Security Management

Paths

Security Management

Authors: Kevin Henry, Christopher Rees, Paul Mealus, Bobby Rogers, Prashant Pandey, Jeremy Turner

In this series, you will develop the skills necessary to assess, design, and implement an enterprise-level information security strategy. You’ll also learn how to establish the... Read more

What you will learn

  • Develop an information security strategy in alignment with organizational goals and objectives
  • Design an information security governance framework to guide activities that support the information security strategy
  • Develop the information security program in alignment with the information security strategy
  • Design security policies to guide the development of standards, procedures and guidelines in alignment with enterprise goals
  • Develop a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value
  • Develop information security processes and resources to execute the information security program in alignment with the organization’s business goals
  • Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted to identify and assess risk to the organization’s information
  • Assess risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite
  • Facilitate the integration of information risk management into business and IT processes
  • Evaluate methods to design and implement information security controls
  • Design an incident response plan to ensure an effective and timely response to information security incidents
  • Develop processes for security incident identification, investigation, notification and escalation
  • Compile and present reports to key stakeholders on the activities, trends, and overall effectiveness of the information security program
  • Cultivate an environment aligned with laws, ethics, and compliance
  • Prepare, obtain, and administer the information security budget
  • Develop comprehensive vulnerability management programs
  • Cultivate commitment from senior leadership and other stakeholders to support the information security strategy and program

Pre-requisites

Working experience with all security disciplines, including: Security Architecture Network and Data Security Security Assessment and Testing Incident Response and Investigation Risk Management Security Compliance Software Development Security

Beginner

In this section, you will review the process of developing a security strategy and budget. You'll learn how to identify assets and define adequate protections. You'll identify the risk associated with the development of a security control framework and review how to address it.

Security Management

by Kevin Henry

Apr 13, 2018 / 1h 29m

1h 29m

Start Course
Description

As a Security Manager you play a critical role in setting up an effective security program that will protect the assets of the organization in a cost-effective way. In this course ,Security Management, you will first learn the process of working with management to develop a security strategy and a budget. Next, you'll learn how to promote an understanding of security concepts and responsibilities. Finally, you will gain an understanding on the management functions of being a security leader and meeting the requirements of compliance, governance and development of policies and security procedures. By the end of this course, you'll be knowledgeable in the goals and aims of information protection, management and responsibility.

Table of contents
  1. Course Overview
  2. Understanding Security Concepts
  3. The Principles of Security Governance
  4. Security Roles and Responsibilities
  5. Security Policies

The Governance of Information Security

by Kevin Henry

Jul 18, 2019 / 3h 22m

3h 22m

Start Course
Description

Many managers in information security are frustrated by a lack of senior management support and understanding. This course, The Governance of Information Security, will help you to overcome that problem and to build an information security governance function that is aligned with and supported by management. First, you will learn about Governance and Strategy. Next, you will discover the implementation of frameworks and standards. Finally, you will explore metrics and communication with the board of dIrectors and senior management. By the end of this course, you will be recognized as having the skills necessary to provide governance and leadership to the information security function.

Table of contents
  1. Course Overview
  2. The Principles of Governance
  3. Providing Direction to the Information Security Governance Function
  4. Tools and Techniques that Support Governance
  5. Governance, Budget, and Business
  6. Security Metrics and Reporting

Information Classification

by Kevin Henry

Apr 25, 2018 / 1h 39m

1h 39m

Start Course
Description

Security professionals need to know how to comply with laws and standards in information protection. In this course, Information Classification, you will learn foundational knowledge of asset protection and gain the ability to identify assets and provide them with adequate protection. First, you will learn about information classification and ownership. Next, you will discover the legal aspects of intellectual property protection. Finally, you will explore how to manage all of the assets of the organization. When you’re finished with this course, you will have the skills and knowledge of information security needed to be an effective manager and practitioner in information management.

Table of contents
  1. Course Overview
  2. Information Ownership
  3. Data Retention and Deletion
  4. Protection of Intellectual Property
  5. Security Concerns During Divestitures and Acquisitions
  6. Asset Management

Personnel Security

by Kevin Henry

Apr 13, 2018 / 1h 19m

1h 19m

Start Course
Description

As a Security Professional you will have to work with people both within and outside of the organization. In this course, Personnel Security, you will first learn how to build a security team and assign roles and responsibilities. You will then gain an understanding on importance of employee management procedures and training and the way to communicate security concepts effectively. Finally, you will learn the role of ethics in the organization and how it involves the security department. By the end of this course, you'll be knowledgeable in the area of personnel security and making people a part of your information protection strategy.

Table of contents
  1. Course Overview
  2. The People Problem
  3. Disciplinary Action and Termination
  4. Ethics and Culture

Risk Assessment and Management

by Kevin Henry

May 24, 2018 / 2h 32m

2h 32m

Start Course
Description

Security Professionals rely on risk management to justify and develop an Information Security program. In this course, Risk Assessment and Management, you will learn comprehensive knowledge of risk management and the theories, concepts, and practices of threat modeling and enterprise risk management. First, you will learn about establishing the context for risk management. Next, you will compare the various methods of risk assessment. Finally, you will examine the options for risk response and monitoring. When you’re finished with this course, you will have the skills and knowledge of information security needed to be an effective manager and practitioner in information and risk management.

Table of contents
  1. Course Overview
  2. Risk Frameworks - ISO27005, 31000, NIST, HTRA
  3. Framing Risk
  4. Assessing Risk
  5. Mitigating Risk
  6. Monitoring Risk

Security Controls and Control Frameworks

by Kevin Henry

Jun 7, 2018 / 59m

59m

Start Course
Description

It can be challenging to evaluate and select the best controls for an organization. Through this course, Security Controls and Control Frameworks, you will gain an understanding of the risk associated with the development of a security control framework, and how to address it. You will first learn the various types of controls and the factors used in establishing an effective security infrastructure. Next, you will examine the strengths of various types of controls including managerial, technical, and environmental controls that can be deployed to prevent and react to security incidents. Finally, you will examine how to test and evaluate the effectiveness of controls in relation to risk and compliance. When you're finished with this course, you will have the skills and knowledge needed to be an effective contributor to the design of secure information systems and business processes.

Table of contents
  1. Course Overview
  2. Types of Controls
  3. Control Selection Criteria

Intermediate

In this section, you will learn why business success depends on how prepared your organization is for any incident that could affect your business operations. You'll review how to prepare, detect, correct, and recover from incidents. You will observe how to write, test, and maintain business continuity plans. You'll review the effectiveness of information security risk and controls through audit, monitoring, and reporting.

Investigations and Incident Management

by Kevin Henry

Jun 13, 2018 / 1h 2m

1h 2m

Start Course
Description

The use of risk management and control frameworks should help an organization to avoid and reduce the impact of incidents, but despite all of that, the information security professional must be ready when something goes wrong. In this course, Investigations and Incident Management, you will learn how to handle an incident with expertise and skill. First, you will touch on how to prepare for incident management. Then you will see how to detect, correct, and recover from incidents. Finally, you will discover how to conduct and learn from investigations, so that the incident management process can be better prepared for future adverse events. When you're finished with this course, you will have the skills and knowledge needed to handle incidents in a professional and competent manner.

Table of contents
  1. Course Overview
  2. Fundamentals of Investigations
  3. Introduction to Incident Management
  4. Incident Management Process

Business Continuity Management

by Kevin Henry

Jun 13, 2018 / 1h 35m

1h 35m

Start Course
Description

Business success depends on being prepared for any incident that could affect business operations. The art and science of Business Continuity Management is essential to handling any problem in a calm and forward-thinking manner. In this course, Business Continuity Management, you will gain understanding of maintaining resilience through incidents of your business operations. First, you will learn how to prepare a business continuity plan. Then, you will learn how to analyze the business to discover important products, services, and critical timelines for recovery. Finally, you will learn how to write, test, and maintain business continuity plans. When you're finished with this course, you will have the skills and knowledge needed to contribute to the development of business continuity and disaster recovery plans.

Table of contents
  1. Course Overview
  2. Business Continuity Management Process
  3. Business Impact Analysis
  4. Create Contingency Strategies
  5. Writing Business Continuity Plans
  6. Implementing, Testing, and Maintaining Business Continuity Plans

Security Operations

by Kevin Henry

Mar 27, 2019 / 2h 19m

2h 19m

Start Course
Description

All the elements of a security program come down to the need to have a secure operations process. In this course, Security Operations, you will explore the core requirements of implementing the processes to manage an operational security team. First, you will learn about operations functions, then about incident management and business continuity. Next, you will discover change management and secure configurations. Finally, you will explore the topics of backups and media management. By the end of this course, you will have the knowledge needed to implement an information security management program and to be a skilled information security manager.

Table of contents
  1. Course Overview
  2. Administration of Secure Information Systems
  3. Change Control and Secure Configuration
  4. Backup and Media Management

Security Control Assessment

by Kevin Henry

May 24, 2019 / 2h 37m

2h 37m

Start Course
Description

Security assessment is an important but often misunderstood integral part of an information security management program. Many tests and audits fail to provide value or adequate insight into security risk and controls. In this course, Security Control Assessment, you will learn the various types of security assessments that should be conducted. First, you will explore the topic of designing an assessment strategy. Next, you will discover the skills and approaches to use to conduct effective testing. Finally, you will gain an understanding of security audits, log monitoring, and reporting results to management. When you are finished with this course, you will have the skills and knowledge of security assessment and testing needed to provide and assess an information security management program.

Table of contents
  1. Course Overview
  2. Testing and Assessment of Information and Information Systems
  3. Testing Strategy and Assessment
  4. Audit and Reporting

Law, Ethics, and Security Compliance Management

by Christopher Rees

Mar 18, 2020 / 2h 8m

2h 8m

Start Course
Description

Businesses of all sizes can operate on a global scale. Privacy laws and data protection laws continue to evolve and become more restrictive. It's important for leaders to understand the changing landscape and what compliance means for their company. In this course, Law, Ethics, and Security Compliance Management, you will learn the foundations of global privacy law, import/export regulations, and how they can impact your organization. First, you’ll learn about the ever changing global privacy laws such as GDPR and CCPA. Next, you’ll learn about pertinent intellectual property concepts laws, along with key import/export laws. Finally, you’ll learn about the importance of taking an ethical approach to compliance management and how that not only strengthens your company’s security posture, but ensures the best chance for compliance with applicable laws and regulations. When you're finished with this course, you'll understanding global privacy laws, import/export laws, and how various regulations can affect a business.

Table of contents
  1. Course Overview
  2. Global Privacy Laws
  3. Intellectual Property and Import/Export Laws
  4. Ethical Considerations in IT Security
  5. Security Compliance Management

Advanced

Advanced Description: In this final section, you will review how to assess your organization's security disposition through audit and governance. You'll identify how to create business cases to justify security investments that support your business mission. You will define how to build and implement a security awareness training program that makes sense for your organization's specific needs.

Evaluating Your Organization’s Security Posture

by Paul Mealus

Dec 11, 2018 / 3h 22m

3h 22m

Start Course
Description

Assessing your organization’s security is a long process consisting of many moving parts. In this course, Evaluating Your Organization’s Security Posture, you will gain the ability to complete an end-to-end security evaluation to provide a “map” of your company’s security posture. First, you will learn about the practices of security evaluation. Next, you will discover the many tools and techniques available. Finally, you will explore how to effectively juggle the amount of work, evidence, and data collection required of an assessment. When you’re finished with this course, you will have the skills and knowledge of auditing, governance, and critical thinking needed to evaluate your organization’s security.

Table of contents
  1. Course Overview
  2. The Case for Evaluating Your Organization’s Security
  3. Planning and Organizing the Evaluation
  4. Collecting Data and Conducting Interviews
  5. Evaluating Your Organization’s Physical Security
  6. Evaluating the External Footprint
  7. Evaluating the Internal IT Security Posture
  8. Evaluating the Weakest Link - Social Engineering
  9. Setting the Benchmark and the Concept of Iterative Evaluations
  10. Wrapping the Security Evaluation

Running the Business of Information Security

by Bobby Rogers

Oct 4, 2019 / 1h 58m

1h 58m

Start Course
Description

Most people know that information security is about protecting information systems and data, managing cyber risk, and ensuring compliance with governance. However, the security function of a business is also a business function unto itself. It is managed like any other business function, whether it involves staffing with qualified personnel, tracking projects, or managing the security budget. In this course, Running the Business of Information Security, you will learn your key to getting the focused knowledge you need to have, both for the real world and advanced certification exams. First, you’ll explore preparing budget requests based upon programmed organizational security needs. You’ll also learn how to manage the security budget and other resources to their maximum effectiveness. Next, this course will show you how to create business cases to justify security investments and expenditures to support the business mission and goals. You’ll also learn how to manage a dynamic budget based upon changing cybersecurity and business risk. Finally, you’ll discover how to prepare, present, and report security budget status to include expenditures, investments, and other critical budget information. By the end of this course, you’ll have the advanced knowledge you need to help you manage the cybersecurity program’s budget in your organization, as well as to help pass advanced cybersecurity management certification exams.

Table of contents
  1. Course Overview
  2. Understanding the Business of Security
  3. Obtaining and Developing the Security Budget
  4. Managing the Security Budget
  5. Developing Business Cases for Security Investments
  6. Managing Risk-based Security Budget Changes

Developing and Implementing Vulnerability Management Programs

by Prashant Pandey

Oct 4, 2019 / 1h 20m

1h 20m

Start Course
Description

Developing a vulnerability management program is as much a challenge as implementing the same. In this course, Developing and Implementing Vulnerability Management Programs, you will learn to quickly design, implement, measure, and enhance your vulnerability management program based on the needs of your organization. First, you will learn to define a VM framework, then develop our VM program. Next, you will discover how to implementing the VAPT and patch management activities. Finally, you will define the KPIs for monitoring the performance of the VM program. When you are finished with this course, you will be able to design a VM program for an organization of any size or vertical.

Table of contents
  1. Course Overview
  2. Developing a Vulnerability Management Framework
  3. Creating a Vulnerability Management Program
  4. Vulnerability Remediation and Exception Handling
  5. Monitoring and Evaluating the Vulnerability Management Program

Building and Implementing a Security Awareness Training Program

by Jeremy Turner

Oct 26, 2018 / 2h 34m

2h 34m

Start Course
Description

Did you know that the biggest threat to an organization is its own employees? Have you tried phishing simulations or basic information security awareness training lectures at your organization but feel like something is missing? In this course, Building and Implementing a Security Awareness Training Program, you will learn everything required to setup a program from scratch that makes sense for your organization's unique needs. First, you will learn the critical elements of any security awareness training program that must be in place before you even think about sending that first phishing simulation email. Next, you will learn how to properly scope and develop security awareness and training material that is razor-sharp focused and can be presented in a way that will convince your leadership to give you a healthy budget. Finally, you will learn how to deal with many common problems that plague security awareness training programs by using a number of communication techniques and ensuring that the right performance metrics are in place that will prove your program is winning. When you are finished with this course, you will have the skills and knowledge required to step into any organization and develop an information security awareness training program that will inspire your organization to be more security minded in a manner that doesn't waste everyone's time.

Table of contents
  1. Course Overview
  2. Making Sure You Are Not Building on Sand
  3. Setting up the Program Foundation
  4. Selling the Program
  5. Preparing the Content
  6. Implementing Awareness and Training
  7. Monitoring and Improving Your Program
  8. Knowing When Your Program Is Winning
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit