The Ultimate goal: To manage Information Security Governance and Risk Management
Title: The Ultimate goal: To manage Information Security Governance and Risk Management
Presenter: James D. Reeves | Senior Professional Staff II at Johns Hopkins University Applied Physics Laboratory
Description: This Common Body of Knowledge Workshop is one where â€œthe rubber meets the road.â€ In this workshop we will discuss the means for managing security for information assets with policy, standards, procedures and guidelines, and the means for assessing and where necessary, mitigating the risk to your organizationâ€™s information assets.The Information Security Governance and Risk Management domain entails the identification of an organizationâ€™s information assets and the development, documentation, implementation and updating of policies, standards, procedures and guidelines that ensure confidentiality, integrity, and availability. Management tools such as data classification, risk assessment, and risk analysis are used to identify threats, clarify assets, and to rate their vulnerabilities so that effective security measures and controls can be implemented.The Cyber Security certification candidate needs to understand security planning, identifying and securing organizationâ€™s information assets; the development and use of security policies, security training, the importance of confidentiality, proprietary and private information; third party management and service level agreements related to information security; employment agreements, employee hiring and termination practices, and risk management practices and tools to identify, rate, and reduce the risk to specific information resources.