Information Security Regulation

////Information Security Regulation
Information Security Regulation2019-01-30T11:40:25+02:00

Information has value: the art and science of information security law compliance.

What is the most valuable asset in your organisation? Perhaps you feel it is your staff or your equipment. But, for more and more organisations – information is their most valuable asset. We do business in an information economy and you hold precious information in the form of business records, customer databases, and intellectual property. You hire security personnel, install CCTV cameras, and have policies to protect your staff and equipment, but are you doing enough to protect your information?

Information security law is the area of law that asks whether you are protecting your information sufficiently. If a data breach happens, the relevant authority will want to know what steps you took to comply with information security law. Our ‘Information Security Compliance Programme’ is a four week online course with related tools to help you do this.

How it benefits you

This course gives you a leg up when it comes to complying with information security laws, because it has the following features:

  • interactive presentations – enjoy webinars from the comfort of your own device, participate in polls, and have your questions answered
  • online content – simple content available directly through your browser
  • short duration – only four modules over four weeks
  • self-paced – lets you go back over content and learn at your own pace
  • curated tools – the best tools from our larger library of document templates
  • provable participation – gives you something to show the relevant authority that you’ve thought about this issue thoroughly

How it works

Once you enquire about the course, we’ll contact you to find out more about your organisation and help you decide whether its right for you. If it is right for you, we’ll send you the invoice, wait for you to pay, and then sign you up for the course. When the course starts, you’ll be able to:

  • participate in live webinars – attend a one hour live webinar each week, ask your questions, and have them answered in real-time
  • review course notes – read the course notes from the webinar in the private members area of our website
  • download tools – download information security related tools, including our list of action items, information security policy, and incident response policy
  • use private forum – ask info security compliance related questions on our private forum
  • watch video recordings – watch video recordings of each webinar any time after they’ve happened
  • get a completion certificate – at the end of the course, we’ll send you a completion certificate to show that you’ve finished it

Who should join?

You should join this programme if you’re any of the following:

  • in-house legal adviser -– a lawyer employed by your organisation whose job is to give advice related to securing personal data against unauthorised access
  • compliance officers –- a person appointed by your organisation to help them comply with relevant data protection laws and empowered with the authority to do so when it comes to securing personal data against unauthorised access
  • executive responsible for information security – such as a CTO or other relevant decision maker
  • anyone else responsible for securing personal data against unauthorised access in your organisation – such as key IT personnel, database administrator or anyone similar

What are the outcomes?

You’ll achieve the following results as a consequence of participating in our Information Security Regulation Programme:

  • get a handle on the art and science of information security law compliance
  • understand the main rules, codes, and standards that form the body of information security law
  • expand your understanding of what you think of as information security measures
  • learn how to comply with information security law in your organisation at a high level

About the facilitator

David Luyt
David Luyt

David is the primary facilitator for our Information Security Programme. He believes that less is more when it comes to the law and works as an information lawyer because he enjoys simplifying complex ideas into practical insights.

He facilitates interactive programmes, drafts beautiful documents, and writes succinct opinions so that corporates, SMEs, and entrepreneurs alike can use the law in an accessible and meaningful way to accelerate their business.

He has more than seven years experience in information law and a special interest in how it applies internationally, including in cutting edge jurisdictions such as India, Ireland and Southeast Asia – which reflects in the global perspective of his work.

Why Michalsons?

  • We believe in using the law as a tool to prevent harm from coming to people.
  • We have significant practical experience dealing with data protection law.
  • We cover only those areas of data protection law that are most relevant to you, saving you time and money.
  • We provide insight and simplify the issues, empowering you to work through the obligations yourself.

Programme outline

We’ve structured the programme into a planned series of four core modules to achieve the desired results. Each module is a unit of education covering a single topic. Here’s a general description of the main aspects of each module and the relevant document templates that we make available with each one.

Information has value | Module one

The first module is all about how to be aware of the worth that the information you process has to you and your data subjects. It aims to help you achieve the following outcomes:

  • understand that protection against unauthorised interaction is important because information has value
  • strike a balance between confidentiality and integrity on the one hand and availablilty and convenience on the other
  • use one or more methods to quantify the value of your information

Data protection laws require information security | Module two

The second module covers how to navigate the information security requirements in relevant data protections laws. This module sets out to help you:

  • understand how umbrella data protection laws (GDPR, UK DPA, POPIA, etc.) require reasonable and appropriate technical and organisational safeguards
  • consider industry specifiy laws and relevant information security standards (E.g. ISO27001, NIST, COBIT5 and ITIL)
  • implement a workflow where you identify risks and safeguards, then create the safeguards, verify them and update them to do what is reasonable and appropriate
  • get a set of checklists in the form of our Information Security Action Items that turn the complex information security compliance landscape into simple lists of things that you need to do

The art and science of information security regulation | Module three

The third module deals with how to get the things you can buy and the things you can’t when it comes information security regulation. This module plans to help you:

  • be aware that physical and digital safeguards are the science, operational and administrative safeguards are the art
  • understand that most organisations have good technical measures, but poor organisational measures
  • rank your risks by weighing likelihood against impact
  • rank your safeguards by plotting risk mitigation against cost
  • develop a plan of action in the form of an Information Security Policy when it comes to protecting information and information systems from unauthorized access by connecting the the things you buy to secure your information and the people you pay to handle it

Incident response readiness | Module four

The final module looks at how to be ready to respond to incidents. This module tries to help you:

  • understand the requirements relating to responding to incidents, exemptions, notification (form and timeframe) and documentation in data protection laws
  • be aware that there are numerous issues to watch out for when a data breach, leak or other incident occurs, including involvement and participation, fallout and impact, and money and risks
  • download a written plan in the form of an Incident Response Policy that prepares your organisation to respond to a data breach, leak, or other incident properly

How long is the programme?

This programme will officially begin with live webinars starting on Thursday, 7 February 2019. You can watch the webinar recordings at a later date, which means you can work through at your own pace and can go as fast or slow as you like. Most organisations take four weeks to work through the whole programme. An unlimited number of named users in your organisation will get access to the programme. Webinars will take place every Tuesday at 10:00am.

Download a free four page executive summary of our compliance programme for yourself or to show to your director, manager or another executive.

FAQ

How long will my organisation have access for once we’ve paid?

You will always have access. And the content will be updated as the law and best practice is continuously developing.

What does the programme NOT cover?

You can also read what is excluded and what the programme is NOT.

How many people in my organisation can have access?

The access is per organisation. So you can have an unlimited number of participants from your organisation. We do however recommend that you don’t have too many so that you are sure who has accountability for driving your compliance.

What if we still need help on specific questions we have?

You’re welcome to contact Michalsons at any time. We will try to answer where we can, and if there is significant research or work required we will provide you with quotations to do the work.

Testimonials

Presents digested information, saving me hours and enabling execution.

I like the practical approach to the problem of compliance. In fact this is the first course that I have attended which actually shared a practical approach.

David was great. We appreciated his pragmatic approach and outcome based focus. Thanks David.

Price

We charge a once off upfront price for lifetime access to the programme. Click join to complete the programme registration form. You choose the currency and we will send you an invoice for payment. The prices listed include VAT.

EUR       710
USD      800
ZAR   12 000

100% Money Back Guarantee

We will refund you if you do not think you received value.

Tackle your compliance challenges now!

JOIN

Workshops

If you would prefer to work through in the form of an in person workshop, we can facilitate that. The workshop covers the same modules, but over the course of a day. Our sessions are interactive, where you can ask questions, have your specific issues dealt with, and influence the discussion-points. Contact us for a quote.