Information Security Management
Download as PPTX, PDF2 likes232 views
The document outlines key aspects of information security management, highlighting the importance of security controls in protecting the confidentiality, integrity, and availability of information. It covers governance, risk management, and compliance strategies, as well as third-party risk management (TPRM) processes to evaluate vendor risks. Additionally, it emphasizes the role of the Chief Information Security Officer (CISO) in aligning cybersecurity initiatives with organizational objectives.
Information Security Management
- 1. Copyright EC-Council 2020. All Rights Reserved. What Is Information Security Management?
- 3. Information Security Controls Information security controls are safeguards or countermeasures to reduce or mitigate security risks such as information systems breaches, data theft, and unauthorized access to information systems. Information security controls aim to protect the confidentiality, integrity, and availability of information.
- 4. Preventive Detective Corrective Forms of Security Controls
- 5. Compliance Controls Technical Controls Procedural Controls Access Controls Physical Controls Types of Security Controls
- 6. Governance Risk Compliance Governance: Approach led by the management leaders to manage IT operations and their alignment organization's business goals. Risk management: Identifies, analyzes, and responds accordingly to risks that might affect the organization’s security and business objectives. Compliance: Identify the applicable requirements like laws, regulations, contracts, strategies and policies along with assessment of the existing compliance, risks and potential costs of non-compliance.
- 7. Establish Security Standards Enforce Regulations and Best Practices Determine the Security Posture Purpose of Cyber Audit Cyber Audit
- 8. Cyber Security Audit Gap Analysis Vulnerability Assessment Remediation action points Cyber Incident Response Plan Employee Training & Awareness Cyber Strategy Report Cyber Resilience Assessment Vulnerability Scanning and Identification Configuration & Compliance Checks Malware Detection Web Application Scanning Reviewing Data Back-up & Recovery Strategies Cyber Audit - Process
- 9. Third-Party Risks Strategic Reputation Operational Transaction Compliance Third-Party Risks Management (TPRM) Third-party risk management (TPRM) is the process of evaluating and managing risks associated with third-party vendors or service providers. Depending on the nature of services outsourced, vendors may have access to your organization's intellectual property, data, operations, finances, customer information or other sensitive information. The risk arises if the security posture of third-party vendors are not evaluated and managed with due diligence.
- 10. Background checks to uncover risk indicators through detailed research into suppliers. Analyzing third-party capability, policies, and process. Remote and on-site inspections of the third- party’s risk control environment. Ongoing analysis of various internal and external data sources to identify new and emerging issues in the third-party portfolio. Identifying third-party risks based on the data harvested from the internet and proprietary databases. Best Practices for Third-party Risk Management (TPRM)
- 11. Strategic Role of a CISO Security Management Aligning Cyber Security Initiatives with Business Objectives Trends in Cyber Security Financial Planning Procurement and Budgeting Return on investment (ROI) Vendor Management The CISO plays a vital role in devising and implementing strategic plans to manage security risks and ensure that they are aligned with the organization’s objectives. Strategic Planning
- 12. To Learn More, Visit: www.ciso.eccouncil.org