Compliance and Operational Security Scenarios

Course Description

Provides a discussion of the role of security governance and risk management in information security. It looks at the policies and standards that are needed to operate an effective information security function and to oversee strong information security practices. Features a number of fictional scenarios based on compliance and operational security to allow you to practice the concepts learned in the material.

Learning Outcomes

After completing this course, the learner should be able to:

• Discuss the foundational concepts of security governance (the CIA triad) and understand the job of overseeing data security
• Describe the role of policies, procedures, standards, and guidelines in information security
• Understand the types of security controls that an organization can employ and the concept of defense in depth
• Discuss ethical, regulatory, and privacy issues as they relate to information security
• Discuss different management practices for overseeing an effective information security function
• Identify common information security risks and threats
• Describe the process for conducting a risk assessment
• Identify the purpose and components of a disaster recovery plan and business continuity
• Understand the role of auditing and testing in information security governance
• Identify common threats and vulnerabilities
• Provide appropriate guidance in response to real-world scenarios that highlight compliance and operational security problems