CRISC

Course
Time
6 hours 30 minutes
Difficulty
Advanced
CEU/CPE
7

Video Transcription

00:32
so looking at the frameworks, we're now gonna build our architecture. So in this section,
00:38
here's where the hardware, the software, the firmware and that's what those acronyms hardware software for where stand for Smeaton the business objectives
00:48
and with that architecture because it describes the inner operation
00:53
of all of those elements of our environment. We have to make sure that they work well together. So it's not enough just to signify that a device or mechanism works doesn't work in my environment.
01:04
Consistent. We have to think about scale, ability. Can we grow in the future? Do we have the environment in place so that if we, um,
01:15
take on another organization if we hire two under people, we have a huge boost in sales. Can we handle it?
01:23
Can we? If we're not immediately there, can we upgrade the equipment that we have? Can we bring in additional elements? Can we meet our needs? Right? Can the architecture Vern buyer environment not hold us back from implementing our goals is really kind of what we're saying here.
01:38
So when we talk about architecture, we could talk about business architecture, right? The elements of strategy and governance and organization processes with. We've really kind of addressed those starting with governance
01:53
data architecture er, making sure that how we store process manage our data
02:00
is following and accomplishing our objectives. Application architecture er, Are we designing APS within our framework? Are we are we testing and implementing
02:14
and then the technology offer architecture? You see that common theme with our architectures, how it comes together to support the strategy,
02:23
the goals, how to meet the objectives.
02:27
So we talk about an information security framework,
02:30
organizational components, management components, administrative components and educational, not organizational operational. So when we say operational, there's Day today controls that we implement, fitting in with management, fitting in with those administrative controls, policies and so on.
02:51
And then we train our people.
02:53
So when we look ATT, operational components,
02:58
something that's very big that's gonna be on this exam's gonna be in a lot of other exams. Identity and access managed

Up Next

CRISC

This course on Certified in Risk and Information Systems Control is for IT and business professionals who develop and maintain information system controls, and whose job revolves around security operations and compliance.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor