Dated: 31-10-2024
Ch01. what is an Information Security Program
Project Definition
A project has a defined start and end point and specific objectives that, when attained, signify completion.
Program
A program is defined as a group of related projects managed in a coordinated way to obtain benefits not available from managing the projects individually.
Security Program
Sum-total of all activities planned and executed by the organization to meet its security objectives
Iso27001:2013 (ISMS) Requirements and Controls
- Policy
- Management commitment & performance review
- Risk management
- Asset management
- Access control
- Physical & environmental
- Operations security
- Communications security
- Incident management
- Business continuity
- Compliance
- Third-party reviews
Additional Notes
- 4-layer security transformation model may be implemented as an ideal security program
- After establishing a basic policy, the sequence of the program (steps 1 through 4) is paramount in order to achieve constructive results
Post Assessments
Which of the following is defined as a group of related projects managed in a coordinated way to obtain benefits not available from managing the projects individually.
- Information
- Assessment
- Data
- Program
which of the following is the sum of all activities planned and executed by the organization to meet its security objectives.
- Governance program
- Security program
- Recovery program
- Assessment program