Security is not only about protecting assets, managing risk, and ensuring compliance. It’s also a business process. This course will give you the advanced knowledge you need to effectively manage the business of security.
Most people know that information security is about protecting information systems and data, managing cyber risk, and ensuring compliance with governance. However, the security function of a business is also a business function unto itself. It is managed like any other business function, whether it involves staffing with qualified personnel, tracking projects, or managing the security budget. In this course, Running the Business of Information Security, you will learn your key to getting the focused knowledge you need to have, both for the real world and advanced certification exams. First, you’ll explore preparing budget requests based upon programmed organizational security needs. You’ll also learn how to manage the security budget and other resources to their maximum effectiveness. Next, this course will show you how to create business cases to justify security investments and expenditures to support the business mission and goals. You’ll also learn how to manage a dynamic budget based upon changing cybersecurity and business risk. Finally, you’ll discover how to prepare, present, and report security budget status to include expenditures, investments, and other critical budget information. By the end of this course, you’ll have the advanced knowledge you need to help you manage the cybersecurity program’s budget in your organization, as well as to help pass advanced cybersecurity management certification exams.
Bobby E. Rogers is an information security engineer working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts.
Course Overview Hi everyone, my name is Bobby Rogers, and welcome to the new Pluralsight course, Running the Business of Information Security. I'm a cybersecurity analyst, and I work as a contractor securing information systems and data for the US government, specializing in cyber risk management. The information security function is a key enabling process for business. Without modern information security, most modern businesses will fail. However, most people don't realize this, but it's also a business process itself that must be carefully managed. Unfortunately, many managers don't always understand how to manage the business aspects of the security function well enough to make it an effective business process. That's why we've produced this course that covers how to view and employ information security as a business enabler that must be carefully managed. We're going to discuss and demonstrate the key concepts you need to effectively manage security as a business function. Some of the major topics that we will cover include integrating security into business functions, obtaining and managing the security budget, developing business cases for security investments, and managing budgets that change as risk changes. By the end of this course, you'll understand how to manage the security program's budget and resources to maximize supporting business processes, as well as the organization's functions, mission, and strategy. Before beginning the course, you should be familiar with basic security management concepts, as well as security functions and processes. I hope you'll join me on this journey to learn about the business of security with the Running the Business of Information Security course, from Pluralsight.