All right, folks, we've made it through the main three, and we're just gonna do a quick wrap up here. This chapter, of course, was all about the information security program. And we said It's really the security program that provides us with the practical elements
to carry out an accomplished the strategy in the vision that came down to us from senior management.
So we just talked about some of the concepts that we're trying to accomplish. We looked at, you know, certainly the CIA Triad earlier. But we also talked about access control talk about things like known repudiation, all of those elements that are necessary. So there's general security principles.
Ah, we looked at frameworks to provide us with the foundation in the structure
and the details on how we're gonna accomplish, accomplish or satisfied the requirements of the security program. We have to have something to build upon. We looked at the most popular framework, which is I so 27,000 won. We also mentioned Kobe. We said, that comes to us for my Saca's well.
And since they put out the schism, it might be worth knowing a little bit about Kobe.
We talked about the various forms of architecture and how the architecture's how all of the elements come together and work to enforce the security policies within an organization.
We looked at third party governance.
We talked about how our elements, whether they're vendors that we're working with or their cloud service providers or whatever external agency have the way that we really
managed those elements is through our contracts in their service level agreements,
making sure there will written, but also off nothing them throughout the life span,
um, integrating controls within our environment through policies, procedure, standards and guidelines would talk about those as administrative controls, really management's voice to the organization.
We talked about certification and accreditation. We looked at, you know, certification, being technical accreditation, being management's acceptance. And then we kind of wraps back around talking about certification. How having 1/3 party certification, like the common criteria, gives us sort of that that objective
and then last but not least, like many times throughout the course, we've talked about the significance of metrics and monitoring
controls Before we implement them. We have expectations, they're documented, and our goal is to ensure that controls we put in place, meet their objectives. So that's Chapter three. There's a lot of material in here.
I'd caution you about getting too technical. Don't go out and analyze every single type of firewall and
create access control. Listen, all those elements keep things up at the top. From a management's perspective, it's much more much more important that you know what type of firewall would go here and what its benefit is than it is to know all the details and underneath the hood. Okay,
so keep it up at the surface level.
Review. Think about everything from a manage perspective, management's perspective, and you'll have two main three just perfect.