Information Security Management


Today, when computers and internet are used in all professional activities for interaction, each individual in the organization is an element of the whole IT system. Each action, behavior of the user can approach the system and data..Therefore, to protect ISMS for each individual, user in the organization means protection for the information system. In enterprises, most critical information system is equipped with many security solutions and tools to prevent against attacks, and protect the system against the external threats. Thus, the attack trend of hackers today shifts to attacking the weakest chain of the system named human beings. The inadequate understanding and compliance with the ISMS assurance systems of the users are “loopholes” for hacker to penetrate into the organizational information system. In this case, risks influencing on the information system and assets when being attacked from internal factors are much bigger than attackes from the external factors. Hence, Infochief compiles and provides information security training course for the IT system administrator aimed at improving knowledge and skills about ISMS for the IT in charge persons. This is one of the fundamental contents mentioned in many books and strategies about ISMS.


 i. To equip learners with necessary and comprehensive knowledge about information security in business as per ISO/IEC 27001
ii. The IT security manager shows his commitment for safety of the information at all levels
iii. To assure availability and reliability of hardware and database
iv. Insurance cost saving
v. Improving awareness and responsibilities of staff about information security in enterprises

What the learners gain and can do after the training course?

1. To have knowledge for construction of information safety management system for organizations
2. To construct training courses on awareness of ISO/IEC 27001 for staff
3. Establishing document system as per ISO/IEC 27001.
4. To know how to construct policies, objectives, and scope of information security
5. Analyzing, assessing risks of information security within the system scope
6. Establishing risk control methods
7. Selecting control targets and control methods
8. Running the established ISMS
9. Considering and renovating the system efficiency


 i. IT Director/IT Manager and IT deputy manager
ii. Information security in charge person
iii. IT consultant
iv. IT administrator
v. System management and compliance management persons
vi. Those who want to study and improve information security and safety management skills

Training contents

Module 1: Overview about Information security management 
- What is information security
- How to manage information security
- Information security management principles

Module 2: Information security planning
- Elements in the information security plan
- Setting plan for deployment of information security

Module 3: Setting IT backup plan
- What IT backup plan is
- Elements of the backup plan
- Construction of the backup plan
- Checking the backup plan

Module 4: Policies on information security
- Policies on information security within the whole scope of enterprises
- Policies of information security specifically used by User
- Policies on information security for a specific administrator
- Instructions on how to develop policies

Module 5: Information security plan development
- Organizing information security in enterprises
- Information security within the organization scope of enterprises
- Elements of an information security plan
- Roles of information security
- Deployment of awareness training course

Module 6: Confidentiality and practice management model
- Information security management models
- Information security practice

Module 7: Risk management – Determination and assessment of risks
- Risk management
- Risk determination in the information system
- Risk assessment and classification
- Risk management material development

Module 8: Risk management and control
- Risk control strategies
- Selection of risk control strategies
- Analyzing feasibility and cost benefit
- Discussion about risk management
- Risk control practice
- Risk management approach of Microsoft

Module 9: Information security mechanism
- Access control
- Fire walls
- Penetration discovery system
- Wireless system protection
- Analytical tools for loopholes of system
- Data encoding

Module 10: Human beings and confidentiality
- Information security staff and security function
- Information security professional certificate
- Policies and practice on staff confidentiality management

Module 11: Legal framework and professional morality
- Legal framework and morality in information security
- Studying legal environment from national and international perspectives
- Definition of morality in information security
- Responsibilities of enterprises and necessity of a lawyer

Module 12: Information security project management
- Structure and process of the project management
- Applying project management to information security project management
- Project management tools


 i.  The standard materials of the Infochief institute (Vietnamese)
ii.  Reference document (English)

  Training methods

The experts will apply the following training methods to convey the contents:
    i.  Open discussion
    ii. Case study
    iii. Self-assessment
    iv. Mini-lecture

  Difference of the training methods at Infochief

- Coaching based on the actual management models
- Practice training in line with the requirements of each position
- 70% is to practice the actual skills required by the daily work at the workplace
- To assure that after the training course, learners are confident at their work
- Senior staff are given priority for being introduced to our partners

Training Schedules

 Starting date Duration Time Fee      Register

Call 10 Session 8h30 - 16h30 9,500,000 VND HCM
Preferential Condition "The preferential fee” is applied to payment made at least 10 days prior to the starting day of the training course
Duration 10 Sessions

Upon completion of the course : It is a must for the learners to complete a project at the end of the course, the aim is to assess the ability to apply the training contents to the actual working environment.

Graduation certificate : To be granted by INFOCHIEF with national validity


1. Download Brochure