11 - Enterprise Flashcards
Enterprise Security Management
Process of controlling config, deployment and monitoring of security policy
Security Governance
Ensure compliance with its policies, processes, standards and guidelines
Goal/Focus of Security Governance
Goal: Meet business requirements
Focus: Ensure all are following rules
Security Management vs Security Governance
Sec man is about decisions to mitigate risks but governance determines who can make decisions
Before ESM deployment can begin:
(3 things)
- Identify critical resources
- Perform risk assessment
- Develop security policy
Policy
A doc that states how the org is to perform and conduct business functions and transactions with a desired outcome
Security Policy should cover …
every threat to the system, people and information
Security policy guides..
the day-to-day security operations, processes and procedures in orgs.
Security policy discusses the types of control but not…
how to build a control
Examples of security policy topics
- Network access
- Password
- Policy enforcement
- Support
policy vs standards
Policy implement controls on a system to make it compliant
Standards influence the creation of policies
Procedures
The how to of a task
including responding to an incident
Developing a security policy
(7 steps)
DOADDDE
- Define problem
- Obtain stakeholder support
- analyse problem
- define policy content
- define evaluation criteria, monitoring, review and update procedures
- develop implementation plan
- evaluate policy impact
3 business drivers for security policies
- Cost
- Customer satisfaction
- Compliance
Why do we need a security policy?
To ensure the consistent protection of info flowing through the entire system.