01. Information Security Program Resources Flashcards
Information Security Program Resources
The Information Security Program comprises of a collection of activities used to..
identify, communicate, and address risk
197
Information Security Program Resources
The Security Program consists of…
Controls, processes, and practices
197
Information Security Program Resources
Controls, processes, and practices within the security program are inteded to increase the resilience of the computing environment and ensure that risks are…
known and handled effectively
197
Trends
Numerous organisations still consider cybersecurity as nonstrategic and tactical with security and privacy not part of initial designs of new procuts because security is not seen as…
an enabler but an impediment
198
Outcomes
The primary outcome of a security program is the realisation of its…
strategy, goals, and objectives
198
Outcome
When a security strategy is aligned with th ebusiness and its risk tolerance and operations, the security program will…
act as a business enabler
198
Outcome
The outcomes that should be part of any information security program include…
- Strategic Alignment
- Risk Management
- Value Delivery
- Resource Management
- Performance Management
- Assurance Process Integration
199
Outcome
Effective and efficient resource management over the security program and achieving its primary objectives of risk management and risk reduction will lead to a greater confidence in the business regarding the….
resource requests made by the security manager
199
Outcome
An effective information security program will be aligned with other assurance processes and programs within an organisation, including…
- Human Resources
- Finance
- Legal
- Audit
- Enterprise Risk Management (ERM)
- Information Technology
- Operations
199
Charter
A formal, written definition of the obejctives of a program, its main timelines, sources of funding, names of principal leaders and managers, and the business executives sponsoring it
Charter
199
Charter
A program charter document is typically approved by either…
CEO or Executive Leader
This demonstrates tehs upport from executive leadership to a program
199
Charter
An information security program charter gives authority to the security leader to develop or perform several functions including..
- Develop and enforce security policy
- Develop and implement the risk management process
- Develop and managing security governance
- Develop and direct the implementation and operation of controls
- Develop and direct the implementaiton of key security processes
199
Charter
Whilst a security manager is the facilitator of a security program, ultimate responsibility or ownership for protecting information in the business is..
at the executive leadership and board of directors level
200
Scope
The process by which management define the departments, business units, affiliates, and locations included in the information security program
Scope
200
Scope
By identifying which parts of the organisation are to be included (in scope) and subject to information security governance and policy, the organisation have…
defined the boundaries of the program
200