CISM

Course
Time
8 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
All right, folks, we've made it through the main three, and we're just gonna do a quick wrap up here. This chapter, of course, was all about the information security program. And we said It's really the security program that provides us with the practical elements
00:15
to carry out an accomplished the strategy in the vision that came down to us from senior management.
00:21
So we just talked about some of the concepts that we're trying to accomplish. We looked at, you know, certainly the CIA Triad earlier. But we also talked about access control talk about things like known repudiation, all of those elements that are necessary. So there's general security principles.
00:40
Ah, we looked at frameworks to provide us with the foundation in the structure
00:45
and the details on how we're gonna accomplish, accomplish or satisfied the requirements of the security program. We have to have something to build upon. We looked at the most popular framework, which is I so 27,000 won. We also mentioned Kobe. We said, that comes to us for my Saca's well.
01:04
And since they put out the schism, it might be worth knowing a little bit about Kobe.
01:08
We talked about the various forms of architecture and how the architecture's how all of the elements come together and work to enforce the security policies within an organization.
01:21
We looked at third party governance.
01:25
We talked about how our elements, whether they're vendors that we're working with or their cloud service providers or whatever external agency have the way that we really
01:41
managed those elements is through our contracts in their service level agreements,
01:46
making sure there will written, but also off nothing them throughout the life span,
01:51
um, integrating controls within our environment through policies, procedure, standards and guidelines would talk about those as administrative controls, really management's voice to the organization.
02:06
We talked about certification and accreditation. We looked at, you know, certification, being technical accreditation, being management's acceptance. And then we kind of wraps back around talking about certification. How having 1/3 party certification, like the common criteria, gives us sort of that that objective
02:24
input
02:25
and then last but not least, like many times throughout the course, we've talked about the significance of metrics and monitoring
02:34
controls Before we implement them. We have expectations, they're documented, and our goal is to ensure that controls we put in place, meet their objectives. So that's Chapter three. There's a lot of material in here.
02:47
I'd caution you about getting too technical. Don't go out and analyze every single type of firewall and
02:54
create access control. Listen, all those elements keep things up at the top. From a management's perspective, it's much more much more important that you know what type of firewall would go here and what its benefit is than it is to know all the details and underneath the hood. Okay,
03:13
so keep it up at the surface level.
03:15
Review. Think about everything from a manage perspective, management's perspective, and you'll have two main three just perfect.

Up Next

CISM

Cybrary's Certified Information Security Manager (CISM) course is a great fit for IT professionals looking to move up in their organization and advance their careers and/or current CISMs looking to learn about the latest trends in the IT industry.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor