ISACA CISM – Domain 03 – Information Security Program Development Part 10
73. Third-party Service Providers Part1 We also have to address the thirdparty service provider. Now, they may again provide you partial or complete business processes or services. It’s just a matter of maybe where your resources were lacking that you had to bring in a third party to help out. Now, as such, we need… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 9
64. Other Actions All right, so there are some other actions that we can take, things that we do to kind of verify this entire set of getting to compliance. We do things like conducting a vulnerability analysis. A lot of times that’s just an automated process software that’s going to check different types of… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 8
58. Personnel Part2 Now remember, the skills are really the training, the expertise and experience of that person. Now, this is often a given of a job function. We expect that you have certain skills to perform a certain job, but skills can be gained. They can be gained through training or on the job… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 7
50. Controls as Strategy Implementation Resources Part4 Now do these controls operate in the principle of least privilege, meaning that we can adjust the access, we can adjust the things that you’re allowed to do to a level that gives you just enough privileges to do the job and nothing more. In some cases we… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 6
44. Enterprise Architecture Part1 Now the term enterprise architecture is something we’ve kind of discussed a little bit earlier where we said there are many architectural approaches that we can use for security. Often we talked about this as being a framework that we can use to help us in designing the overall security. Now,… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 5
35. Lesson 6: Information Security Framework Components So, in this lesson, we’re going to take a look at the information security framework components. That means we’ll take a look at the operational, management and administrative components, as well as the educational and informational components that we need to look at in our frameworks. 36. Operational… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 4
28. Elements of the Roadmap Part4 So as I mentioned, a general control has kind of a wider scope. The general controls are just activities that support your entire organization in a centralized fashion. If part of my security solution or my security program might be the use of ID badges and magnetic key locks… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 3
19. Pitfalls Now, there are some other pitfalls. The implementation of your security program, as I said, can come into some resistance. Again, it just could be people with resistance to the changes. And that’s not an unusual thing. You might be taking away responsibilities from people that are used to having a little bit… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 2
11. Defining Objectives Part2 So after the objectives have been defined and that we’ve done this work to close the gap, as I was just mentioning before, our goal is to get to that what do we call it, before the desired state. And that’s really what one of the big objectives is going to… Read More »
ISACA CISM – Domain 03 – Information Security Program Development Part 1
1. Introduction Now this domain is about the Information Security program development and what we’re going to do is we’re going to look at the diverse areas of knowledge that we need to be able to plan to design and implement an information Security policy. Remember that that Information Security policy is kind of a… Read More »
