Information Security Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 16 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
>> My learners, we are on Lesson
00:00
5.3, Information Security Management.
00:00
Are you ready? I'm sure you
00:00
already were talking about security right now.
00:00
[LAUGHTER] The learning objective is in this video,
00:00
we will cover the purpose and
00:00
objective of information security
00:00
management, which is ISM.
00:00
The scope of ISM within this business structure,
00:00
as well as what is information security policy,
00:00
the ISP, and what does it covers.
00:00
We go into the information
00:00
security management, the purpose,
00:00
so the purpose of this is to align IT security with
00:00
business security and to ensure that the confidentiality,
00:00
the integrity, as well as
00:00
the availability of the organization's assets,
00:00
information, data, and IT services
00:00
always match the great needs of the business.
00:00
I know we all know within the security field,
00:00
the CIA, which is
00:00
the confidentiality integrity and availability.
00:00
This shouldn't be foreign to you on this one.
00:00
Some of the objectives
00:00
of information security management.
00:00
In a nutshell, so information is observed
00:00
by or disclosed to only those who
00:00
have the right to know which is confidentiality,
00:00
then you have information is complete, accurate,
00:00
and protected against unauthorized modification,
00:00
and that's the integrity portion of it.
00:00
Then you have information that
00:00
is available that is usable when
00:00
required and the system they're
00:00
provided can appropriately resist attacks
00:00
as well as recover from or prevent
00:00
failures and that's the availability
00:00
of those particular services.
00:00
Then of course you have a business transactions,
00:00
whereas information exchange between
00:00
enterprises or within partners,
00:00
and that could be as a trusted agent type of thing,
00:00
being authentic with those particular ones.
00:00
Then we go into the scope.
00:00
According to I tell,
00:00
the scope of the information security management process
00:00
includes the focal point of all IT security issues,
00:00
the obligations and responsibilities
00:00
with regards to security which
00:00
is contained within all the SLAs
00:00
within that business requirement,
00:00
then you have the best security policies and plans.
00:00
You had the security applications within the SLAs.
00:00
The legislative and regulatory requirements all
00:00
these are the scopes
00:00
within Information Security Management.
00:00
Then we go into the information security policy.
00:00
Now, the ISP is
00:00
more on the use and misuse of IT SA policies,
00:00
you had the email policies that's in place.
00:00
You have that Internet policy that's in place.
00:00
The information classification policies as well as
00:00
the password control policies
00:00
and the access control policies.
00:00
You understanding where those particular policies
00:00
come in play because I know
00:00
that from the standpoint where you at now in
00:00
a corporate environment or wherever you work at,
00:00
they have these particular processes and policies
00:00
in place for the betterment of the organization.
00:00
I know this is familiar to you as well.
00:00
Then we go as just to
00:00
continue the remote access policies and then you had
00:00
the policies with regard to the supplier
00:00
access to the IT service information in components.
00:00
Those are different layers and
00:00
the disposal of specific assets,
00:00
the correct disposal, the records retention,
00:00
and the copyright infringement policies
00:00
of electronic material.
00:00
These are important concepts of
00:00
the information security policies.
00:00
In summary, so Lesson 5.3,
00:00
the Information Security Management,
00:00
it wasn't as in-depth,
00:00
so it's on the foundational level
00:00
you get the purpose of
00:00
the information security management,
00:00
the scope of the information security management,
00:00
as well as the ISP concepts.
00:00
We'll follow on with
00:00
our lesson quiz and then
00:00
on to the next lesson. I'll see you there.
Up Next