Ah, miss, it is a pity you didn’t let me know what you were planning, for I would have told you that your pains were wasted.
— The Adventure of the Copper Beaches, Sir Arthur Conan Doyle
Everyone has a plan ‘till they get punched in the face.
— Mike Tyson
CHAPTER 2: Security Governance
CHAPTER 3: Information Risk Assessment
CHAPTER 4: Security Management
Part I provides an overview of approaches for managing and controlling the cybersecurity function; defining the requirements specific to a given IT environment; and developing policies and procedures for managing the security function. Chapter 2 introduces the concept of information security governance. The chapter discusses how security governance enables the direction and oversight of information security-related activities across an enterprise, as an integrated part of corporate governance. Chapter 3 discusses the range of issues dealing with defining security requirements for an organization and developing procedures to ensure compliance. Chapter 4 focuses on security issues that are primarily related to the internal policies and operation of an organization. This includes: (a) security policy and organization: issues related to defining a comprehensive security policy, keeping it up to date, and effectively communicating it; and (b) information security management: issues relating to the management of the information security function, to ensure good practice in information security is applied effectively and consistently throughout the organization.
3.135.203.86