課程描述INTRODUCTION
企業(yè)安全體系搭建培訓(xùn)
日程安排SCHEDULE
課程大綱Syllabus
企業(yè)安全體系搭建培訓(xùn)
課程背景 Course Background:
2018年5月25日,GDPR(歐盟通用數(shù)據(jù)保護(hù)條例,General Data Protection Regulation)正式生效,開啟了一個(gè)新的數(shù)據(jù)合規(guī)時(shí)代。1000萬(wàn)到2000萬(wàn)歐元,或企業(yè)全球年?duì)I業(yè)額2%到4%的罰款讓所有受其管轄的企業(yè)都必須將數(shù)據(jù)保護(hù)合規(guī)提升到生存高度予以應(yīng)對(duì)。面對(duì)新法,企業(yè)的應(yīng)對(duì)仍然顯得十分不足。2017年,英國(guó)政府在“四大”協(xié)助下發(fā)布了富時(shí)350指數(shù)網(wǎng)絡(luò)治理健康檢查報(bào)告,報(bào)告顯示近六成的受訪者表示對(duì)GDPR不太或并不了解,同時(shí)僅有8%的受訪者表示已經(jīng)做了充分的準(zhǔn)備,接近75%的人表示僅做了部分準(zhǔn)備。那么從國(guó)內(nèi)外來(lái)看,未來(lái)數(shù)據(jù)安全法規(guī)趨勢(shì)如何?網(wǎng)絡(luò)安全問(wèn)題的本質(zhì)是什么?企業(yè)如何規(guī)避不合規(guī)數(shù)據(jù)的風(fēng)險(xiǎn)?怎樣提供可切實(shí)實(shí)施的風(fēng)險(xiǎn)整改計(jì)劃?
CCP法商精英薈特邀EY安永法證及誠(chéng)信合規(guī)服務(wù)部門資深合伙人陳熾先生來(lái)為我們解讀法規(guī)、分析案例、指點(diǎn)趨勢(shì)。
On May 25, 2018, the General Data Protection Regulation (“GDPR”) formally came into force, opening a new era of data compliance. A fine of Euro 10-20 million or 2-4% of annual global turnover forces the companies bound by GDPR to pay high attention to data protection compliance. However, enterprises’ response to GDPR seems to be quite inadequate. In 2017, the British government issued FTSE 350 Network Governance Report under the assistance of Big 4 Accounting Firms. The Report shows that nearly 60% of the respondents did not know much about GDPR, only 8% of them said they had made adequate preparations, and nearly 75% of them said they had made some preparations only. What is the future trend of the data security regulations at home and abroad? What is the nature of cybersecurity issues? How to avoid the risks of non-compliant data? How to develop a practical and feasible risk control plan?
Mr. Chen Chi, a senior partner of EY Forensic & Integrity Services was invited to interpret GDPR, analyze cases and explain the trends.
課程收益 Course Benefits:
1.了解GDPR、中國(guó)網(wǎng)絡(luò)安全法及其他相關(guān)法律法規(guī)要點(diǎn)
Understand the main points of GDPR, the Cybersecurity Law of the People’s Republic of China and other relevant laws and regulations
2.了解GDPR及其他相關(guān)法律對(duì)于企業(yè)所處行業(yè)的影響程度
Understand the impact of GDPR and other relevant laws and regulations on the industry
3.了解企業(yè)各個(gè)層級(jí)部門應(yīng)如何應(yīng)對(duì)外界監(jiān)管規(guī)定
Understand how the departments of enterprises at each level should cope with the regulations
4.掌握提升企業(yè)數(shù)據(jù)合規(guī)、網(wǎng)絡(luò)安全的方式方法
Learn the ways and means to improve enterprise data compliance and cybersecurity
5.了解危機(jī)發(fā)生時(shí)應(yīng)如何進(jìn)行處理和應(yīng)對(duì)的方法
Understand how to deal with crises
6.學(xué)習(xí)先進(jìn)風(fēng)險(xiǎn)評(píng)估框架,并能運(yùn)用到實(shí)際工作中
Learn advanced risk assessment frameworks and apply them to practical work
誰(shuí)該來(lái)參加 Who Should Attend:
企業(yè)合規(guī)、法務(wù)、信息安全部門負(fù)責(zé)人,擁有合規(guī)、法務(wù)、信息安全職能的紀(jì)檢監(jiān)察部門負(fù)責(zé)人,從事合規(guī)、法務(wù)、信息安全實(shí)務(wù)操作的部門主管及一般員工,其他對(duì)數(shù)據(jù)合規(guī)、網(wǎng)絡(luò)安全感興趣的有識(shí)之士,以及想提高企業(yè)綜合管理能力的優(yōu)秀積極人士。
Persons in charge of corporate compliance, legal affairs and information security departments; persons in charge of discipline inspection and supervision departments with the functions related to compliance, legal affairs and information security; department heads and general employees engaged in compliance, legal affairs and information security practices; far-sighted persons interested in data compliance and cybersecurity; and activists who want to improve the comprehensive management capabilities of their enterprises.
課程大綱 Course Outline:
一、GDPR及相關(guān)法律法規(guī)
GDPR and relevant laws and regulations
1.GDPR概述
GDPR overview
2.中國(guó)網(wǎng)絡(luò)安全法概述
Overview of the Cybersecurity Law of the People’s Republic of China
數(shù)據(jù)隱私保護(hù) Data privacy protection
網(wǎng)絡(luò)安全等級(jí)保護(hù) Classified protection of cybersecurity
信息跨境傳輸 Cross-border information transmission
網(wǎng)絡(luò)安全監(jiān)控與應(yīng)急響應(yīng) Cybersecurity monitoring and emergency response
3.全球數(shù)據(jù)保護(hù)法律法規(guī)環(huán)境
Global data protection laws and regulations
二、數(shù)據(jù)合規(guī)、網(wǎng)絡(luò)安全的趨勢(shì)
Data compliance and cybersecurity trends
1.數(shù)據(jù)安全事件及處罰案件
Data security incidents and punishment cases
2.企業(yè)應(yīng)對(duì)現(xiàn)狀
Enterprises’ response
3.從國(guó)內(nèi)外大背景看趨勢(shì)
Trends from the perspective of domestic and international background
三、企業(yè)應(yīng)對(duì)策略
Enterprises’ countermeasures
1.管理層應(yīng)對(duì)策略
Countermeasures at the management level
2.業(yè)務(wù)層應(yīng)對(duì)策略
Countermeasures at the business level
3.技術(shù)層應(yīng)對(duì)策略
Countermeasures at the technology level
四、識(shí)別敏感信息
Identification of sensitive information
1.數(shù)據(jù)生命周期管理
Data lifecycle management
數(shù)據(jù)信息的收集與使用
Collection and use of data information
數(shù)據(jù)信息的加工、傳輸與共享
Processing, transmission and sharing of data information
數(shù)據(jù)信息的保存與銷毀
Preservation and destruction of data information
2.識(shí)別個(gè)人數(shù)據(jù)、重要數(shù)據(jù)、商業(yè)秘密數(shù)據(jù)
Identification of personal data, important data and trade secrets
五、建立風(fēng)險(xiǎn)評(píng)估矩陣
Establishment of risk assessment matrix
1.怎樣確定數(shù)據(jù)安全評(píng)估標(biāo)準(zhǔn)
How to establish data security assessment standards
2.定量化衡量風(fēng)險(xiǎn)等級(jí)及對(duì)企業(yè)的影響
Quantitatively measure risk levels and risk impact on enterprises
3.怎樣提供可切實(shí)實(shí)施的風(fēng)險(xiǎn)整改計(jì)劃
How to develop a practical and feasible risk control plan
六、建立數(shù)據(jù)治理框架
Establishment of data governance framework
1.數(shù)據(jù)治理的全過(guò)程
Whole process of data governance
2.應(yīng)對(duì)型數(shù)據(jù)治理及主動(dòng)型數(shù)據(jù)治理
Passive and active data governance
3.數(shù)據(jù)管理能力成熟度模型
Data management capability maturity model
七、搭建數(shù)據(jù)合規(guī)體系
Establishment of data compliance system
1.進(jìn)行GDPR及網(wǎng)絡(luò)安全法適用性評(píng)估
evaluate the applicability of GDPR and cybersecurity laws
2.劃分?jǐn)?shù)據(jù)類型及區(qū)別制定合規(guī)策略
Classify data and develop different compliance strategies based on the classification
3.更新與完善隱私政策
Update and improve privacy policies
4.建立風(fēng)險(xiǎn)評(píng)估、記錄與響應(yīng)機(jī)制
Establish risk assessment, recording and response mechanisms
八、搭建網(wǎng)絡(luò)安全體系
Establishment of cybersecurity system
1.網(wǎng)絡(luò)安全威脅類型
Types of cybersecurity threats
2.常見(jiàn)的安全服務(wù)機(jī)制
Common security service mechanisms
3.構(gòu)建網(wǎng)絡(luò)安全防護(hù)體系政策建議
企業(yè)安全體系搭建培訓(xùn)
轉(zhuǎn)載:http://www.nywlwx.com/gkk_detail/48419.html
已開課時(shí)間Have start time
安全管理內(nèi)訓(xùn)
- 新形勢(shì)下網(wǎng)絡(luò)安全問(wèn)題及應(yīng)對(duì) 孫海榮
- 防微杜漸——班組安全管理7 張曦月
- 《習(xí)總書記有關(guān)安全生產(chǎn)重要 胡月亭
- 《如何做好化工企業(yè)安全管理 胡月亭
- 互聯(lián)網(wǎng)時(shí)代網(wǎng)絡(luò)與信息安全體 孫海榮
- 環(huán)境管理意識(shí)提升 張曦月
- 二十一世紀(jì)以來(lái)我國(guó)網(wǎng)絡(luò)安全 李璐
- 安全制度和安全意識(shí) 張曦月
- 十九大以來(lái)網(wǎng)絡(luò)意識(shí)形態(tài)安全 李璐
- 作為企業(yè)能力的網(wǎng)絡(luò)安全建設(shè) 李璐
- 《工作安全分析(JSA)與 胡月亭
- 總體國(guó)家安全觀下的網(wǎng)絡(luò)信息 李璐