Introduction to Information Security Management - Begginers Module

Bucharest 04 December 2019 - 05 December 2019

Trainer: Theodor Adam, Victor Rotaru, Florin Andrei și Larisa Găbudeanu


In this course we set out to discuss the basics of information security management by presenting the main aspects concerning the management through processes and basic concepts of information security.

The material is an introduction and makes available to attendees the notions necessary for understanding the principles and concepts of management through processes, together with basic principles and concepts concerning information security.

This course presents the best practices in the field and is aligned with the ASF Norm no. 4/2018 and with European legislation in terms of data protection (GDPR), with concepts mentioned also in the “Operational Risk Management – Information Technology Risk” course.

Target group

  • Employees in positions related to management of operational and informational risk and information security in the financial services sector
  • Data Protection Officers (DPO)
  • Individuals interested in a career in the respective fields (IT, Informational Risk, Operational Risk)


Level of expertise necessary for participating in the program:

  • University degree in technical or economic domains

Course objectives

  • Understanding the concept of management through processes
  • Understanding the purpose and the objectives of information security in an organisation and in the current legal context
  • Understanding the requirements for data protection in the context of information security
  • Gaining knowledge about basic concepts of management through processes and information security




  1. Establishing the current context
  2. Introduction to information security
  3. Information security requirements based on legal obligations concerning data protection
  4. About  information security
  5. Roles and responsibilities within organization
  6. Controls and types of controls
  7. Cryptography
  8. Risk and risk management in information security
  9. The current legislative environment
  10. Standards
  11. Communication and management of expectations
  12. Conclusions
  13. Questions and answers
  14. Examination



Teaching method


Flipchart, projector/TV set for presentations, flipchart and printed training manual. Topics are illustrated with examples and students interactions.

Bibliography included in the training material.


Victor Rotaru - IT and DPO expert, with a vast experience in information security management and operational management, having an international and multicultural exposure in international banking groups, as well as teaching experience with IBR (Romanian Banking Institute) and ISF (Financial Studies Institute)


Larisa Găbudeanu – data protection specialist, with a vast experience as a lawyer in an international law firm, counselling international clients and coordinating projects related to baking, IT law and data protection . In addition, she has good knowledge about information security and risk management gathered in a banking regional group and from her specialized education (in addition to graduating the Law Faculty, Larisa also graduated from the Informatics Faculty at the University in Bucharest and is currently finalizing the Information Security Master with the Faculty of Cybernetics).


Theodor Adam – graduated from the Faculty of Electronics and Telecommunications (UPB, 1995) and Academic Postgraduate Management Studies (UPB, 2002), worked in the IT, Financial and Legal Services industries (as an engineer for IBM, IT Director for NN Romania and for Kinstellar). He has a 24 years experience in IT and 19 years in management, taught technical trainings on behalf of IBM Romania and led IT organizations in NN and Kinstellar. Experienced with application development management processes, infrastructure, business continuity and disaster recovery, strategic planning, management by objectives, project management, IT operations.


Florin Andrei – Information Security specialist, with broad experience and exposure in the field. He has fulfilled multiple roles spanning from helpdesk officer and network administrator to information security officer, risk and physical security officer as well as coordination roles for risk management and IT security activities. National and international exposure within various companies and fields such as outsourcing, insurance and IT Security services.

Duration / Period

The program will last for 12 hours and will take place in September 23rd and 24th , 2019 between 09:00-15:00.


The necessary investment for participating to this program is of 550 lei + VAT/person. It includes written course support, coffe break, lunch and participation cerificate.


At the above fee the following discounts will be granted:

  • 5% for the registration of at least 2 persons from the same organisation.
Apply for course
Helpful information to complete the form.

 Newsletter ISF

Abonează-te acum pentru a primi ultimele noutăți. Suntem prezenți și pe rețelele de socializare și