Sunday, August 17, 2014

CISSP: Information Security Governance and Risk Management



Information security officers must be independent and separated from the operators of the information systems for it to be effective. The information security officers ensure that policies, processes and procedures are adhered to by the operators of the information systems. The information security officers perform regular and periodic risk assessments and penetration tests on the information systems.


This domain includes:
  • Security governance and policy
  • Information classification/ownership
  • Contractual agreements and procurement processes
  • Risk management concepts
  • Personnel security
  • Security education, training and awareness
  • Certification and accreditation
Here are some videos which explains Information Security Governance and Risk Management well:


Risk Management – Art or Science

http://www.youtube.com/watch?v=vqxzg79FPHo


Risk Assessment Made Easy 

http://www.youtube.com/watch?v=fY6KGN72d7Q&list=PLOqTVtXlCQ2LoTvyPmYIunwvTRBy_tfLC&feature=share&index=1


Bruce Schneir - Reconceptualizing Security







No comments:

Post a Comment