Information Security Manager: Information Security Governance
Governance is the driving force in managing an information security program and protecting information technology assets. In this course, you'll learn how governance directly affects security management, strategy, compliance, and the organization.
What you'll learn
While protecting information assets is the primary goal of an information security program, governance sets the requirements for how the program must function within the compliance context. Organizations must operate their security programs in compliance with laws, regulations, policies, and standards. In this course, Information Security Manager: Information Security Governance, you'll gain solid foundational knowledge on the governance aspect of security, as well as skills you can use to effectively manage security compliance in your organization. First, you'll explore how both internal and external governance affect the organization, how information security strategy supports the mission and overall organizational strategy, and the different roles and responsibilities involved in the security program. Next, you'll learn how to write business cases to support security budgets and investments. Finally, you'll cover stakeholders and how to communicate the security strategy to them and gain their commitment to it. By the end of this course, you'll be well-versed in information security governance and how it affects an information security program.
Table of contents
- Organizational Vision, Culture, Mission, Goals, and Objectives 3m
- Scenario: Organizational Characteristics of Globomantics 2m
- Organizational Business Processes and Functions 3m
- Scenario: Globomantics’ Functions and Processes 3m
- Strategy and the Organizational Mission 5m
- Scenario: Globomantics’ Organizational and IS Strategies 2m
- Developing the Information Security Strategy 8m
- Scenario: Developing Globomantics’ IS Strategy 3m
- Implementing Information Security Strategy 5m
- Summary 1m
- Information Security Governance Concepts 4m
- Scenario: Governance at Globomantics 3m
- Information Security Standards, Frameworks, and Best Practices 3m
- Relationships of Governance to Strategy 5m
- Designing and Implementing Information Security Governance 6m
- Scenario: Developing & Implementing IS Governance at Globomantics 4m
- Incorporating Infosec Governance into Organizational Governance 4m
- Scenario: Incorporating IS Governance at Globomantics 2m
- Summary 1m
- Applying External Security Governance 3m
- Scenario: Applying Governance at Globomantics 2m
- Developing and Using a Security Policy Framework 6m
- Scenario: Globomantics’ Security Policy Framework 2m
- Developing Security Policies 5m
- Scenario: Developing Globomantics’ Security Policies 3m
- Implementing Security Policies 5m
- Implementing Procedures, Standards, and Guidelines 6m
- Summary 1m
- The Security Budget 6m
- Scenario: Security Budget at Globomantics 4m
- Security Investments 5m
- Scenario: Security Investments at Globomantics 2m
- Developing Business Cases 5m
- Security Business Case at Globomantics 3m
- Integrating Business and Security Initiatives 4m
- Scenario: Integrating Security and Business Initiatives 3m
- Reporting Security Financial Status 4m
- Summary 1m
- Internal and External Influences on Security Strategy 6m
- Scenario: Internal and External Influences on Security 3m
- Third-party Considerations 5m
- Scenario: Third-party Considerations at Globomantics 4m
- Contract and Third-party Compliance 7m
- Scenario: Contract and Third-party Compliance at Globomantics 3m
- Managed Services 2m
- Effects of Organizational Change Security 2m
- Scenario: Effects of Organizational Change on Security 3m
- Summary 1m
- Understanding Organizational Stakeholders 7m
- Scenario: Stakeholders at Globomantics 3m
- Understanding Stakeholder Information Needs 6m
- Scenario: Understanding Stakeholder Information Needs 3m
- Communicating the Information Security Strategy 4m
- Scenario: Communicating Information Security at Globomantics 2m
- Obtaining Commitment on the Information Security Strategy 3m
- Scenario: Getting Commitment on the Information Security Strategy 3m
- Summary 1m
- Organization Structures and Lines of Authority 3m
- Scenario: Organization Structures and Lines of Authority 3m
- Senior Security Roles and Responsibilities 5m
- Information Security Manager Roles and Responsibilities 4m
- Scenario: Information Security Managers at Globomantics 1m
- Other Security Roles and Responsibilities 4m
- Scenario: Security Roles at Globomantics 3m
- Organizational Communication Channels 4m
- Monitoring Security Role Performance 3m
- Summary 1m
- Defining Security Metrics 5m
- Scenario: Security Metrics at Globomantics 1m
- Developing and Using KPIs 5m
- Scenario: Developing and Using KPIs at Globomantics 2m
- Developing and Using KRIs 5m
- Scenario: Developing and Using KRIs at Globomantics 2m
- Developing and Using KGIs 2m
- Scenario: Developing and Using KGIs at Globomantics 2m
- Using Security Metrics to Determine Security Program Effectiveness 2m
- Summary 1m
About the author
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the U.S. Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a master’s degree in information assura... more