Development of Information Security Program
Importance of the Program
Outcomes of Security Program Development
Effective Information Security Program Development
Lesson 2: Information Security Program Objectives
Cross Organizational Responsibilities
Program Objectives Part 1
Program Objectives Part 2
Defining Objectives Part 1
Defining Objectives Part 2
Lesson 3: Information Security Program Development Concepts Part 1
Information Security Program Development Concepts Part 2
Technology Resources
Information Security Manager
Lesson 4: Scope and Charter of Information Security Program Development
Assurance Function Integration
Challenges in Developing Information Security Program
Pitfalls
Objectives of the Security Program
Program Goals
The Steps of the Security Program
Defining the Roadmap Part 1
Defining the Roadmap Part 2
Elements of the Roadmap Part 1
Elements of the Roadmap Part 2
Elements of the Roadmap Part 3
Elements of the Roadmap Part 4
Elements of the Roadmap Part 5
Gap Analysis
Lesson 5: Information Security Management Framework
Security Management Framework
COBIT 5
ISO/IEC 27001
Lesson 6: Information Security Framework Components
Operational Components Part 1
Operational Components Part 2
Management Components
Administrative Components
Educational and Informational Components
Lesson 7: Information Security Program Resources
Resources
Documentation
Enterprise Architecture Part 1
Enterprise Architecture Part 2
Enterprise Architecture Part 3
Controls as Strategy Implementation Resources Part 1
Controls as Strategy Implementation Resources Part 2
Controls as Strategy Implementation Resources Part 3
Controls as Strategy Implementation Resources Part 4
Common Control Practices
Countermeasures
Technologies Part 1
Technologies Part 2
Technologies Part 3
Technologies Part 4
Personnel Part 1
Personnel Part 2
Security Awareness
Awareness Topics
Formal Audits
Compliance Enforcement
Project Risk Analysis
Other Actions
Other Organizational Support
Program Budgeting Part 1
Program Budgeting Part 2
Lesson 8: Implementing an Information Security Program
Policy Compliance
Standards Compliance
Training and Education
ISACA Control Objectives
Third-party Service Providers Part 1
Third-party Service Providers Part 2
Integration into Lifecycle Processes
Monitoring and Communication
Documentation
The Plan of Action Part 1
The Plan of Action Part 2
Lesson 9: Information Infrastructure and Architecture
Managing Complexity Part 1
Managing Complexity Part 2
Objectives of Information Security Architectures Part 1
Objectives of Information Security Architectures Part 2
Physical and Environmental Controls
Lesson 10: Information Security Program
Information Security Program Deployment Metrics
Metrics
Strategic Alignment
Risk Management
Value Delivery
Resource Management
Assurance Process Integration
Performance Measurement
Security Baselines
Lesson 11: Security Program Services and Operational Activities
IS Liaison Responsibilities Part 1
IS Liaison Responsibilities Part 2
Cross-Organizational Responsibilities
Security Reviews and Audits Part 1
Security Reviews and Audits Part 2
Management of Security Technology
Due Diligence Part 1
Due Diligence Part 2
Compliance Monitoring and Enforcement Part 1
Compliance Monitoring and Enforcement Part 2
Assessment of Risk and Impact Part 1
Assessment of Risk and Impact Part 2
Outsourcing and Service Providers
Cloud Computing Part 1
Cloud Computing Part 2
Cloud Computing Part 3
Integration with IT Processes