Management Strategies for IT Department

Management Strategies for IT Department


Date & Location: (08-12/Jan) Hong Kong – ( 16-20/Apr)  Amman – ( 03-07/Sep)  Istanbul – ( 26-30/Nov) Kuala Lumpur

Register Now

Course Overview

This course teaches security professionals how to navigate this new world of security by developing strategic plans, creating effective information security policy, and developing management and leadership skills.


Program Objectives:

  • Develop security strategic plans that incorporate business and organizational drivers
  • Develop and assess information security policy
  • Use management and leadership techniques to motivate and inspire your teams


Who Should Attend?

  • CISOs
  • Information Security Officers
  • Security Directors
  • Security Managers
  • Aspiring Security Leaders
  • Other Security Personnel Who Have Team Lead or Management Responsibilities


Program Outline:


Day 1: Strategic Planning Foundations
  • Vision and Mission Statements
    • What they tell you about the organization
    • Developing a security team mission statement that aligns with organizational goals
  • Stakeholder Management
    • Learn to identify, understand, and manage stakeholders in order to make the security team more successful
  • PEST Analysis
    • Identify market forces that drive the business in order to better understand business goals
  • Porter’s Five Forces
    • Understand how business leaders develop strategy
    • Apply this analysis to security vendors so you can make more informed purchase decisions
  • Threat Actors
    • Understand attacker motivations and techniques
    • Review real-word attack scenarios
  • Asset Analysis
    • Understand assets that are most valuable to the business and are of interest to attackers
  • Threat Analysis
    • Learn how the intrusion kill chain and threat intelligence can inform strategic planning


Day 2: Strategic Roadmap Development
  • Historical Analysis
    • Analyze the past in order to understand the probable future
  • Values and Culture
    • Understand the values and culture of your organization in order to align security with the corporate culture and define acceptable working norms
  • SWOT Analysis
    • Understand current Strengths, Weaknesses, Opportunities, and Threats
  • Vision and Innovation
    • Sustaining versus disruptive innovation
    • Jobs To Be Done Theory
    • Learning to innovate with the business
    • How to provide value to stakeholders
  • Security Framework
    • NIST Cybersecurity Framework
    • Measuring maturity
  • Gap Analysis
    • Identifying what needs to be done
  • Roadmap Development
    • Identifying what should be done first
  • Business Case Development
    • Approaches to obtaining funding
  • Metrics and Dashboards
    • Developing effective metrics
  • Marketing and Executive Communications
    • Promoting the work of the security team


Day 3: Security Policy Development and Assessment
  • Purpose of Policy
    • Role of policy
    • Establishing acceptable bounds for behavior
    • Empowering employees to do the right thing
    • How policy protects people, organizations, and information
    • Relationship of mission statement to policy
  • Policy Gap Analysis
    • Policy versus procedure
    • Policy needs assessment
  • Policy Development
    • Governing policy
    • Issue-specific policy
    • Positive and negative tone
  • Policy Review
    • Using the SMART approach
    • Policy review and assessment process
  • Awareness and Training
    • Role of psychology in implementing policy
    • Organizational culture


Day 4: Leadership and Management Competencies
  • Leadership Building Blocks
  • Creating and Developing Teams
  • Coaching and Mentoring
  • Customer Service Focus
  • Conflict Resolution
  • Effective Communication
  • Leading through Change
  • Relationship Building
  • Motivation and Self-direction
  • Teamwork
  • Leadership Development


Day 5: Strategic Planning Workshop

Case study topics include:

  • Creating a Security Plan for the CEO
  • Understanding Business Priorities
  • Enabling Business Innovation
  • Working with BYODs
  • Effective Communication
  • Stakeholder Management