- About the risks that abound, in the world of technology when everything is connected and snooped upon, one way or another. Are you safe?

Follow by Email

Sunday, August 17, 2014

CISSP: Information Security Governance and Risk Management

Information security officers must be independent and separated from the operators of the information systems for it to be effective. The information security officers ensure that policies, processes and procedures are adhered to by the operators of the information systems. The information security officers perform regular and periodic risk assessments and penetration tests on the information systems.

This domain includes:
  • Security governance and policy
  • Information classification/ownership
  • Contractual agreements and procurement processes
  • Risk management concepts
  • Personnel security
  • Security education, training and awareness
  • Certification and accreditation
Here are some videos which explains Information Security Governance and Risk Management well:

Risk Management – Art or Science


Risk Assessment Made Easy 


Bruce Schneir - Reconceptualizing Security

No comments:

Post a Comment