Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Welcome to the first Chapter in the CISSP course by Cybrary. This chapter is a conceptual but in depth examination of Information Security Governance & Risk Management. You'll come away with a sound foundational understanding of the principles of Governance and Risk Management, how to incorporate those principles into all your decision-making processes. You'll learn about the fundamental of security, what a security blueprint is and how security policies, procedures, stands and guidelines should be established for security in its own right as well as be incorporated into organizational policies, procedures, stands and guidelines, and why those should be living instruments not static ones. We'll discuss in depth types of attacks security professional must combat, but we'll focus more on aged attacks like Smurfing rather than newer events such as the Target hack. Why, because you must know and understand the original exploits in order to know and understand why we have the standard best practices we current employ. So looking at where and how they originated empower CISSPs and Ethical Hackers to then craft new best practices policies and develop more timely preventative and cost-effective countermeasures. Our Information Security Governance & Risk Management discussion also refocuses the discussion on roles and responsibilities, what the CISSPs role and responsibility is as a security adviser. Then we'll touch on vendor service level agreements (SLAs) and their responsibility for up time. And finally we look at data classification in terms of what is classified, how its classified, who establishes that criteria and what the classification says about that data. And we'll round out with a review on the purpose and definition of Certification, Accreditation and Auditing as well as Knowledge Transfer –- training security professionals.