Page 7 - CISSO_Prep_ Guide
P. 7

CONTENTS






            Introduction ................................................................................. 9
            Layout of this book ................................................................... 11
            Chapter 1: Introduction to Security Management ..................... 16
            Defining Information Security .................................................. 17
            Governance ............................................................................... 20
            Establishing a Security Department .......................................... 22
            Business Alignment .................................................................. 25
            Missions and Goals ................................................................... 27
            Enterprise-wide Security ........................................................... 27
            Factors in Developing the Strategic Plan for Security .............. 30
            The Security Triad .................................................................... 31
            The Security Framework ........................................................... 38
            Policy ........................................................................................ 44
            Procedures ................................................................................. 46
            Standards ................................................................................... 47
            Baselines ................................................................................... 48
            Guidelines ................................................................................. 49
            Roles and Responsibilities: ....................................................... 50
            Security Metrics ........................................................................ 61
            Implementing the Security Program ......................................... 64
            Summary of the Introduction to Information Security Chapter 65
            Chapter 2: Risk Management .................................................... 66
            Risk Management ..................................................................... 66
            Risk ........................................................................................... 67
            Controls ..................................................................................... 68
            Risk Versus Control .................................................................. 69
            Types of Controls ...................................................................... 70
   2   3   4   5   6   7   8   9   10   11   12