5.1 – Security Governance
Security Policies
Policies are the foundation of our security processes and procedures. In this video, you’ll learn about information security policies, acceptable use policies, business continuity, and more.
Security Standards
Some security parameters are administratively managed. In this video, you’ll learn about standards for password policies, access control, physical security, and more.
Security Procedures
IT security maintains a number of procedures to ensure control of data and services. In this video, you’ll learn about change management, onboarding, offboarding, playbooks, and more.
Security Considerations
There are many requirements associated with IT security. In this video, you’ll learn about regulatory requirements, legal issues, industry standards, and more.
Data Roles and Responsibilities
The management of data is the responsibility of many individuals. In this video, you’ll learn about data owners, data controllers, data processors, and more.
5.2 – Risk Management
Risk Management
Risk management helps to understand the potential risks to an organization. In this video, you’ll learn about risk assessments, ad hoc assessments, and recurring assessments.
Risk Analysis
To manage risk, we have to understand the risk we carry. In this video, you’ll learn about risk assessments, risk appetite, risk tolerance, and risk registers.
Risk Management Strategies
We have many options with managing risk. In this video, you’ll learn about transferring risk, accepting risk, avoiding risk, and more.
Business Impact Analysis
A security event can have a significant impact to the organization. In this video, you’ll learn how to determine a recovery time objective, recovery point objective, mean time to repair, and mean time between failures.
5.3 – Third-party Risk
Third-party Risk Assessment
It’s often necessary to work with third-parties to mitigate risk. In this video, you’ll learn about right-to-audit clauses, supply chain analysis, vendor monitoring, and more.
Agreement Types
Contracts and agreements are an important part of risk management. In this video, you’ll learn about service level agreements, memorandums of understanding, non-disclosure agreements, and more.
5.4 – Security Compliance
Compliance
Many organizations must meet a specific standard of laws, policies, and regulations. In this video, you’ll learn about regulatory compliance, reputational damage, compliance monitoring, and more.
Privacy
There are many laws and guidelines associated with the data collected by an organization. In this video, you’ll learn about legal implications associated with privacy, data responsibilities, and data inventory and retention.
5.5 – Audits and Assessments
Audits and Assessments
There are many good reasons to perform ongoing technology audits. In this video, you’ll learn about internal audits, external audits, and more.
Penetration Tests
Many audits use penetration tests to gather information about a company’s security posture. In this video, you’ll learn about pentesting perspectives, reconnaissance techniques, and more.
5.6 – Security Awareness
Security Awareness
It’s important to involve everyone in the organization when discussing security awareness. In this video, you’ll learn about phishing campaigns, anomalous behavior recognition, reporting options, and more.
User Training
User training can involve employees, management, third-parties, and other business parties. In this video, you’ll learn about training methods, security education, and more.