5.5 Essential Elements of an Information Security Program
6 hours 30 minutes
Okay. Now, some elements of the security program
I s strategy. It's the execution. So we had this strategy, this vision,
putting it into work,
aligned with business goals. Surely that's the first time you've heard me say that. All class, right, alignment with the business. Which is exactly why the chief operating officer is a good sponsor for this program.
Our management stakeholders have to be involved. So, like I said, it's not just the chief operating officer sitting down and writing out some policy, right? This is a project, and it's a major project. So we have to make sure that we have a cross functional team that's involved. We asses ums will be
We may be the project manager, but it's certainly just not on our shoulders alone.
And when we put controls in place when we change the game, you know, so to speak. When we implement, um, new administrative policies, we have to know if it works. Was this a good decision? Do I need to modify it?
You can't determine if it works till you define what working means, and we do that through metrics will establish metrics well before the program is implemented and we'll lay out our goals and what it means for each of these controls to meet their objectives. Okay, that's again nothing new.
So Ah, this slide, you've heard it. You've seen it. But, man, let me tell you this. If you see those saying my ideas who over and over and over again, as I know you do
in this course, that's really got a stress to you, The essential nature of what I Sacha is preaching with this exam.
And I will tell you I think that they're just some principles that if you absorb and if you go back every time
the business cost benefit analysis, risk analysis or not even risk analysis risk management. Starting with valuing your assets, senior management buy in. And I think you'll be okay on this test. If you could answer every question with those in mind
Are you a Linux systems administrator seeking to learn the best practices for securing your ...
12 CEU/CPE Hours Available
Certificate of Completion Offered
ISACA Certified in Risk and Information Systems Control (CRISC)
Demonstrate your expertise in identifying and managing IT risk within an enterprise and in implementing ...