Information Security Management | Glossary
Confidentiality, Integrity and Availability
Provides high value to stakeholders. Responsibilities and practices exercised by the board and executive management
Responsible for security strategy
6 Outcomes of Effective Security Governance
-IT Asset Management
Cost/Benefit Analysis. Metrics and justification is important e.g. Did the control meet its objectives?
must be reduced to an acceptable level (residual risk)
Key Performance Indicators. Metrics are used for measuring, monitoring, controlling and reporting
Audit vs Testing
Audit indicates compliance to policy, Testing indicates efficacy (Is it producing a desired or intended result?)
Tends to be unsuccessful
This is more ideal than Bottom-up Management. It allows them to oversee and focus from Bird’s eye view.
Data Owners and System Owners
They tend to have the “Final say”.
Document when there’s a disagreement
Sometimes security plan chosen isn’t agreeable, and that’s when documentation is extremely important
They are not practitioners, they set the guidelines and procedures but don’t implement
Security Awareness Trainers
Indication that training was good: Increase in security incidents reporting
e.g. Pass CISM Test to validate
- Other Apps