Information Security Governance and Risk Management

The Information Security Governance and Risk Management domain entails the identification of an organization’s information assets and the development, documentation, implementation and updating of policies, standards, procedures and guidelines that ensure confidentiality, integrity and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify threats, classify assets, and to rate their vulnerabilities so that effective security measures and controls can be implemented.

The candidate is expected to understand the planning, organization, roles and responsibilities of individuals in identifying and securing organization’s information assets; the development and use of policies stating management’s views and position on particular topics and the use of guidelines, standards, and procedures to support the policies; security training to make employees aware of the importance of information security, its significance, and the specific security-related requirements relative to their position; the importance of confidentiality, proprietary and private information; third-party management and service-level agreements related to information security; employment agreements, employee hiring and termination practices, and risk management practices and tools to identify, rate, and reduce the risk to specific resources.

Chapter 6 covers this domain, which deals with these major topics:

check.png Understanding and aligning security functions with organizational goals, missions, and objectives

check.png Understanding and applying security governance, including concepts, processes, and compliance

check.png Meeting demands for confidentiality, integrity, and availability

check.png Developing and implementing security policies, procedures, standards, guidelines, and documentation

check.png Managing the information life cycle

check.png Managing third-party governance

check.png Defining concepts and principles of risk management

check.png Establishing policies, practices, and controls for personnel security

check.png Maintaining security education, training, and awareness

check.png Managing security functions, including budgets, metrics, and resources

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.222.110.183