Implementing a Cybersecurity Program

Looking to set up a cybersecurity program at your company? This course will cover tips and tricks of setting up an IT program from the ground up. The focus will be on the process and how to efficiently and quickly set up the program. The course will cover the following:

-Define elements of a cybersecurity program
-Choosing an implementation approach
-Implementing high value, low cost changes
-How to assesses companies risk tolerance
-Determining and organizing work
-Choosing a cybersecurity framework

This course is for:

Anyone looking into developing a cybersecurity program. The course is designed for someone more technical or leading a technical department and is probably best suited for companies with at least one person devoted to IT.

A note from the instructor: The first time I set up a cybersecurity program, there weren’t a lot of resources on the process. Within two years I took the company from no security program to being fully SOC 2 Type 2 Compliant. This was an incredible feat considering the lack of resources. I’ve compiled what made this project so successful into this course, as well as added additional tips and tricks that I’ve learned since.

About This Course

Who Should Take this Course:

  • Anyone wanting to set up a cybersecurity program for their business or organization
  • Most ideal for small or medium size companies that have at least 1 IT person

Module Descriptions

Welcome and Getting Started: Prepare yourself for efficiently and successfully completing the course. You’ll get an overview of what the course is all about and what you should expect out of it.

What is a Cybersecurity Program: Let’s start by exploring what is a cybersecurity program, what are it’s core functions, and who it mitigates risk for a business or organization. We’ll also cover some core cybersecurity definitions and concepts that we’ll use throughout the course.

Implementation Approaches: We’ll set the stage for the three main approaches that I would recommend: Start with action; Start with an Assessment; and Start with a Framework. This will be an overview of the three approaches. We’ll also have a video about change management from a human perspective, that is how to roll out proper change management to help gain the most acceptance for the changes you would be making for the organization.

Lane 1: Start with Action: A cybersecurity program is about making changes that will put the company in the best position for success. This requires action. Delaying action could mean you putting the business at risk. We’ll cover considerations for how to choose which actions are the right first steps for you.

Regulatory Compliance: Laws and regulations continue to evolve and develop to protect consumers. Those businesses that don’t take the new regulatory compliance seriously, may find themselves irrelevant. We’ll cover some of the larger, more common laws and regulations that you may need to implement for your business. We’ll get into what the regulation is, who must comply with it, and some of the highlights of the law.

Critical Cybersecurity Documents: Some documents and policies are requirements, while others are important to legally protect the business. We’ll cover common documents an organization should consider. We’ll discuss who should implement, how the document is used, and look at some examples of the documents.

Cybersecurity Functions: Business operations can be broken down into different individual functions. We’ll get into core functions that can be implemented that will help protect the business from risk. 

Lane 2: Start with an Assessment: One of the core functions of a cybersecurity program is to assess risk, determine solutions, prioritize solutions, and then take action. By starting with an assessment, you can prioritize projects in a way that gives the organization the best return on investment. We’ll cover what risk assessments look like and the basics of how to perform a risk assessment for your organization.

Lane 3: Start with a Framework: A framework helps establish a comprehensive cybersecurity program. Without it, an organization could find itself overlooking risk in areas of its operations. A framework can identify those areas and ensure proper controls are in place to protect those areas.

Wrap Up: Time to wrap up the course and provide any final thoughts.

How to Take This Course!

Take this course on Udemy. This is not a free option, but has the advantage of a full learning management system, no commercials, and completion certificates.

Here’s the link to the Udemy Course:

https://www.udemy.com/course/implementing-a-cybersecurity-program/?referralCode=61FC7CF662120F1FC988

 

Course Content

Module 0 – Welcome and Getting Started

 

Module 1 – What is a Cybersecurity Program?

 

Module 2 – Implementation Approaches

 

Module 3 – Lane 1: Start with Action

 

Module 4 – Regulatory Compliance (1:1)

 

Module 5 – Critical Security Documents

 

Module 6 – Security Operations

 

Module 7 – Lane 2: Start with an Assessment

 

Module 8 – Lane 3: Start with a Framework

 

Module X – Wrap Up

 

Help the Effort

Creating these videos takes a lot of time, effort, and money. There are costs to producing the videos, hosting the site, and buying the equipment, not to mention the 1,000’s of hours I’ve put into recording these videos. So far, I’ve asked for and received very little in return. Please consider helping keep the effort going by one of the following: