ISACA CISM – Domain 03 – Information Security Program Development Part 3

19. Pitfalls Now, there are some other pitfalls. The implementation of your security program, as I said, can come into some resistance. Again, it just could be people with resistance to the changes. And that’s not an unusual thing. You might be taking away responsibilities from people that are used to having a little bit… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 2

11. Defining Objectives Part2 So after the objectives have been defined and that we’ve done this work to close the gap, as I was just mentioning before, our goal is to get to that what do we call it, before the desired state. And that’s really what one of the big objectives is going to… Read More »

ISACA CISM – Domain 03 – Information Security Program Development Part 1

1. Introduction Now this domain is about the Information Security program development and what we’re going to do is we’re going to look at the diverse areas of knowledge that we need to be able to plan to design and implement an information Security policy. Remember that that Information Security policy is kind of a… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 13

77. Other Recovery Operations Now, some of the other operations we look at in the recovery, of course, is documentation. Now, documentation is important because, number one, we can learn from previous events. It’s a great way of being able to review the entire process. Not only does it let us learn, but it lets… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 12

69. Analyzing Test Results Part1 Now, as the Information Security Manager, you need to be certain that your technology and architecture are a part of the recovery plan that’s going to be tested. It’s important because in today’s world, the It infrastructure is a large part of most of the organizations. You might not have… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 11

62. Incident Management Response Teams Now, when we look at the Incident Management Response Teams, there are responsibilities we have to assign. They are categorized. We have the emergency action team. These are the people that are going to pretty much be responsible for making sure everything is getting done. The evacuations kind of like… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 10

57. Goals of Recovery Operations Part1 Now, goals of recovery? Well, goals of recovery is to get us back to where we were when the incident occurred. I think that’s the easy statement. Your recovery strategies, though, will depend on the size and complexity of the organization. So it’s one thing to say the goal… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 9

50. Escalation Process for Effective IM So let’s take a look at the escalation process for effective, not incident messaging. Remember, we’re talking about incident managing. So what we basically when we think of escalation, that means things are going from incident to worse and we need to kind of look at that. And that… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 8

45. Lesson 8: Developing an Incident Response Plan Now, in this lesson, we’re going to talk about developing an Incident Response plan. So what we’ll do is we’ll talk about the elements of the IRP or incident Response plan, which will also include a discussion about gap analysis, the business impact analysis, an escalation process,… Read More »

ISACA CISM – Domain 04 – Information Security Incident Management Part 7

39. Management Metrics and Monitoring Part1 Managing also means we have to have measurements that we can respond to and make decisions about, right? I said it before, you can’t manage what you can’t measure. And so part of managing, again, is the metrics and monitoring. And now, I know we’ve talked about this many… Read More »