Information Security Management | Glossary




CIA Triad

Confidentiality, Integrity and Availability

Corporate Governance

Provides high value to stakeholders. Responsibilities and practices exercised by the board and executive management

CIO

Responsible for security strategy

6 Outcomes of Effective Security Governance

-Strategic Alignment

-Value Delivery 

-IT Asset Management

-Risk Management

-Performance Measurement

Management

Cost/Benefit Analysis. Metrics and justification is important e.g. Did the control meet its objectives?

Risks

must be reduced to an acceptable level (residual risk)

KPI

Key Performance Indicators. Metrics are used for measuring, monitoring, controlling and reporting

Audit vs Testing      

Audit indicates compliance to policy, Testing indicates efficacy (Is it producing a desired or intended result?)

Bottom-up Management

Tends to be unsuccessful 

Top-down Management 

This is more ideal than Bottom-up Management. It allows them to oversee and focus from Bird’s eye view.

Data Owners and System Owners

They tend to have the “Final say”.

Document when there’s a disagreement

Sometimes security plan chosen isn’t agreeable, and that’s when documentation is extremely important

CISMs 

They are not practitioners, they set the guidelines and procedures but don’t implement

Security Awareness Trainers 

Indication that training was good: Increase in security incidents reporting

Quantitative Assessment 

e.g. Pass CISM Test to validate



Comments

Popular Posts