Information Security for Decision-makers Proficiency (Advanced Level)

  • 29m
  • 29 questions
The Information Security for Decision-makers Proficiency (Advanced Level) benchmark measures your extensive experience with information security issues and processes. A learner who scores high on this benchmark demonstrates years of experience managing and designing InfoSec teams and processes and is thought of as an InfoSec thought leader. They can also work independently with little to no supervision.

Topics covered

  • conduct a security risk analysis
  • describe how confidence and positivity can help inspire a better work place
  • describe how to best identify an actual incident
  • describe the role forensic investigators play on an infosec team
  • describe the steps to ensure an incident is properly investigated
  • differentiate between quantitative and qualitative risk analysis
  • establish an information security compliance plan
  • identify the importance of data classification
  • list best practices to follow for vendor risk management
  • name common risk assessment tools and outline how they can be used for risk assessments
  • outline common responsibilities for junior network engineers and computer technicians
  • outline common roles and responsibilities for dealing with risk, including those of senior management and risk assessors
  • outline critical parts to include when creating a vendor risk management checklist
  • outline how cryptography techniques are used to secure data and communications
  • outline how data classification planning can help restrict and categorize data by type, sensitivity, and business value
  • outline how good information security leaders are also creative yet accountable
  • outline the importance of containing a situation and how a strategy can help prevent further snowballing
  • outline the importance of properly training and evaluating employees on security awareness
  • plan for resiliency through detection, response, and recovery
  • provide an overview of the access control security technique and differentiate between physical access control measures and logical controls
  • provide an overview of the responsibilities of information owners
  • recognize how defense in depth is used to provide a layered approach to security
  • recognize how security governance can be used to control and direct security activities
  • recognize the importance of disaster recovery and incident management planning
  • recognize the importance of having a security leader who is empathetic and humble
  • recognize the importance of having a sound incident response and management strategy in place
  • recognize the importance of having a structured process in place to identify, assess, and mitigate risk
  • recognize the responsibilities of a digital/computer forensic examiner
  • recognize the typical lifecycle of a vendor relationship