Security Governance and Compliance

About this course

Information security involves more than just technology; it requires a solid foundation of governance and strategy. How do you translate complex regulations into actionable policies? In this masterclass, we guide you through the process of defining and managing a robust Information Security Governance Programme.

We’ll guide you through the process of defining, implementing, and managing an Information Security Governance Programme. That includes how to organise security, the various personnel involved, and their responsibilities.

You’ll get an overview of the fundamental laws, regulations, and standards that could or absolutely will affect your Security Governance Programme. If you plan to work for a multinational, knowing the ins and outs is essential for your strategic planning.

Some of the critical questions we cover include issues like:

• How should you go about establishing and communicating policies, processes, and standards to form the basis of your security programme?
• And how do you turn those things into an effective information security strategy, one that is actionable, measurable, and in line with your company’s corporate objectives?
• Is a security awareness programme really that important?
• And why do we do it all?

Ultimately, these steps all reduce corporate risk, which is why the programme has a solid focus on raising awareness about the current risk management frameworks and how you can practically and efficiently assess and mitigate risks.

We also share the facts and tools you need to make these programmes inherently appealing, leading to the smooth, gradual development of a robust company security culture.

Lastly, there’s a good chance that your security setup will be subject to internal and/or external audits. Audits are required for all sorts of reasons, from verifying that your security programme is working and certifying that it meets a specific standard to satisfying a client’s contractual stipulations, etc. We show you the ropes, summarising what’s essential for putting your own audit programme in place, along with how to comply with external audits.

All participants will have access to additional online learning material, such as NIS2 lessons learned and the impact of the Cyber Resilience Act

Why take this course?

By the end of this course, you’ll have a firm grasp on:

• The basics of creating and running a Security Governance Programme
• How to operationalise this programme with the appropriate expertise and effectively boost your company’s security stance
• How to measure and improve your programme, based on regular risk assessments and audits
• How to demonstrate the imperative worth of a Security Governance Programme to management
• Why conducting regular security awareness initiatives is crucial and how to put them together

Target group

This course is designed for professionals who need to bridge the gap between regulations, strategy, and operations:

• Security Professionals (ISOs, CISOs): To move beyond “firefighting” and build a strategic framework.
• Risk & Compliance Officers: To understand how to audit security policies and manage third-party risks.
• Data Protection Officers (DPO): Essential for understanding how to audit policies and how Risk Management methodologies support DPIAs.
• Legal Counsel: To understand the impact of technical standards on legal liability.

Learning goals

What you’ll learn in a nutshell:

• The difference between information security and cyber security
• How information security should/can be organised
• Which personnel and responsibilities are involved
• How to set up a security strategy that is actionable, measurable, and in line with your company’s corporate objectives
• How to set up a solid security awareness programme
• , regulations, and standards in Belgium and abroad which have an impact on information security
• How to create policies that make sense and can be used to create more detailed processes and standards
• How to effectively analyse and mitigate risks using a selection of standard methodologies
• How to establish your company’s risk appetite
• How to approach third-party risk management
• Audit types you may be confronted with
• How to organise and conduct internal audits
• How to facilitate and comply with external audits and what your rights and obligations are

Learning appoach

• Action Learning We believe in learning by doing.
• Theory: Expert-led sessions covering the “what” and “how” of governance.
• Case Study: You will work with a continuous business case involving a fast-growing scale-up preparing for international certification.
• Practical Assignment: You will be challenged to draft a specific policy or perform a high-level risk assessment tailored to this dynamic business environment.
• Feedback: You will present your work during an online follow-up session for peer and expert review.

End product

You’ll be awarded a certificate of completion at the end of the course.

Your bonus training package includes:

• Training material (printed and PDF format): handouts of the presentations with notes
• Extra online training materials
• A list of useful links with additional information on standards and frameworks discussed during class
• The exercises and their solutions (where applicable)

Preparation

This is a classroom-based, non-technical course. Bring something along (e.g., a laptop, notebook, tablet) to take additional notes.

Course prerequisites:

• A basic understanding of IT
• Some experience in a corporate environment as a manager could be beneficial but is not essential.

Between the two in-person training days and the online follow up session, you will have homework:

• Complete the online knowledge assessment
• Prepare an assignment for discussion during the online session.