Video Description

This discussion opens with a firm, clarifying statement on "Senior Management Involvement' and why it's essential as a Security Governance best practice. We'll discuss all the aspects of Information Security Management program such as senior management involvement, policy and standards, data classification security and auditing. We discuss in depth all aspects of security liability, in particularly the differences between due diligence and due care, as well as the difference between issues and system policies and why a company must establish and clarify each. For example, employees issued company laptops, and email plus the employees' expectation of privacy are good examples of Issue vs. System specific policies. And finally, we'll explain the difference between a policy and a guideline and how it impact on what a CISSP can or should convey as a security management best practice.

Course Modules

CISSP Archive (10 Domain - 2014)

CISSP 2015 Domain Restructuring