ISACA CISM – Domain 03 – Information Security Program Development part 13

98. IS Liaison Responsibilities Part2 So as we continue to look at some of the other liaisons that you’d work with, obviously there would be one in the training world. In the training world, besides initial orientation, we should be making sure that we are working with training to make everybody understand what security is… Read More »

ISACA CISM – Domain 03 – Information Security Program Development part 12

88. Metrics So as we’re looking at the metrics, there are a number of considerations of things we should think about when we are creating metrics. In other words, there are some attributes we want to look at when we’re deciding what is going to be a metric, what is it we’re going to measure?… Read More »

ISACA CISM – Domain 03 – Information Security Program Development part 11

81. Managing Complexity Part1 One of the things you can say though, in today’s world is that there’s a lot of complexity within the infrastructure. As the business environments grow, many of your business processes and support functions are going to have to integrate quite seamlessly to be effective. That can be seen as again… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 10

73. Third-party Service Providers Part1 We also have to address the thirdparty service provider. Now, they may again provide you partial or complete business processes or services. It’s just a matter of maybe where your resources were lacking that you had to bring in a third party to help out. Now, as such, we need… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 9

64. Other Actions All right, so there are some other actions that we can take, things that we do to kind of verify this entire set of getting to compliance. We do things like conducting a vulnerability analysis. A lot of times that’s just an automated process software that’s going to check different types of… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 8

58. Personnel Part2 Now remember, the skills are really the training, the expertise and experience of that person. Now, this is often a given of a job function. We expect that you have certain skills to perform a certain job, but skills can be gained. They can be gained through training or on the job… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 7

50. Controls as Strategy Implementation Resources Part4 Now do these controls operate in the principle of least privilege, meaning that we can adjust the access, we can adjust the things that you’re allowed to do to a level that gives you just enough privileges to do the job and nothing more. In some cases we… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 6

44. Enterprise Architecture Part1 Now the term enterprise architecture is something we’ve kind of discussed a little bit earlier where we said there are many architectural approaches that we can use for security. Often we talked about this as being a framework that we can use to help us in designing the overall security. Now,… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 5

35. Lesson 6: Information Security Framework Components So, in this lesson, we’re going to take a look at the information security framework components. That means we’ll take a look at the operational, management and administrative components, as well as the educational and informational components that we need to look at in our frameworks. 36. Operational… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 4

28. Elements of the Roadmap Part4 So as I mentioned, a general control has kind of a wider scope. The general controls are just activities that support your entire organization in a centralized fashion. If part of my security solution or my security program might be the use of ID badges and magnetic key locks… Read More »