A6 Organization of Information Security

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 52 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
Listen, 11.2
00:02
a six. Organization of information security
00:09
in this lesson will cover an understanding of control, said a six
00:14
and look at some of the documentation that could be used to support your dismiss.
00:22
This control area is one that can assist in assure ensuring that there are structures in place to appropriately manage and support your information security program.
00:33
You're ordered specifically now. Your isom s certification ordered
00:38
will depend on which controls you have marked is applicable in your statement of applicability.
00:47
There are two control sets
00:49
that make up a six,
00:52
the first one being a 6.1 internal organization.
00:58
This consists of five controls
01:00
which are
01:02
a 6.1 point one
01:06
information security roles and responsibilities.
01:10
This control basically stipulates
01:11
that for your information security roles,
01:15
these are formally defined
01:17
and have explicit responsibilities defined
01:22
and allocated to personal.
01:25
A 6.1 point two
01:29
Segregation of duties
01:32
stipulates that appropriate segregation of duties between conflicting or sensitive roles within your organization
01:40
should be enforced.
01:44
A 6.1 point three contact with authorities
01:49
This control stipulates that were appropriate.
01:53
Sufficient contact with authorities
01:57
is in place.
01:59
For example,
02:00
police,
02:02
firefighters
02:07
forensic investigation units
02:10
Whoever needs to support you from a authoritative point of view
02:15
during a cyber security incident.
02:21
A 6.1 point four
02:23
contact with special interest groups.
02:28
This control pertains to maintaining
02:30
contact with groups or forums or other forms off information gathering specific to your industry and cybersecurity as a whole.
02:42
It is a way to use specialized information sources to ensure that you are on the top of your information security game.
02:52
A 6.1 point five
02:55
information security in project management.
03:00
This control stipulates
03:02
that regardless of the project type
03:06
information, security should be included in the project management process.
03:12
Different project projects work with different types of information
03:15
and many stakeholders, so ensuring that information security is appropriately included in your project management processes
03:23
is important.
03:25
The second control set is a 6.2
03:30
which relates to mobile devices and teleworking.
03:37
This consists of two controls,
03:38
the first one being a 6.2 point one.
03:45
The mobile device policy,
03:47
which is in essence a policy that stipulates how your organization manages mobile devices,
03:55
whether you have a company own device policy or a bring your own device policy,
04:01
whatever the case is
04:03
a 6.2 point two
04:06
pretends to teleworking
04:09
on this Control Said stipulates that if your company permits teleworking,
04:15
that the relevant policy and any supporting procedures and guidelines must be established
04:20
to ensure that teleworking is performed in a secure manner.
04:28
So your information security roles and responsibilities are normally documented in your job descriptions,
04:33
vacancy notices, various policies and contracts of employment.
04:43
You can also define roles and responsibilities in a racy matrix
04:47
for your contact with authorities and contact with special interest groups.
04:51
Have a formal document containing contact details,
04:56
business cards, membership certificates,
04:59
diaries of meetings and whatever. This can provide evidence of your professional contacts.
05:04
In this video, we covered the to control areas that make up control, set a six
Up Next