in risk management and/or conducting security-related audits could also benefit from this course.
Learning goals
What you’ll learn in a nutshell:
- The difference between information security and cybersecurity
- How information security should/can be organized
- Which personnel and responsibilities are involved
- How to set up a security strategy that is actionable, measurable, and in line with your company’s corporate objectives
- How to set up a solid security awareness program
- Fundamental laws, regulations, and standards in Belgium and abroad which have an impact on information security
- How to create policies that make sense and can be used to create more detailed processes and standards
- How to effectively analyze and mitigate risks using a selection of standard methodologies
- How to establish your company’s risk appetite
- How to approach third-party risk management
- Audit types you may be confronted with
- How to organize and conduct internal audits
- How to facilitate and comply with external audits, and what are your rights and obligations
Educational approach of this course
When it comes to establishing and running a proper Security Governance Program, there are a variety of approaches. A one-size-fits-all formula doesn’t apply.
And it’s for that reason that this course has a two-fold objective. It aims to introduce you to the current standards and frameworks available and to supply you with the practical skills required to apply them correctly within your organization.
To accomplish this, we’ve lined up highly skilled professionals who have been in the trenches for years. They share practical advice and workarounds and teach you the core of what you need to know. The course itself blends theoretical models, frameworks, and standards to give you an overview of what’s out there, combined with practical exercises for applying what you’ve learned in real-life situations.
End product
You’ll be awarded a certificate of completion at the end of the course. This module does not entail any exams or official certification.
Note: Have you got plans to pursue the entire ‘Certified CISO’ programme? In that case, you’ll need a certificate of completion for all modules, and they must have been obtained within the past two years. The first six modules must be completed to start the 7th and final module, the ‘Master Project’, where you will apply the content of the previous modules to a single integrated project. Once finished, and if you obtain a positive evaluation, you’ll be awarded the ‘Certified CISO’ certificate.
Your bonus training package includes:
- Training material (printed and PDF format): handouts of the presentations with notes
- A list of useful links with additional information on standards and frameworks discussed during class
- The exercises and their solutions (where applicable)
How to prepare yourself
This is a classroom-based, non-technical course. Bring something along (e.g., a laptop, notebook, tablet) to take additional notes.
Course prerequisites:
- A basic understanding of IT
- Some experience in a corporate environment as a manager could be beneficial but is not essential.
Click here for more information about our teachers.
Day 1
1| Define, implement, manage an Information Security Governance Programme
- Information security versus cyber security
- Organisation of information security, roles, and responsibilities
- Defining an effective information security strategy which
- is actionable
- is measurable
- is in line with your company’s corporate objectives
- Security awareness programme to build a security culture
2| Fundamental laws, regulations, and standards
- A global overview of relevant international security & privacy-related laws
- A closer look at:
- ISO27001 / 2
- NIST CSF
- NIST 800-53
- CIS Controls
- GDPR
- NIS / NIS 2
3| What kind of documentation do you really need and why?Usage of policies, processes, and standards
- Who is the target audience for the various security-related documents?
- How do you organise this ‘library’ and make it accessible?
- How do you make sure people know the rules and act accordingly?
Day 2
1| Risk Management
- Why do you need risk management?
- Basic risk assessment concepts and processes
- Who should be involved?
- Overview of standards and methodologies you can use
2| Third-Party Risk Management
- Why is this topic separate and significant?
- Elements to review as part of third-party risk management:
- Compliance with laws and regulations and related proof
- Contractual requirements, SLAs, penalties
- Certificates
- Right to audit
- Frameworks and methods to help you assess third-party risks
3| Audit Management
- What is auditing, and do I need it?
- Internal audit controls
- Auditing your organisation
- Auditing a third party
- Potential external audits
- By (prospective) customers
- To validate certification
- To verify compliance with laws and regulations
- How to facilitate and comply with audits and your rights
- How to manage non-conformities
Price
€1.395
VAT exclusive
Certificate
"CISO Certificate of Completion"
Lunch, coffee, refreshments and course material included.
SME portfolio Flanders - higher subsidy for theme CYBERSECURITY: 45% for small and 35% for medium-sized enterprises.
Book a Call
Schedule 2025
Name
Date
Location
Language
Register
Security Leader : Security Governance and Compliance
17 February until 18 February 2025
Security Leader : Security Governance and Compliance
Q3 2025
Security Leader : Security Governance and Compliance
25 September until 26 September 2025