Knowledge, Information, and Digital Records Management Lesotho

Information Security Governance and Controls Training Course

Information Security Governance is the strategic framework of leadership, organizational structures, and processes that ensure an organization's information security supports its business goals. In an era where cyber threats are increasingly sophisticated and regulatory scrutiny is at an all-time high, simply deploying technical tools is no longer sufficient. Do you know if your current security investments are actually reducing the risks that matter most to your board? This course addresses the critical gap between technical security operations and executive-level oversight by providing a structured approach to GRC (Governance, Risk, and Compliance). You will explore how to leverage internationally recognized standards such as ISO/IEC 27001 and COBIT 2019 to build a resilient security posture that survives both audits and attacks.

This course is designed as a bridge for professionals moving from technical roles into strategic management or for existing leaders who need to formalize their governance structures. Information Security Governance enables professionals to define clear accountability, manage risk appetite, and demonstrate the business value of security initiatives. Can you prove the effectiveness of your control environment when a major stakeholder asks for a maturity report? By the end of this program, Information Security Managers, GRC Analysts, and IT Auditors will be equipped with the templates and frameworks necessary to lead organizational change. You will move beyond reactive firefighting to proactive, evidence-based governance that protects both reputation and revenue.

Duration
5 Days
Duration
Certificate
Certificate
Included
Delivery
Instructor-Led
Delivery
Level
Intermediate
Level
Download Brochure

Choose Your Preferred Training Format

Training Options

Reserve Your Spot Today — Pay When You're Ready!

Live Online Training

Join from anywhere with interactive virtual sessions

Starts
Ends
Weekend (4 Wks)
USD 850
Register Group
Starts
Ends
Mon - Fri (5 Days)
USD 850
Register Group
Starts
Ends
Weekend (4 Wks)
USD 850
Register Group
Starts
Ends
Mon - Fri (5 Days)
USD 850
Register Group
Starts
Ends
Weekend (4 Wks)
USD 850
Register Group
Starts
Ends
Mon - Fri (5 Days)
USD 850
Register Group
Starts
Ends
Mon - Fri (5 Days)
USD 850
Register Group

Classroom Training

In-person sessions at premier locations

Nairobi Kenya
Mon - Fri
5 Days
USD 1,600
View Sessions
Kigali Rwanda
Mon - Fri
5 Days
USD 1,900
View Sessions
Dubai United Arab Emirates (UAE)
Mon - Fri
5 Days
USD 4,100
View Sessions
Addis Ababa Ethiopia
Mon - Fri
5 Days
USD 2,400
View Sessions
Customized Content
Team Training
Flexible Dates

In-person training at our premier venues — pick a city and date that works for you.

Location Duration Fee Language
Nairobi, Kenya Mon - Fri (5 Days) USD 1,600 English See dates & reserve →
Kigali, Rwanda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Dubai, United Arab Emirates (UAE) Mon - Fri (5 Days) USD 4,100 English See dates & reserve →
Addis Ababa, Ethiopia Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Abuja, Nigeria Mon - Fri (5 Days) USD 2,800 English See dates & reserve →
Zanzibar, Tanzania Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Mombasa, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →
Cape Town, South Africa Mon - Fri (5 Days) USD 3,900 English See dates & reserve →
Johannesburg, South Africa Mon - Fri (5 Days) USD 3,500 English See dates & reserve →
Kampala, Uganda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Pretoria, South Africa Mon - Fri (5 Days) USD 3,300 English See dates & reserve →
Lagos, Nigeria Mon - Fri (5 Days) USD 2,500 English See dates & reserve →
Arusha, Tanzania Mon - Fri (5 Days) USD 2,000 English See dates & reserve →
Dar es Salaam, Tanzania Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Naivasha, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →

Live, instructor-led sessions you can join from anywhere — pick the next start date below.

Code Start Date End Date Duration Fee
ISG-01 Weekend (4 Weeks) USD 850 Reserve my seat → Reserve team seats →
ISG-01 Mon - Fri (5 Days) USD 850 Reserve my seat → Reserve team seats →
ISG-01 Weekend (4 Weeks) USD 850 Reserve my seat → Reserve team seats →
ISG-01 Mon - Fri (5 Days) USD 850 Reserve my seat → Reserve team seats →
ISG-01 Weekend (4 Weeks) USD 850 Reserve my seat → Reserve team seats →
ISG-01 Mon - Fri (5 Days) USD 850 Reserve my seat → Reserve team seats →
ISG-01 Mon - Fri (5 Days) USD 850 Reserve my seat → Reserve team seats →

Our instructor comes to your office — same curriculum and accredited certificate, with case studies built around the work your team actually does.

Team Training

Train your entire team together in a familiar environment for better collaboration

Fully Customized

Content tailored to your industry, tools, and specific business challenges

Cost Effective

Save on travel & accommodation costs when training multiple employees

Flexible Scheduling

Choose dates that work best for your team's availability and projects

How It Works
1
Request a Quote

Tell us about your team size, preferred dates, and training goals

2
Get a Custom Proposal

Receive a tailored training plan and competitive pricing within 24 hours

3
We Come to You

Our certified trainer arrives ready to deliver impactful, hands-on training

Ready to upskill your team on Information Security Governance and Controls Training?

No commitment required · Response within 24 hours

What You'll Master in This Training

Built by industry pros — practical insights, real-world examples, and strategies you can apply immediately.

Module 1: Information Security Governance Foundations

  • Distinction between Security Management and Security Governance
  • The Five Domains of Information Security Governance
  • Organizational Structures: Committees, Roles, and Responsibilities
  • Legal and Regulatory Drivers for Governance Excellence
  • Exercise: Create a Security Governance RACI Matrix
  • Developing an Information Security Strategy and Roadmap
  • Aligning Security with Enterprise Architecture and Business Drivers
  • Value Delivery: Justifying Security Investments and ROI
  • Integrating Security into the Business Life Cycle
  • Exercise: Draft a Security Strategy Alignment Map
  • ISO 31000 and NIST 800-30 Risk Management Standards
  • Defining Risk Appetite and Risk Tolerance Levels
  • The Enterprise Risk Register
  • Exercise: Conduct a Business Impact Analysis (BIA)
  • ISO/IEC 27001:2022 Information Security Management Systems
  • The CIS Critical Security Controls (v8) Implementation Groups
  • NIST Cybersecurity Framework (CSF) Core and Profiles
  • Selecting Compensating Controls and Managing Exceptions
  • Exercise: Design a Security Control Selection Matrix
  • COBIT 2019 Core Principles and Governance Components
  • Using Design Factors to Tailor Security Governance
  • Governance and Management Objectives for Information Security
  • Performance Management using COBIT Maturity Levels
  • Exercise: Build a Tailored Governance System Profile
  • Governance Requirements for GDPR, HIPAA, and PCI-DSS
  • Building a Common Control Framework (CCF) for Multi-Compliance
  • Audit Management and Responding to Regulatory Inquiries
  • The Role of Internal and External Audit in Governance
  • Exercise: Map Controls to Multiple Regulatory Standards
  • Shared Responsibility Models in Cloud Governance
  • Vendor Risk Management (VRM) and Due Diligence Processes
  • Governance of SaaS, PaaS, and IaaS Environments
  • Supply Chain Security and Software Bill of Materials (SBOM)
  • Exercise: Develop a Vendor Security Assessment Checklist
  • Developing Key Performance Indicators (KPIs) and KRIs
  • Measuring Control Effectiveness and Process Maturity
  • Automated Security Metrics and GRC Tool Integration
  • Benchmarking Security Performance against Industry Peers
  • Exercise: Build a Security Governance Dashboard
  • Governance Oversight of Incident Response Plans (IRP)
  • Business Continuity and Disaster Recovery Governance
  • Crisis Management and Executive Communication Protocols
  • Post-Incident Governance: Lessons Learned and Root Cause Analysis
  • Exercise: Design a Crisis Communication Flowchart
  • Reporting Security Risk to the Board of Directors
  • Building Buy-in for Governance Initiatives with Business Units
  • The Annual Security Report
  • AI-Assisted Reporting and Data Visualization for Governance
  • Exercise: Create a Board-Level Security Status Report

Drop Us a Query

Fill out the form below and we'll get back to you.

About the Course

The modern enterprise operates in a landscape of fragmented regulations and hyper-connected supply chains, making Information Security Governance a non-negotiable business capability. Organizations today require results they can prove through data-driven metrics rather than anecdotal evidence. To succeed in this field, you must demonstrate five core capabilities: strategic alignment of security with business drivers, comprehensive risk management using standardized methodologies, effective resource management, performance measurement through Key Goal Indicators (KGIs), and value delivery that justifies security spending. This course provides the roadmap to master these domains using the NIST Cybersecurity Framework (CSF) and the CIS Controls as your primary guides.

You will learn how to transform scattered security activities into a cohesive, audited system. Specifically, you will practice conducting maturity assessments, designing control matrices, and drafting governance charters that define clear roles and responsibilities. This course teaches you to apply the COBIT 2019 design factors to tailor a governance system that fits your specific organizational context. You will be introduced to the complexities of multi-jurisdictional compliance and third-party risk management, while gaining hands-on experience in building a security dashboard that speaks the language of the executive suite. We acknowledge the real-world constraints of budget limitations and talent shortages, positioning this training as a toolkit for delivering high-impact governance under realistic operational pressures.

Target Audience

This program is essential for professionals responsible for the strategic oversight and compliance of information assets within their organizations.

  • Information Security Governance Lead responsible for framework implementation
  • IT Compliance Manager overseeing regulatory adherence and audit readiness
  • GRC Analyst managing enterprise risk registers and control mapping
  • Chief Information Security Officer (CISO) aligning security with business strategy
  • IT Auditor evaluating the effectiveness of security control environments
  • Risk Management Specialist focusing on digital and information assets
  • Data Privacy Officer ensuring alignment between security and privacy controls
  • Security Operations Manager transitioning into a strategic leadership role
  • Third-Party Risk Manager assessing vendor security governance maturity
  • IT Governance Consultant advising clients on framework adoption

Course Objectives

This course equips you to design, implement, and measure information security governance initiatives that protect assets, ensure compliance, and drive strategic value.

  • Analyze current governance maturity using the CMMI-based maturity models
  • Apply COBIT 2019 principles to design a tailored security governance system
  • Build a comprehensive Information Security Strategy aligned with business objectives
  • Construct a robust Risk Register using ISO 31000 and NIST 800-30
  • Design a control matrix based on ISO/IEC 27001 and CIS Controls
  • Evaluate the effectiveness of security controls through automated monitoring tools
  • Navigate complex regulatory requirements including GDPR and industry-specific standards
  • Synthesize security performance data into executive-level KPI dashboards and reports

Requirements & Prerequisites

Participants should have at least 3 years of experience in IT, information security, or internal audit. A basic understanding of risk management concepts and familiarity with common security technologies (firewalls, encryption, IAM) is required. This is an intermediate-level course focused on management and governance rather than technical configuration.

Local Application and Business Return

How participants can apply the training in local operating conditions, and the return their organisation can plan for.

How participants apply this

Participants would use this course to define who owns information security decisions, what control objectives matter most, and how to track whether those controls are effective. They would map key risks to policies, procedures, and assurance activities, then produce evidence for management reports, audits, and incident reviews. In day-to-day work, that means turning technical findings into board-ready language, documenting control responsibilities, and prioritising fixes based on business impact rather than volume of alerts. It also helps teams build more disciplined security review cycles, from access control and incident response to periodic control testing.

Expected ROI

Within 6 to 12 months, organisations usually see clearer accountability, better audit readiness, and fewer gaps between policy and practice because control owners know what they are responsible for. Leadership can make faster decisions on which risks to accept, reduce, transfer, or treat, and security teams spend less time defending isolated technical issues and more time showing business impact. The most visible benefits are stronger reporting, more consistent control evidence, and improved coordination between IT, risk, compliance, and senior management. For many organisations, the practical ROI is lower governance friction and fewer surprises during audits or incidents.

Training Methodology

This is a practical, outcome-driven course designed to turn governance aspirations into measurable action and credible reporting.

Methodology includes:

  • Hands-on maturity assessment exercise using the CMMI-based scoring tool
  • Scenario simulation requiring risk appetite definition for a digital transformation project
  • Control mapping workshop using the CIS Controls and ISO 27001 Annex A
  • Stakeholder mapping exercise to define the RACI matrix for security governance
  • Case study analysis of governance failures in the finance and healthcare sectors
  • Group workshop producing a draft Information Security Governance Charter
  • Reflection exercise benchmarking current organizational practices against COBIT 2019 standards

Upcoming Sessions

Next available dates worldwide

Virtual

(Zoom) Training
USD 850
22nd Jun-26th Jun 2026
Reserve my seat See all dates

Nairobi

Kenya
USD 1,600
29th Jun-3rd Jul 2026
Reserve my seat See all dates

Kigali

Rwanda
USD 1,900
29th Jun-3rd Jul 2026
Reserve my seat See all dates

Dubai

United Arab Emirates (UAE)
USD 4,100
29th Jun-3rd Jul 2026
Reserve my seat See all dates

Addis Ababa

Ethiopia
USD 2,500
20th Jul-24th Jul 2026
Reserve my seat See all dates

Zanzibar

Tanzania
USD 2,400
20th Jul-24th Jul 2026
Reserve my seat See all dates

Abuja

Nigeria
USD 2,800
27th Jul-31st Jul 2026
Reserve my seat See all dates

Mombasa

Kenya
USD 1,700
22nd Jun-26th Jun 2026
Reserve my seat See all dates

Cape Town

South Africa
USD 3,900
27th Jul-31st Jul 2026
Reserve my seat See all dates

Johannesburg

South Africa
USD 3,500
22nd Jun-26th Jun 2026
Reserve my seat See all dates

Pretoria

South Africa
USD 3,300
20th Jul-24th Jul 2026
Reserve my seat See all dates

Kampala

Uganda
USD 1,900
27th Jul-31st Jul 2026
Reserve my seat See all dates

Lagos

Nigeria
USD 2,500
29th Jun-3rd Jul 2026
Reserve my seat See all dates

Certification

Recognized credentials that advance your career

Participants who complete the Information Security Governance and Controls Training Program earn a Trainingcred Certificate of Achievement, demonstrating professional competence and alignment with global standards in learning and development.

NITA Accredited

Accredited by the National Industrial Training Authority, ensuring programs meet nationally recognized standards of quality and relevance.

CPD Certified

Recognized by the CPD Certification Service, ensuring every program meets internationally benchmarked standards of professional excellence.

Each certification reflects practical expertise, strategic insight, and readiness to excel in today's competitive, fast-evolving workplace.

Why this course earns its place on your CV

Accredited training, practitioner trainers, and peers on the same career track — the three things real expertise is built on.

Strategic Skills Relevance

  • Master governance frameworks that align security initiatives with business objectives.
  • Learn to design, implement, and audit effective information security controls.
  • Bridge the gap between technical security measures and executive-level decision-making.

Career Advancement

  • Position yourself for senior roles in information security management and leadership.
  • Gain expertise employers actively seek for governance, risk, and compliance positions.
  • Differentiate your profile in a rapidly growing cybersecurity job market.

Practical Credibility

  • Apply real-world control frameworks directly to your organization from day one.
  • Train with industry-aligned content rooted in established security governance standards.
  • Build confidence to lead security audits, policy reviews, and risk assessments.

Real Results from Real Professionals

Thousands of professionals have transformed their careers through our training programs. Now, it's your turn.

View All Reviews

Local market advisory

Course relevance for Lesotho

A country-specific view of market pressure, regulatory context, and practical business return behind this training.

  • Market context
  • Regulatory fit
  • Business application

Why this course matters in Lesotho

A market-specific advisory on the operating pressures this course helps teams address.

Information Security Governance and Controls training matters in Lesotho because board-level oversight, documented accountability, and risk-based control design are now central to managing cyber risk in any organisation that handles sensitive data or depends on digital services. The course is especially relevant for senior managers, IT auditors, risk/compliance teams, and public-sector leaders who must decide whether security spending is actually reducing business risk and supporting continuity. It helps leaders move from ad hoc technical fixes to a governed control environment that can stand up to audits, stakeholder scrutiny, and incident response demands. In practice, it supports better decisions on control priorities, accountability, and acceptable risk.
Board oversight is the gap to close

The course is most valuable where cyber decisions are still being made at technical level without clear executive ownership, because governance frameworks require named accountability and board visibility over risk, controls, and response readiness.

Risk appetite must be explicit

Lesotho organisations benefit from training that translates security activity into risk appetite, control objectives, and evidence of effectiveness, which is critical when leaders need to justify budgets or defend the control environment to auditors and stakeholders.

Control evidence matters more than tool count

This course is useful for organisations that already have security tools but struggle to prove whether they are working, because governance and controls training focuses on policies, metrics, testing, and maturity reporting rather than technology alone.

The training is timely because organisations increasingly need defensible governance over cyber risk, not just technical protection, and this pressure is strongest in regulated, data-heavy, and service-delivery environments. It is also relevant where digital transformation is expanding the attack surface faster than management capability to oversee controls.

Frequently Asked Questions

Got questions? We've gathered the answers to common queries to help you feel confident and informed.

It is most relevant for information security managers, IT auditors, risk and compliance officers, internal control teams, and senior managers who oversee digital operations. Board members and functional leaders also benefit when they need to understand cyber risk in business terms rather than technical details.

Governance defines who is accountable, what risks matter, and how controls are measured and reviewed. Tools are only part of the picture; without governance, organisations may own many products but still fail to prove that risk is actually being reduced.

Delegates should be able to help build or improve security policies, control frameworks, reporting lines, and risk-based review processes. They should also be better prepared to present evidence of control effectiveness to management, auditors, or other stakeholders.

Non-technical leaders often approve budgets, set priorities, and sign off on risk decisions, so they need to understand how governance and controls work. The course helps them ask the right questions and make informed decisions without needing to operate the technical tools themselves.

Trusted by 100+ organizations across 40+ countries

Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University