Essential Elements of an Information Security Program
14 hours 39 minutes
Okay. Now, some elements of the security program
I s strategy. It's the execution. So we had this strategy, this vision, putting it into work,
aligned with business goals. Surely that's the first time you've heard me say that all class, right alignment with the business. Which is exactly why the chief operating officer is a good sponsor for this program.
Our management stakeholders have to be involved. So, like I said, it's not just the chief operating officer sitting down and writing out some policy, right? This is a project, and it's a major project, So we have to make sure that we have a cross functional team that's involved.
We A systems, will be influencing. We may be the project manager, but it's certainly just not on our shoulders alone.
And when we put controls in place when we change the game, you know, so to speak. When we implement new administrative policies, we have to know if it works. Was this a good decision? Do I need to modify it?
You can't determine if it works to you. Define what working means, and we do that through metrics will establish metrics well before the program is implemented and we'll lay out our goals and what it means for each of these controls to meet their objectives. Okay, that's again nothing there.
So Ah, this slide, you've heard it. You've seen it. But, man, let me tell you this. If you see those saying my ideas who over and over and over again, as I know you do
in this course, that's really got a stress to you. The essential nature of what I Sacha is preaching with this exam.
And I will tell you I think that they're just some principles that if you absorb and if you go back every time the business cost benefit analysis, risk analysis or not even risk analysis risk management starting with valuing your assets. Senior management buy in.
Yeah, I think you'll be okay on this test. If you could
answer every question with those in mind