Chapter 2 review Flashcards
Chapter 2 Review
A strategy is a plan to achieve a defined set of these
OBJECTIVES
Chapter 2 Review
Objectives are the desired what in an organization, and within the organization’s information security program
FUTURE STATE
Chapter 2 Review
A strategy should be business aligned to be able to deliver on these 3 things.
1. ____ ; Demonstrate good investment
2. ____ ; Demonstrate cost-benefit by getting the most out of available components
3. ____ ; Demonstrate the above through reporting
- VALUE
- OPTIMIZE RESOURCES
- BE MEASURABLE
Chapter 2 Review
To be successful, an information security program must be aligned with the business and its overall (i) ____ ,(ii) ____ and ____ ,(iii) ____
- MISSION
- GOALS AND OBJECTIVES
- STRATEGY
Chapter 2 Review
A successful and aligned security program does not lead the organization, but will instead do this for it.
ENABLE AND SUPPORT
Chapter 2 Review
Risk assessments, vulnerability assessments, threat assessments, business impact analysis, metrics, a risk register, and incident logs are a number of resources used reveal the organisations current state which helps in the development of this that helps achieve objectives.
DEVELOPMENT OF A STRATEGY
Chapter 2 Review
- policy
- standards
- guidelines
- processes and procedures
- architecture
- controls
- staff skills
- insurance
- outsourced services.
Inputs from the above are required to better define the structure of this program
SECURITY PROGRAM
Chapter 2 Review
It is critical that the security leader understands this about the security team, IT department, and entire organisation
CULTURE
Chapter 2 Review
A security strategist must first understand this in order to develop a strategy and then be able to define a desired future state
CURRENT STATE
Chapter 2 Review
This technique helps the strategist understand missing capabilities.
GAP ANALYSIS
Chapter 2 Review
This planning tool defines the steps to develop missing capabilities and augment existing capabilities
ROADMAP
Chapter 2 Review
Strategic planning can be supported by a SWOT analysis;
- S____
- W____
- O____
- T____
- STRENGTHS
- WEAKNESS
- OPPORTUNITIES
- THREATS
Chapter 2 Review
The strategist may employ one or more of these to help determine appropriate future states of key security processes. An example includes CMMI-DEV
CAPABILITY MATURITY MODEL
Chapter 2 Review
Strategy development beings with the development of these 2 componets of a security program, 1 defines the way security governance is applied and the other techniques and methods used to reduce identified risks.
SECURITY POLICIES and CONTROLS
Chapter 2 Review
A security leader may choose to align the structure of security policy and controls to one of several standards;
- ____ 2019
- NIST SP 800- ____
- NIST SP 800- ____
- ISO/IEC ____
- H ____ / H ____
- P ____ D ____
- C ____ C ____
- COBIT 2019
- NIST SP 800-53
- NIST SP 800-171
- ISO/IEC 27002
- HIPAA / HITECH
- PCI DSS
- CIC CSC