Information Security Management | Glossary

CIA Triad

Confidentiality, Integrity and Availability

Corporate Governance

Provides high value to stakeholders. Responsibilities and practices exercised by the board and executive management


Responsible for security strategy

6 Outcomes of Effective Security Governance

-Strategic Alignment

-Value Delivery 

-IT Asset Management

-Risk Management

-Performance Measurement


Cost/Benefit Analysis. Metrics and justification is important e.g. Did the control meet its objectives?


must be reduced to an acceptable level (residual risk)


Key Performance Indicators. Metrics are used for measuring, monitoring, controlling and reporting

Audit vs Testing      

Audit indicates compliance to policy, Testing indicates efficacy (Is it producing a desired or intended result?)

Bottom-up Management

Tends to be unsuccessful 

Top-down Management 

This is more ideal than Bottom-up Management. It allows them to oversee and focus from Bird’s eye view.

Data Owners and System Owners

They tend to have the “Final say”.

Document when there’s a disagreement

Sometimes security plan chosen isn’t agreeable, and that’s when documentation is extremely important


They are not practitioners, they set the guidelines and procedures but don’t implement

Security Awareness Trainers 

Indication that training was good: Increase in security incidents reporting

Quantitative Assessment 

e.g. Pass CISM Test to validate


Popular Posts