Mitigating Security Risks: Information Security Governance

IN THIS COURSE

• 1.  Course Overview
  1m 43s
  In this video, you’ll learn more about the course and your instructor. In this course, you’ll learn about information security governance. You’ll also learn to identify the importance of security governance and to learn how it plays a key role in security strategy. You’ll discover various aspects of security governance such as its roles, methods to create and review, and reasons for ineffective security governance. You’ll also cover best practices for security governance. FREE ACCESS
• 2.  Information Security Governance
  2m 42s
  In this video, you’ll learn more about the concept of information security governance. You’ll learn security governance is a method by which an organization directs and controls its IT security. The goal of security governance is to ensure security strategies of organizations are aligned with business objectives, mission, and vision. Security governance also ensures security strategies are consistent with regulations, laws, and compliance programs. FREE ACCESS
• 3.  The Need for Security Governance
  4m 55s
  In this video, you’ll learn more about the reasons for security governance. You’ll learn the implementation and existence of security governance helps you fulfill several goals. First, it helps you bring together business goals and vision. Next, security governance helps you follow best practices. Additionally, security governance helps you bring together and ensure technical requirements are understood and implemented properly. It also helps you meet regulatory and legal requirements. FREE ACCESS
• 4.  The Benefits of Security Governance
  4m 38s
  In this video, you’ll learn more about the benefits of security governance. First, you’ll learn about increased market value. Customers have more trust in organizations with security governance frameworks in place, allowing these organizations to generate more business. Organizations with a security compliance framework are more likely to get more business from the market. This increases the market value. Secondly, it lowers security risks, because security governance has a deployed risk management program. FREE ACCESS
• 5.  Security Governance and the CIA Triad
  2m 33s
  In this video, you’ll learn more about the CIA Triad and its relation with security governance. You’ll learn about the CIA Triad’s three key components, confidentiality, integrity, and availability. Confidentiality in information security means information should only be accessible to authorized individuals and shared on a need-to-know basis. Next, integrity implies accuracy, reliability, and completeness of information. Information systems and information need to be protected from unauthorized tampering, modification, or alteration. FREE ACCESS
• 6.  Security Governance Outcomes
  2m 19s
  In this video, you’ll learn more about security governance outcomes. You’ll learn the first outcome is risk management. It helps you identify, manage, and mitigate risks. The second outcome is strategic alignment. Security governance helps you align Information security with organizational objectives. Next, comes performance management which is defining, reporting, and using security governance metrics. It can also help you monitor and report security processes. FREE ACCESS
• 7.  Security Governance vs. Security Management
  3m 34s
  In this video, you’ll learn more about the differences between security governance and security management. You’ll learn that when you talk about decisions in terms of security management, it’s all about how to mitigate the risk. Security governance decides who is authorized to take a decision. Next, when it comes to security control, security management only looks after the implementation of the security controls. They ensure security controls are appropriately placed and implemented. FREE ACCESS
• 8.  The Elements of Security Governance
  6m 1s
  In this video, you’ll learn more about security governance elements. You’ll learn some of the key elements are strategic planning, organizational structure, the establishment of roles and responsibility, integration with the enterprise architecture, and documented security objectives in policies. In this video, you’ll look at each of these in detail. FREE ACCESS
• 9.  The Role of a Security Policy
  2m 54s
  In this video, you’ll learn more about what security policy is. You’ll learn security policy defines the rules and guidelines for using assets. It also defines how an organization manages, protects, and distributes information. Basically, it defines how the confidentiality, integrity, and availability of assets and the information within the organization needs to be protected. A security policy is a live document and needs to be continuously updated with changing requirements. FREE ACCESS
• 10.  IT Governance Frameworks
  12m 56s
  In this video, you’ll learn more about IT governance frameworks. You’ll learn there are different types of IT governance frameworks available. Not all IT governance frameworks will fit every organization. Depending on the nature of work your organization does, you’ll need to adopt the appropriate IT governance framework. Here, you’ll learn about some of the key IT governance frameworks available today. These include ISO 27001, PCI-DSS, then HIPAA, ITIL, and COBIT. FREE ACCESS
• 11.  The Role of Senior Management in Security Governance
  7m 15s
  In this video, you’ll learn more about the key management problems. You’ll learn what happens with management in the context of security. You’ll also learn about security governance as it pertains to management responsibilities and their roles within security governance. First, you’ll discover management does not deal with security, the board of directors doesn’t get involved with strategic security decisions.  FREE ACCESS
• 12.  Methods to Create and Deliver Governance
  6m 33s
  In this video, you’ll learn more about the four essential practices for a board within an organization. You’ll also learn about the paradigm shift and what is happening now in the context of security. You’ll learn about some of the senior management responsibilities. First, you’ll learn the board of directors, the chief information security officers, steering committee, and other executives, come up with a security strategy that helps in developing and providing strategic direction. FREE ACCESS
• 13.  Senior Management Roles and Responsibilities
  5m 15s
  In this video, you’ll learn more about the key steps in security governance. These include create, deliver, and review. You’ll learn that to ensure security governance there are three steps you have to follow. First, you must Create Governance within the organization. Second, you need to Deliver Governance through the right stakeholders, and third, you have to Review the governance on a periodic basis to ensure everything is working as expected. FREE ACCESS
• 14.  Methods to Review Governance
  3m 43s
  In this video, you’ll learn more about the reasons for reviewing governance and what do you do when you review governance. You’ll learn the reasons to review governance include because you want to find any mismatch between security goals and strategic goals. Your security goals should be based on your strategic goals. If they’re a mismatch, you can track this by reviewing governance. Reviews also help you find any security gaps in the implementation. FREE ACCESS
• 15.  Signs of Security Governance
  3m 50s
  In this video, you’ll learn more about the signs of good security governance. First, you’ll everyone in the organization must be involved. This is because the security governance must start from top, the board, and go down to the last user. Everyone should know the importance of security and comply with it. The board must be involved in security-related decisions, which means they are not isolated. FREE ACCESS
• 16.  Missing Security Governance
  2m 55s
  In this video, you’ll learn more about what happens if there is an absence of security governance. You’ll learn there are several key things that can happen when there’s an absence of security governance. This means the organization doesn’t have security policies or procedures in place. Or, even if the organization does have security governance in place, if the security policies and procedures are outdated they cannot be followed with the current security posture. FREE ACCESS
• 17.  Reasons for Ineffective Security Governance
  2m 35s
  In this video, you’ll learn more about the reasons for ineffective security governance. The first reason could be there’s no authority delegation, which means there’s no authority to make decisions for security implementation. The next reason could be there’s no one to drive the security team to look at the security posture of the organization. Additionally, there may be no budget control authority, which means budgets aren’t properly defined. FREE ACCESS
• 18.  Methods to Implement Security Governance
  3m 5s
  In this video, you’ll learn more about security governance best practices. You’ll look at some of the best practices to apply security governance within your organization. Information security activities should be governed based on the relevant information and requirements. These include law, regulations, and organizational policies. Information security responsibilities should be assigned and carried out by trained individuals within the organization. FREE ACCESS
• 19.  The Security Governance Structure
  2m 3s
  In this video, you’ll learn more about security governance structures. You’ll learn there are three. You could have the centralized structure, the decentralized, or a hybrid structure. You’ll learn the centralized governance structure is controlled by a centralized team which consists of top executives within the organization. A decentralized governance structure works at the department level. They oversight responsibilities at their department level. The hybrid governance structure is a combination of centralized and decentralized structure. FREE ACCESS
• 20.  Course Summary
  1m 38s
  In this video, you’ll summarize what you’ve learned in the course. You learned the basic concepts of security governance along with the concepts related to it. You explored information security governance, need for security governance, benefits of security governance, security governance and the CIA triad, and security governance outcomes. You also learned about security governance and security management, elements of security governance, role of a security policy, IT governance frameworks, and senior management. FREE ACCESS