Capacity Building
15 hours (distributed over 5 days)
IT and Information Security Staff, Compliance Officers
Fundamentals of Information Technology or Information Security
Completion of the “Cybersecurity Awareness” program is preferred
- Understanding the concept and key components
- Plan-Do-Check-Act (PDCA) as a mechanism for continuous improvement
- Developing and approving the information security policy
- Defining the scope of ISMS implementation within the organization
- Steps to identify, analyze, and evaluate risks
- How to create an asset register and analyze threats
- Methods for measuring risk levels (high, medium, low)
- Risk treatment strategies (avoid, mitigate, transfer, accept)
- 93 controls divided into 4 main groups
- Policies, roles, training, and authorization management
- Employee screening, awareness, and information confidentiality
- Building security, access control, and equipment protection
- Network security, encryption, and vulnerability management
- Policies, procedures, and mandatory vs. optional records
- How to conduct an internal audit to verify compliance
- Management review meetings for performance assessment
- Addressing deficiencies and continuously improving performance
After completing all course requirements, you can apply to receive an accredited Certificate of Completion from Ru’ya Academy for Leadership and Technology.