Leadership and business management Course

Syllabus

Applying security principles into product development and project management: Analyzing the relationship between project time, scope and cost for the security program

Video - 00:04:00

Manage all aspects of the security program project.

Applying security principles into product development and project management: Identifying and applying the appropriate project management methodology

Video - 00:04:00

Working with the PMO, identify the appropriate project management methodology.

Applying security principles into product development and project management: Incorporating security into the project life cycle

Video - 00:05:00

Identify with the system owner, how security gets included in each phase of the life cycle.

Managing the security program: Integrating security into the Human Resource (HR) processes

Video - 00:06:00

Include security requirements within the different HR processes, from on-boarding to termination.

Managing the security program: Identifying communications issues including bottlenecks and barriers

Video - 00:03:00

Monitor the communication processes and adjust whenever there are issues identified.

Managing the security program: Resolving conflicts between security and the organization

Video - 00:03:00

Manage conflict resolution and escalate when necessary.

Managing the security program: Understanding and building cross-functional relationships

Video - 00:09:00

Recognize where resource requirements come from and establish those relationships.

Managing the security program: Determining and managing security team accountability

Video - 00:04:00

For those involved with security, establish accountability vis-à-vis their job description and/or performance reviews.

Managing the security program: Defining roles and responsibilities

Video - 00:10:00

For anyone involved with security, define their roles and responsibilities.

Preparing, obtaining and administering the security program budget: Manage and report on the financial responsibilities of security

Video - 00:06:00

Manage the security program's budget and report any variances to the program sponsor.

Preparing, obtaining and administering the security program budget: Adjust the budget based on changes in risk and/or threats

Video - 00:07:00

Maintain the budget as assets, threats, vulnerabilities, likelihood and/or impact change.

Preparing, obtaining and administering the security program budget: Prepare and gain approval for the annual budget

Video - 00:06:00

Prepare, submit and garner approval for the security program's annual budget.

Defining, measuring and reporting the security metrics: Using metrics as the driver for program development and operations

Video - 00:05:00

Use security program metrics to establish continuous improvement for the security program.

Defining, measuring and reporting the security metrics: Correlating the KPIs to the organization's risk posture

Video - 00:04:00

Once identified, establish traceability of the KPIs with the organization's risk posture.

Defining, measuring and reporting the security metrics: Identifying Key Performance Indicators (KPIs)

Video - 00:03:00

Work with the organization's management to identify the KPIs for the security program.

Managing the security awareness and training program: Monitoring and reporting on the effectiveness of the training program

Video - 00:04:00

Develop metrics for monitoring and reporting on the security awareness training program.

Managing the security awareness and training program: Identifying the security awareness training needs and implemented targeted training

Video - 00:06:00

Develop and implement targeted security awareness training.

Managing the security awareness and training program: Promoting the security awareness program to the organization

Video - 00:07:00

Establish a program to promote security awareness throughout the organization.

Managing the security requirements in third-party contracts and agreements: Monitoring and enforcing compliance with contractual agreements

Video - 00:04:00

Establish a program to review and enforce compliance within the third-party contractual agreements.

Managing the security requirements in third-party contracts and agreements: Ensuring that the appropriate regulatory compliance statements and requirements are included

Video - 00:08:00

Review policies to ensure that any regulatory compliance requirements are included.

Managing the security requirements in third-party contracts and agreements: Managing the impact of organizational change

Video - 00:06:00

Develop a process for managing change and its impact of the business.

Governing managed services

Video - 00:04:00

Develop oversight criteria for any organizational managed services.

Managing the security requirements in third-party contracts and agreements: Evaluating the service management agreements

Video - 00:08:00

Work with the business functional leaders to identify and evaluate any third-party service agreements.

Managing the security requirements in third-party contracts and agreements: Ensuring the security policy framework is periodically reviewed

Video - 00:09:00

Establish an administrative control (i.e., policy) review process.

Defining and maintaining the security policy framework: Developing standards, procedures, baselines and guidelines

Video - 00:09:00

Develop internal security policies, standards, procedures, baselines and guidelines.

Defining and maintaining the security policy framework: Advocate for and obtain the organization's support for the security policies

Video - 00:09:00

Once the security policies are developed, get management's explicit agreement and commitment.

Defining and maintaining the security policy framework: Establishing internal security policies

Video - 00:08:00

Develop internal security policies.

Defining and maintaining the security policy framework: Determining the data classification and protection requirements

Video - 00:08:00

Work with the business functional leaders to identify the data classification criteria and protection needs.

Defining and maintaining the security policy framework: Determining any applicable external standards

Video - 00:05:00

Review the available external security standards (e.g., ISO 27000, NIST XSF, etc.) and determine the appropriate one for the organization.

Defining and implementing the information security strategies: Recommend the security architecture and engineering theories, concepts and methodology

Video - 00:08:00

Review the available theories, concepts and methodologies regarding architecture and engineering alternatives and recommending a candidate to management.

Defining and implementing the information security strategies: Review the security strategies and maintain them

Video - 00:07:00

After implementation, review the security controls and adjust as necessary.

Defining and implementing the information security strategies: Manage the Implementation of the security strategies

Video - 00:04:00

Overseeing the implementation of the security controls.

Defining and implementing the information security strategies: Evaluate the organization's capacity and capability to implement the security strategies

Video - 00:06:00

Reviewing the organization's capability and capacity to implement and maintain the security controls.

Defining and implementing the information security strategies: Identify the security requirements from the business initiatives

Video - 00:05:00

Working with the business functional owners to identify their stakeholder security requirements.

Aligning the information security program with the organization's governance structure: Advocate and obtain support for the security initiatives from your organization

Video - 00:07:00

Presenting and getting management's buy-in to the information security program.

Aligning the information security program with the organization's governance structure: Confirm and validate the sources and boundaries of authorization

Video - 00:08:00

Identifying the authorizing official and their scope of authority.

Aligning the information security program with the organization's governance structure: Confirm and validate the roles of key stakeholders

Video - 00:09:00

Identifying key stakeholders and their place in the RACI chart.

Aligning the information security program with the organization's governance structure: Identify and navigate your organization's governance structure

Video - 00:09:00

How will governance (oversight) impact the information security program?

Establish security's role in the organizational culture, vision and mission: Define the relationship between the organization's culture and information security

Video - 00:07:00

How culture impacts information security.

Establish security's role in the organizational culture, vision and mission: Define information security's relationship with the overall business processes

Video - 00:06:00

Defining and establishing traceability with the business processes.

Establish security's role in the organizational culture, vision and mission: Align the information security program with the organization's goals, objectives and values

Video - 00:04:00

Identifying why alignment and traceability are critical to the information security program.

Establish security's role in the organizational culture, vision and mission: Define the information security program's vision and mission

Video - 00:09:00

Identifying what goes into the information security program's vision and mission statement.

Introduction to leadership and business management

Video - 00:08:00

This is an introduction to Domain 1 of ISSMP, Leadership and Business Management.

ISSMP Domain 1 Practice Exam

Assessment - 86 questions