07. Information Security Program Communications and Reporting (349) Flashcards
Security Operations
Security Operations needs to write reports with target audience in mind
349
Security Operations
Security Manager needs to maintain effective relationships with business units
350
Security Operations
Security manager examins security clauses in legal contracts to ensure they can be met
350
Human Resources
Human Resources important role in organisational security
351
Recruiting
Onboarding
Internal Transfers
Offboarding
Training
Investigations
Discipline
Human Resources
Human Resource Information System (HRIS) integrates with IAM systems
351
Recruiting
Onboarding
Internal Transfers
Offboarding
Training
Investigations
Discipline
352
Facilities
Facilities manage services, processes, and functions that contribute to security
352
Workplace acces control
Workplace surveillance
Equipment check-in/check-out
Guest processing
Security guards
Asset Security
Personnel safety
Information Technology
Many key functions performed by IT with security ramifications
354
Access Control
Architecture
Configuration Hardening
Scanning and patching
Security tools
System monitoring
Security monitoring
Third party connections
Systems Development
Systems Development manages product development life cycle that integrates security at each stage of the life cycle
354
Security and privacy by design
Secure Development
Security testing
Code Reviews
Security review of open source software
Developer training
Protection of the development process
Procurement
Procurement manager can notify security manager on purchase of new hardware/software enabling security manage to perform due dilligence
355
Business Unit Managers
Security managers need to establish good relationships with business managers to understand how the business functions and understand processes
355
Key Business Partners
Many securtiy breaches are connected with third parties. Development of strategic relationships with 3rd parties is essential
356
External Partnerships
Security manager must establish relationship with key external organisations
Law enforcement
Regulators and Auditors
Standards Organisations
Profession Organisations
Security Professional Services Vendors
Securtiy Product Vendors
258
Compliance Management
Security Managers need to report on organisations compliance with policies, standards, regulations, and cybersecurity legal obligations
359
Compliance vs Security
Organisations fall into one or two categories;
Compliance Based
Tick box organisation. Bare minimum possible to pass audit
Security and Risk Based
Organisation understands external standards and use this to develop activities and controls to be more secure
359
Compliance Applicability
Security Managers should build compliance matrix to determine applicability of regulations and standards.
Organisations overspend without reducing risk if only applying requirements for regulations and legal requirements
359
