Stolen laptops, misplaced USB drives, network infiltration by hackers or viruses, crippling denial-of-service attacks—the threats to an organization’s sensitive data are many and continue to grow, even as more and more sensitive data and personally identifying information are maintained and transmitted electronically. The costs associated with information security breaches continue to grow also, partly because of increasingly stringent regulations that hold organizations financially responsible when they fail to secure their sensitive information.

So how should organizations respond to these threats? With a comprehensive, coordinated plan that employs both physical and electronic measures designed to keep sensitive data and personally identifying information out of the hands of cyber criminals and identity thieves.

This course details the extent and potential costs of the information security problem, describes the key components of a well designed information security plan, and outlines strategies that can go a long way toward protecting one of an organization’s most valuable assets—its information.

TARGET AUDIENCE
Managers, Supervisors, and Leaders of Businesses and Organizations

TIME TO COMPLETE
60 minutes

PURPOSE
To describe the risks associated with maintaining and transmitting sensitive data and personally identifying information, and to instruct leaders of businesses and organizations in developing strategies for mitigating these risks.

LEARNING OBJECTIVES:
After completing this course, the learner will be able to:

• distinguish between first- and third-party information risks;
• recognize various types of first- and third-party information risks;
• define the scope of the threat that information security breaches pose to organizations, based on current statistics;
• interpret the major provisions of federal and state laws governing organizations' responsibilities for securing sensitive data and personally identifying information in their possession;
• define the elements of effective risk management procedures;
• develop and implement an appropriate information security policy for an organization;
• identify the threats to information network security and the tools needed to secure networks against security breaches; and
• develop a Computer Security Incident Response Plan and strategies for managing the risks associated with maintaining and transmitting sensitive data and personally identifying information.

TOPICS COVERED

1. An Overview of Information Risk
2. Statistics on Information Security Breaches
3. Federal and State Regulations Governing Information Security
4. Essential Risk Management Procedures
5. Drafting an Information Security Policy
6. Procedures for Properly Disposing of Sensitive Information
7. Securing Networks against Information Security Breaches
8. Responding to Information Security Breaches

ACCREDITATION
HRCI
This program has been approved for 1.0 recertification credit hour toward PHR, SPHR, and GPHR recertification through the HR Certification Institute. For more information about certification or recertification, visit the HR Certification Institute homepage at www.hrci.org.

(The use of this seal is not an endorsement by the HR Certification Institute of the quality of this program. It means that this program has met the HR Certification Institute's criteria to be pre-approved for recertification credit.)