top of page
Image by Markus Spiske

Data Protection and Privacy

  • Personal Attributes
    remaining calm under pressure self-management communicating with non-technical colleagues about technical matters producing written and verbal reports managing suppliers prioritising complex sets of demands understanding business and user needs evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action
  • Knowledge
    Working in a cyber security role requires specialist knowledge, and some roles require a lot. Such knowledge can be acquired in several ways and, although the requirements for any given role are described here in terms of Knowledge Areas (KAs) from the Cyber Security Body of Knowledge (CyBOK), this doesn't mean that a cyber security specialist must read the relevant sections of CyBOK. Increasingly, however, cyber security qualifications, training and skills definitions are being mapped to CyBOK - so the KAs are a good way of describing the knowledge associated with a specialism. As with skills, as a Cyber Security Generalist you may, in some cases, need to have some knowledge of every aspect of cyber security. In most cases, however, you will not need to be able deliver the services, needing only to know enough to be able to commission and assess the provision of technical services by others, which may include external suppliers. The Knowledge Areas (KAs) listed below are therefore those you're most likely to need. You may need additional KAs, depending on which services you're most closely involved in delivering. You're most likely to have a very good understanding of the Core Knowledge, which is essential to performing the role. You may still need a good understanding of the Related Knowledge, but not to quite the same degree. You may need a much less detailed understanding of the elements of Wider Knowledge, which provides context for your work. Coming into such a role, you will not be expected to have all his knowledge initially. But, given the wide range of tasks and the rigour with which standards must be followed, you'll need to have most of the Core knowledge. CORE KNOWLEDGE Risk Management and Governance Security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation. Security Operations & Incident Management The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence. And, if the responsibilities include Industrial Control Systems (ICSs): Cyber-Physical Systems Security Security challenges in cyber-physical systems, such as the Internet of Things and Industrial Control Systems, attacker models, safe-secure designs, and security of large-scale infrastructures.
  • Related Knowledge
    Law & Regulation International and national statutory and regulatory requirements, compliance obligations, and security ethics, including data protection and developing doctrines on cyber warfare. Authentication, Authorisation & Accountability All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems. Malware & Attack Technologies Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches. Human Factors Usable security, social & behavioural factors impacting security, security culture and awareness as well as the impact of security controls on user behaviours. Privacy & Online Rights Techniques for protecting personal information, including communications, applications, and inferences from databases and data processing. It also includes other systems supporting online rights touching on censorship and circumvention, covertness, electronic elections, and privacy in payment and identity systems. Network Security Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security. And, if the responsibilities include public-facing systems: Web & Mobile Security Issues related to web applications and services distributed across devices and frameworks, including the diverse programming paradigms and protection models.
  • Wider Knowledge
    Secure Software Lifecycle The application of security software engineering techniques in the whole systems development lifecycle resulting in software that is secure by default. Forensics The collection, analysis, and reporting of digital evidence in support of incidents or criminal events.
  • Skills
    Governance Legal and Regulatory Environment and Compliance Third Party Management Risk Assessment Information Risk Management Secure Operations Management Data Protection Cyber security awareness training Monitoring system performance and security
  • Recommended Training and Qualifications
    Entry Level British Computer Society Certificate in Information Security Management Principles (CISMP) – NCSC Certified PECB Certified ISO 31000 Risk Manager NIST Cyber Security Professional (NCSP®) Foundation Certificate – NCSC Certified PECB Certified ISO/IEC 27001 Foundation Cyber Incident Planning and Response (CIPR) – NCSC Certified Practitioner British Computer Society Certificate in Information Security Management Principles (CISMP) – NCSC Certified PECB Certified ISO 31000 Risk Manager NIST Cyber Security Professional (NCSP®) Boot Camp (Foundation and Practitioner) Certificate – NCSC Certified PECB Certified ISO/IEC 27001 Lead Implementer PECB Certified ISO/IEC 27001 Lead Auditor Cyber Incident Planning and Response (CIPR) – NCSC Certified
Image by Markus Spiske

Data Protection & Privacy

Data Protection & Privacy is the management of the protection of data, enabling an organisation to meet its contractual, legal and regulatory requirements.

As a Data Protection & Privacy practitioner you'll have the opportunity to grow and take on responsibility from the first day in a challenging but rewarding environment.

In the main, you provide expert technical knowledge in data protection, deploying a range of methodologies to manage data risks on a day-to-day basis. If you're part of a larger team, you work with the Data Protection & Privacy Lead or a departmental manager to promote best practice for data protection throughout the organisation. 

 

Your responsibilities may include responding to data subject access requests, completing privacy impact assessments and managing fair processing notices for personal data.

You follow developments in privacy and data protection, maintaining a professional expertise and personal interest in these subjects. 

With more experience, you may lead the data protection and privacy team, assisting the organisation 

On the program learners will receive knowledge and skills relating to the following areas:

  • Legal and Regulatory Environment

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR)

  • Governance

  • Common Standards and Frameworks

  • NIST Cyber Security Framework

  • ISO/IEC 27001

  • Risk Management

  • Records Management

  • Asset Management

  • Authentication, Authorisation and Accountability

  • Human Factors

  • Physical Security

  • Network Security

  • Secure Development Lifecycle

  • Supply Chain Security

  • Incident Management

  • Monitoring System Performance

  • Audit

  • Security Policy and Procedure

  • Awareness training and delivery

in maintaining data protection and privacy standards and ensuring compliance with the Data Protection Act and other relevant legislation. You'll also contribute to the development of your team(s) through training and coaching.

Entry Level Program
£9,750.00 (ex VAT)

Learners will receive...

  • British Computer Society (BCS) Certificate in Information Security Management Principles (CISMP) – 4-days Instructor led with exam voucher**

  • PECB Certified ISO 31000 Risk Manager – self-paced, eLearning with exam voucher

  • Role of a DPO – 1 day Instructor led with exam voucher

  • GDPR Practitioner Certificate – 4 days Instructor led with exam voucher

  • Cyber Security for DPOs – 1 day Instructor led with exam voucher

  • PECB Certified ISO/IEC 27001 Foundation Certificate – 2 days Instructor led with exam voucher

  • PECB Certified ISO/IEC 27002 Foundation Certificate – 2 days Instructor led with exam voucher

  • NIST Cyber Security Professional (NCSP®) Foundation Certificate – self-paced, eLearning with exam voucher**

** - NCSC Assured Training

Practitioner Level Program
£13,750.00 (ex VAT)

Learners will receive...

  • British Computer Society (BCS) Certificate in Information Security Management Principles (CISMP) – 4-days Instructor led with exam voucher**

  • PECB Certified ISO 31000 Risk Manager – self-paced, eLearning with exam voucher

  • Role of a DPO – 1 day Instructor led with exam voucher

  • GDPR Practitioner Certificate – 4 days Instructor led with exam voucher

  • Cyber Security for DPOs – 1 day Instructor led with exam voucher

  • Advanced Certificate in GDPR – 4 days Instructor led with exam voucher 

  • PECB Certified ISO/IEC 27001 Lead Implementer – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Auditor – self-paced, eLearning with exam voucher

  • NIST Cyber Security Professional (NCSP®) 800-53 Practitioner Certificate – 5-days Instructor led with exam voucher**

  • Cyber Incident Planning and Response (CIPR) Certificate – self-paced, eLearning with exam voucher**

** - NCSC Assured Training

bottom of page