Exam Objectives 5.1
Summarize elements of effective security governance.
- Guidelines: Informed suggestions for task completion
- Policies: Organizational rules for specific areas:
- AUP: Guidelines for acceptable system usage
- Information security policies: Rules for protecting data and systems
- Business continuity: Strategies for operational sustainability
- Disaster recovery: Plans to restore operations post-disaster
- Incident response: Protocols for addressing security incidents
- SDLC: Framework for software development processes
- Change management: Managing changes in a structured manner
- Standards: Established criteria for consistency and quality:
- Password: Requirements for secure password management
- Access control: Control access to systems
- Physical security: Physical methods to protect assets and premises
- Encryption: Cryptographic techniques used to secure data
- Procedures: Established methods for task completion:
- Change management: Structured approach to change implementation
- Onboarding...