This module covers what a security management program looks like and what are the elements that will help make the security management program successful. The importance of senior management involvement in data security cannot be emphasized enough; they have the understanding of all the elements of the business and how they work together. Consequently, they can help us prioritize and understand critical business functions, and how best to spend our budget. Senior management can answer the question: how much security do we need? Important points:
- You can have too much security if your security measures begin to interfere with the work of the business
- You have to think about security in terms of cost-benefit analysis; how much security is enough to support the function and the business needs of our environment?
These issues must be resolved by senior management who will provide the necessary governance and establish and manage: - Policies/standards/procedures/guidelines
- Roles and responsibilities
- Service level agreements/outsourcing
- Data classification/security
- Certification and accreditation
The ultimate responsibility for security in an organization will fall on senior management as the individuals who have been entrusted with the company assets and are liable in any legal action against the company or for the repercussions of not following regulations. The end result is that everyone working under senior management will respect and abide by the policies, standards, procedures, and guidelines as set forth by the executive level and ensure that the security management program is implemented in an effective manner.
Chief Information Security Officer (CISO)
In this CISO training course, you will learn what other CISO's are focusing their time and attention on. Among the key topics, you will learn how to implement the proven best practices that make for successful cyber security leadership.