Governance is the driving force in managing an information security program and protecting information technology assets. In this course, you'll learn how governance directly affects security management, strategy, compliance, and the organization.
While protecting information assets is the primary goal of an information security program, governance sets the requirements for how the program must function within the compliance context. Organizations must operate their security programs in compliance with laws, regulations, policies, and standards. In this course, Information Security Manager: Information Security Governance, you'll gain solid foundational knowledge on the governance aspect of security, as well as skills you can use to effectively manage security compliance in your organization. First, you'll explore how both internal and external governance affect the organization, how information security strategy supports the mission and overall organizational strategy, and the different roles and responsibilities involved in the security program. Next, you'll learn how to write business cases to support security budgets and investments. Finally, you'll cover stakeholders and how to communicate the security strategy to them and gain their commitment to it. By the end of this course, you'll be well-versed in information security governance and how it affects an information security program.
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.
Course Overview I'm Bobby Rogers, and welcome to the Information Security Manager: Information Security Governance course. I'm a cybersecurity analyst, and I work as a contractor securing information systems for the U. S. Government specializing in cyber risk management. You've seen all of the headlines in the news about data breaches. Many of these data breaches come from a lack of security management in the organization. And very often, the organization has not been compliant with the laws and regulations that require them to protect their data. That's why we produced this course that covers understanding information security governance within your organization. We're going to talk about the key things you need to know in order to effectively manage all of the aspects of governance within your organization. Some of the major topics that we'll cover include information security strategy, governance and policies, security investments and developing business cases to support those investments, security stakeholders and their involvement, and measuring security program effectiveness with metrics. By the end of this course, you'll understand what goes into managing information security governance and how critical it is in protecting assets, ensuring compliance, and reducing liability. Before beginning the course, you should be familiar with security concepts and terminology associated with security management, data classification and sensitivity, and requirements for compliance within your organization. Please join me on this journey to learn and understand security governance with the Information Security Manager: Information Security Governance course from Pluralsight.