Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
A formal security governance policy is an essential for a company's security strategy. In this segment, we'll discuss the definition of Security Governance as provided by the IT Governance Institute and why its important. We'll discuss now this statement clarifies the responsibility and liability of security government and we discuss in detail exactly what that entails. This discussion also talks about security blueprints in terms of what a security policy must contain, how it needs to be structured, what security frameworks, standards, statutory and compliance obligations it must satisfy, and any time-frames and credentials associated with that. COBIT, COSO, ITIL and OCTIVE are discussed briefly to familiarize, but ISO series materials are discussed more thoroughly as a testable component that may appear on the CISSP exam. We correlate the Plan/Do/Check/Act module as an illustration of security management then explore in depth the top down vs. bottom up approach to security management at each level of management and the impact of that module.