Week 6

avatar
Created by
Daniel Shogun

Cards (32)

  • Strategic Planning - The actions taken by senior maangement to specify the long term-goals and objectives of the organization
  • Strategic Planning - to plant its future direction, actions, and efforts, and to estimate and schedule the of resources necessary to achieve those goals and objectives.
  • Strategic Plan - The documented products of strategic planning; a plan for the organization's intended strategic efforts over the next several years.
  • Goals - Sometimes used synonymously with objectives; the desired end of a planning cycle
  • Objectives - The intermediate states obtained to achieve progress toward a goal or goals
  • Tactical Planning - The actions taken by management to specify the intermediate goalks and objectives of the organization in order to obtain specified strategic goals, followed by estimates and schedules for the allocation of resources necessary to achieve those goals and objectives.
  • Tactital Plan - the documented product of tactical planning; a plan for the organization's intended tactical efforts over the next few years.
  • Operational Planning - the actions taken by management to specify the short-term goals and objectives of the organization in order to obtain specified tactical goals
  • Operational Plan - A plan for the organizations intended operational efforts on a day-to-day basis for the next several months.
  • Planning and the CISO - The first priority of the ____ and the information security management team is the creation of a strategic plan to accomplished the organization’s information security objectives.
  • Governance - The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direct, ensuring that objectives are achieved.
  • Corporate Governance - Executive management’s responsibility to provide strategic direct, ensure the accomplishment of objectives.
  • Corporate Governance - Oversee that risks are appropriately managed and validate responsible resource use.
  • Information Security Governance - The application of the principles of corporate governance to the information security function
  • de facto standard - A standard that has been widely adopted or accepted by a public group rather than a formal standards organization.
  • de jure standard - A standard that has been formally evaluated, approved, and ratified by a formal standards organization.
  • Guidelines - Within the context of information security, a set of recommended actions to assist an organizational stakeholder in complying with policy.
  • Information security policy - a set of rules that protects an organization information assets.
  • Policy - a set of principles or courses of action from an organizations senior management intended to guide decisions, actions, and duties of constituents.
  • Practices - Within the context of information security, exemplary actions that an organization identifies as ideal and seeks to emulate. These actions are typically employed by other organizations
  • Enterprise Information Security Policy - The high-level security policy that is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction scope, and tone for all security efforts
  • Enterprise Information Security Policy - It is also known as a general securty policy, organization security policy, IT security policy or information security policy.
  • Enterprise Information Security Policy - It is an executive level document usually drafted by or in cooperation with organizations chief information officer
  • Issue-specific Security Policy - Commonly referred to as a fair and responsible use policy; a policy designed to control constituents’ use of a particular resource, asset, or activity, and provided to support the organization’s goals and objectives.
  • System-specific Security Policy - Policy documents designed to bridge the gap between managerial guidance and technical implementation of a specific technology.
  • System-specific Security Policy - It often function as standards or procedures to be used when configuring or maintaining systems.
  • Managerial Guidance SysSP -A systems-specific security policy that expresses management’s intent for the acquisition, implementation, configuration, and management of a particular technology, written from a business perspective.
  • Technical Specifications SysSP - A systems-specific security policy that expresses technical details for the acquisition, implementation, configuration, and management of a particular technology, written from a technical perspective.
  • Technical Specifications SysSP - Typically, the policy includes details on configuration rules, systems policies, and access control
  • Four Planning Level; Tactical Planning, Tactical Plan, Operational Planning, Operational Plan
  • Three Information Security Governance; Governance, Corporate Governance, Information Security Governance
  • Five Goals of Information Security Governance; Strategic Alignment, Risk Management, Resource Management, Performance Measurement, Value Delivery