About the course
As security professionals we have seen the landscape change. Cybersecurity is now more vital and relevant to the growth of your organization than ever before. As a result, information security teams have more visibility, more budget, and more opportunity. However, with this increased responsibility comes more scrutiny.
This course gives you tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, create effective information security policy, and develop management and leadership skills to better lead, inspire, and motivate your teams.
Develop Strategic Plans
Strategic planning is hard for IT and IT security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. MGT514 will teach you how to develop strategic plans that resonate with other IT and business leaders.
Create Effective Information Security Policy
Policy is a manager's opportunity to express expectations for the workforce, set the boundaries of acceptable behavior, and empower people to do what they ought to be doing. It is easy to get wrong. Have you ever seen a policy and responded by saying "No way, I am not going to do that"? Most of us have. Policy must be aligned with an organization's culture. In MGT514, we break down the steps to policy development so that you have the ability to design and assess policies that can successfully guide your organization.
Develop Management and Leadership Skills
Leadership is a skill that must be learned, exercised, and developed to better ensure organizational success. Strong leadership is brought about primarily through selfless devotion to the organization and staff, tireless effort in setting the example, and having the vision to see and effectively use available resources toward the end goal.
Effective leadership entails persuading team members to accomplish their objectives, removing the obstacles preventing them from doing it, and maintaining the well-being of the team in support of the organization's mission. MGT514 will teach you to use management tools and frameworks to better lead, inspire, and motivate your teams.
Course Syllabus
MGT514.1: Strategic Planning Foundations
Overview
Creating security-strategic plans requires a fundamental understanding of the business, and a deep understanding of the threat landscape.
CPE/CMU Credits: 6
Topics
- Vision and Mission Statements
- What they tell you about the organization
- Developing a security team mission statement that aligns with organizational goals
- Stakeholder Management
- Learn to identify, understand, and manage stakeholders in order to make the security team more successful
- PEST Analysis
- Identify market forces that drive the business in order to better understand business goals
- Porter's Five Forces
- Understand how business leaders develop strategy
- Apply this analysis to security vendors so you can make more informed purchase decisions
- Threat Actors
- Understand attacker motivations and techniques
- Review real-word attack scenarios
- Asset Analysis
- Understand assets that are most valuable to the business and are of interest to attackers
- Threat Analysis
- Learn how the intrusion kill chain and threat intelligence can inform strategic planning
MGT514.2: Strategic Roadmap Development
Overview
With a firm understanding of the drivers of business and the threats facing the organization, you will develop a plan to analyze the current situation, identify the target state, perform gap analysis, and develop a prioritized roadmap. In other words, you will be able to determine (1) what you do today (2) what you should be doing in the future (3) what you don't want to do, and (4) what you should do first. Once this plan is in place, you will learn how to build and execute it by developing a business case, defining metrics for success, and effectively marketing your security program.
CPE/CMU Credits: 6
Topics
- Historical Analysis
- Analyze the past in order to understand the probable future
- Values and Culture
- Understand the values and culture of your organization in order to align security with the corporate culture and define acceptable working norms
- SWOT Analysis
- Understand current Strengths, Weaknesses, Opportunities, and Threats
- Vision and Innovation
- Sustaining versus disruptive innovation
- Jobs To Be Done Theory
- Learning to innovate with the business
- How to provide value to stakeholders
- Security Framework
- NIST Cybersecurity Framework
- Measuring maturity
- Gap Analysis
- Identifying what needs to be done
- Roadmap Development
- Identifying what should be done first
- Business Case Development
- Approaches to obtaining funding
- Metrics and Dashboards
- Developing effective metrics
- Marketing and Executive Communications
- Promoting the work of the security team
MGT514.3: Security Policy Development and Assessment
Overview
Policy is one of the key tools that security leaders have to influence and guide the organization. Security managers must understand how to review, write, assess, and support security policy and procedures. Using an instructional delivery methodology that balances lecture, exercises, and in-class discussion, this course section will teach the techniques to create successful policy that employees will read and follow, and that will be accepted by business units.
Students will learn key elements of policy, including positive and negative tone, consistency of policy bullets, how to balance the level of specificity to the problem at hand, the role of policy, awareness and training, and the SMART approach to policy development and assessment.
CPE/CMU Credits: 6
Topics
- Purpose of Policy
- Role of policy
- Establishing acceptable bounds for behavior
- Empowering employees to do the right thing
- How policy protects people, organizations, and information
- Relationship of mission statement to policy
- Policy Gap Analysis
- Policy versus procedure
- Policy needs assessment
- Policy Development
- Governing policy
- Issue-specific policy
- Positive and negative tone
- Policy Review
- Using the SMART approach
- Policy review and assessment process
- Awareness and Training
- Role of psychology in implementing policy
- Organizational culture
MGT514.4: Leadership and Management Competencies
Overview
This course section will teach the critical skills you need to lead, motivate, and inspire your teams to achieve your organization's goals. By establishing a minimum standard for the knowledge, skills, and abilities required to develop leadership, you will understand how to motivate employees, and how to develop from a manager into a leader.
CPE/CMU Credits: 6
Topics
- Leadership Building Blocks
- Creating and Developing Teams
- Coaching and Mentoring
- Customer Service Focus
- Conflict Resolution
- Effective Communication
- Leading through Change
- Relationship Building
- Motivation and Self-direction
- Teamwork
- Leadership Development
MGT514.5: Strategic Planning Workshop
Overview
Using case studies, students will work through real-world scenarios by applying the skills and knowledge learned throughout the course. The case studies are taken directly from Harvard Business School, which pioneered the case study method. The case studies focus specifically on information security management and leadership competencies.
The Strategic Planning Workshop serves as a capstone exercise for the course, enabling students to synthesize and apply concepts, management tools, and methodologies learned in class.
CPE/CMU Credits: 6
Topics
Case study topics include:
- Creating a Security Plan for the CEO
- Understanding Business Priorities
- Enabling Business Innovation
- Working with BYODs
- Effective Communication
- Stakeholder Management
Who Should Attend
- CISOs
- Information Security Officers
- Security Directors
- Security Managers
- Aspiring Security Leaders
- Other Security Personnel Who Have Team Lead or Management Responsibilities
Prerequisites
- A strong desire to grow as a leader
- A strong desire to develop strategic plans that resonate with IT and other business leaders
- Willingness to participate in group exercises and team discussions
You Will Be Able To
- Develop security strategic plans that incorporate business and organizational drivers
- Develop and assess information security policy
- Use management and leadership techniques to motivate and inspire your teams