Chapter 1 Review Flashcards
Chapter 1 - Review
Information security governance is the top-down management and control of these 2 concerns in an organization.
SECURITY and RISK MANAGEMENT
Chapter 1 - Review
Governance is usually undertaken through this group of people that consists of individuals from this level throughout the organization.
SECURITY STEERING COMMITTEE
EXECUTIVES
Chapter 1 - Review
The steering committee is responsible for the overall setting of these 2 things, ensuring that security strategy aligns with the organization’s IT and business strategy and objectives
STRATEGIC DIRECTION and POLICY
Chapter 1 - Review
The directives of the steering committee are carried out through these 2 activities that steer the security organization toward strategic objectives.
PROJECTS and TASKS
Chapter 1 - Review
The steering committee can monitor progress through these 2 methods
METRICS and a BALANCED SCORECARD
Chapter 1 - Review
For an information security program to be successful, it must align with the business and its overall (i)____ , (ii) ____ and ____ , and (iii) ____
MISSION
GOALS and OBJECTIVES
STRATEGY
Chapter 1 - Review
The security program must consider the organization’s notion of these 5 things;
- ____ ; representative worth of something of importance to the organisation
- ____ ; attitudes of the business
- ____ ; Senior management taste for danger
- ____ ; Required by law
- ____ ; The environment within which the organisation is operating
- ASSET VALUE
- CULTURE
- RISK TOLLERANCE / RISK APPETITE
- LEGAL OBLIGATIONS
- MARKET CONDITIONS
Chapter 1 - Review
A successful and aligned security program does not lead the organization but does these 2 things to help it carry out its mission and pursue its goals.
ENABLES and SUPPORTS
Chapter 1 - Review
Security governance is accomplished using the same means as IT governance: it begins with this org level involvement that sets the tone for risk appetite
BOARD LEVEL
Chapter 1 - Review
Security Governance is carried out through this person/role, who develops security and privacy policies and a strategic security program
CHIEF INFORMATION SECURITY OFFICER
(CISO)
Chapter 1 - Review
The strategic security program includes these 8 areas;
- S____ Assurance
- C____ Management
- V____ Management
- C____ Management
- I____ Management
- V____ Management
- S____ A ____ Training
- I____ & A ____ Management
- SOFTWARE ASSURANCE
- CHANGE MANAGEMENT
- VENDOR MANAGEMENT
- CONFIGURATION MANAGEMENT
- INCIDENT MANAGEMENT
- VULNERABILITY MANAGEMENT
- SECURITY AWARENESS TRAINING
- IDENTIDY AND ACCESS MANAGEMENT
Chapter 1 - Review
- SOFTWARE ASSURANCE
- CHANGE MANAGEMENT
- VENDOR MANAGEMENT
- CONFIGURATION MANAGEMENT
- INCIDENT MANAGEMENT
- VULNERABILITY MANAGEMENT
- SECURITY AWARENESS TRAINING
- IDENTIDY AND ACCESS MANAGEMENT
The above are all areas included within this program
STRATEGIC SECURTIY PROGRAM
Chapter 1 - Review
Security governance is used to establish these 2 things in relation to personnel for security-related activities throughout all layers of the organization
ROLES and RESPONSIBILITIES
Chapter 1 - Review
Roles and responsibilities are defined in these 3 places;
- J____ descriptions
- P____ & P ____ documents
- R____ charts
- JOB DESCRIPTIONS
- POLICY and PROCESS DOCUMENTS
- RACI CHARTS
Chapter 1 - Review
The board of directors is responsible for overseeing these in an organization.
ALL ACTIVITIES
Chapter 1 - Review
Boards of directors select and manage a chief executive officer responsible for developing this function to manage;
- Assets
- Budgets
- Personnel
- Processes
- Risk
GOVERNANCE FUNCTION
Boards of directors select and manage a chief executive officer responsible for developing a governance function to manage these 5 things;
- ____ ; Information, information systems things of value to the business
- ____ ; Money for the program
- ____ ; People working within the program
- ____ ; Methodologies
- ____ ; Concerns related to threats, liklihood, and impact
- ASSETS
- BUDGETS
- PERSONNEL
- PROCESSES
- RISK
Chapter 1 - Review
The security steering committee is responsible for this overall in terms of a means to obtain objectives
STRATEGIC PLANNING
Chapter 1 - Review
The security steering committee will develop and approve security policies and appoint managers to develop and maintain these 3 things in the execution of those policies
PROCESSES, PROCEDURES and STANDARDS
Chapter 1 - Review
Processes, procedures and standards should align with one another and with the organization’s overall (i) ____ , (ii) ____ , (iii) ____ and ____
MISSION, STRATEGY, GOALS, and OBJECTIVES
Chapter 1 - Review
The CISO will develop these to be business-aligned and will support the organization’s overall mission and goals
SECURITY STRATEGIES
Chapter 1 - Review
The CISO is responsible for this in the organization’s overall
SECURITY PROGRAM
including policy development, risk management, and perhaps some operational activities such as vulnerability management, incident management, access management, and security awareness training.
Chapter 1 - Review
This person is responsible for the protection and proper use of sensitive personal information
CHIEF PRIVACY OFFICER
(CPO)
AKA DPO
Chapter 1 - Review
The CPO’s information protection responsibilities are sometimes shared with this person, who has overall information protection responsibilities.
CHEIF INFORMATION SECURITY OFFICER
Chapter 1 - Review
The chief compliance officer is responsible these 2 activities
COMPLIANCE TRACKING and REPORTING
Chapter 1 - Review
All roles in IT have ____
SECURITY RESPONSIBILITIES
Chapter 1 - Review
Large organisations will suffer the issue where this will change more slowly than the environment.
STANDARDS
