- About the risks that abound, in the world of technology when everything is connected and snooped upon, one way or another. Are you safe?

Follow by Email

Sunday, August 17, 2014

CISSP: Information Security Governance and Risk Management



Information security officers must be independent and separated from the operators of the information systems for it to be effective. The information security officers ensure that policies, processes and procedures are adhered to by the operators of the information systems. The information security officers perform regular and periodic risk assessments and penetration tests on the information systems.


This domain includes:
  • Security governance and policy
  • Information classification/ownership
  • Contractual agreements and procurement processes
  • Risk management concepts
  • Personnel security
  • Security education, training and awareness
  • Certification and accreditation
Here are some videos which explains Information Security Governance and Risk Management well:


Risk Management – Art or Science

http://www.youtube.com/watch?v=vqxzg79FPHo


Risk Assessment Made Easy 

http://www.youtube.com/watch?v=fY6KGN72d7Q&list=PLOqTVtXlCQ2LoTvyPmYIunwvTRBy_tfLC&feature=share&index=1


Bruce Schneir - Reconceptualizing Security







No comments:

Post a Comment