Information Security Management | Glossary

CIA Triad	Confidentiality, Integrity and Availability
Corporate Governance	Provides high value to stakeholders. Responsibilities and practices exercised by the board and executive management
CIO	Responsible for security strategy
6 Outcomes of Effective Security Governance	-Strategic Alignment -Value Delivery  -IT Asset Management -Risk Management -Performance Measurement
Management	Cost/Benefit Analysis. Metrics and justification is important e.g. Did the control meet its objectives?
Risks	must be reduced to an acceptable level (residual risk)
KPI	Key Performance Indicators. Metrics are used for measuring, monitoring, controlling and reporting
Audit vs Testing	Audit indicates compliance to policy, Testing indicates efficacy (Is it producing a desired or intended result?)
Bottom-up Management	Tends to be unsuccessful
Top-down Management	This is more ideal than Bottom-up Management. It allows them to oversee and focus from Bird’s eye view.
Data Owners and System Owners	They tend to have the “Final say”.
Document when there’s a disagreement	Sometimes security plan chosen isn’t agreeable, and that’s when documentation is extremely important
CISMs	They are not practitioners, they set the guidelines and procedures but don’t implement
Security Awareness Trainers	Indication that training was good: Increase in security incidents reporting
Quantitative Assessment	e.g. Pass CISM Test to validate