Technology Risks: CISSP: Information Security Governance and Risk Management

Sunday, August 17, 2014

CISSP: Information Security Governance and Risk Management

Information security officers must be independent and separated from the operators of the information systems for it to be effective. The information security officers ensure that policies, processes and procedures are adhered to by the operators of the information systems. The information security officers perform regular and periodic risk assessments and penetration tests on the information systems.

This domain includes:

Security governance and policy
Information classification/ownership
Contractual agreements and procurement processes
Risk management concepts
Personnel security
Security education, training and awareness
Certification and accreditation

Here are some videos which explains Information Security Governance and Risk Management well:

Risk Management – Art or Science

http://www.youtube.com/watch?v=vqxzg79FPHo

Risk Assessment Made Easy

http://www.youtube.com/watch?v=fY6KGN72d7Q&list=PLOqTVtXlCQ2LoTvyPmYIunwvTRBy_tfLC&feature=share&index=1

Bruce Schneir - Reconceptualizing Security

http://www.youtube.com/watch?v=CGd_M_CpeDI

No comments:

Post a Comment

I am a technology management consultant and a course facilitator. I have more than twenty-five years of experience in the IT industry and specialise in information security and risks. This profession has taken me to live in many countries in Europe, Africa, Australia and Asia for twenty years, meeting many competent practitioners in the process.

This blog is for my clients, my students and anyone interested in technology management and the risks that come with it.

It enumerates the various industry best practices to mitigate real world risks, which will also include: my anecdotes; videos and links found elsewhere in Cyberspace. I mean, why reinvent the wheel when there are already good stuff out there?

This will save you some time foraging the Internet for good quality material to study or apply at work.

Do let me know when you find even better materials out there, so that I can post them here and more people will benefit from it.

Some of my clients are:
Standard Chartered Bank, Astrazeneca, S.W.I.F.T., Shell, Barclays Bank, European Commission, Lloyds-TSB, BHP, South African Directorate of Communications, HP, IBM, Philip Morris, Belgacom, Flemings Asset Management Luxembourg, Octopus (HK), Protonworld, Riyad Bank, Al-Rajhi Bank, Saudi-Hollandi Bank, RHB Group, Mandiri Bank, UOB Bank, BNI Bank, Jebsen and Jessen, CEGB (UK), Temasek Polytechnic, Embry-Riddle Aeronautical University Asia.

Contact:

Michael Chua

mysticmichael@gmail.com

Services:

1. Vulnerability Testing
- Computer and Network Infrastructure Tests
- Configuration, Compliance and Inter-operability

2. Risk Assessment
- Total Defence Inspection
- Beyond computers and technology
- Risk Quantification and Management

3. Information Security Operations
- Policy, Process and Procedure
- Scenario Planning
- Crisis Management Rehearsals

4. Information Security Design and Development
- Organisational Structure
- Security Control Implementation
- System Release

5. Awareness Campaign
- Educating the public, employees and business partners about the importance of secure practices

6. Business Continuity Planning and Management
- Physical Crisis
- Technology Crisis
- Epidemics