Managing Information Security Processes using Metrics
4.5 (5 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
39 students enrolled

Managing Information Security Processes using Metrics

Achieve a positive Return of Investment from Information Security implementing information security processes!
4.5 (5 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
39 students enrolled
Last updated 5/2019
English
English [Auto]
Price: $99.99
30-Day Money-Back Guarantee
This course includes
  • 1.5 hours on-demand video
  • 13 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Use information security metrics for the effective management of information security
Requirements
  • The student should be working or preparing to work as an information security manager
Description

In this course you will master the design and operation of information security processes with metrics and you will be able to represent this metrics in compact and engaging dashboards or reports. You will learn what is a measurement, how your choice of a model influences what gets measured, what is the relationship between security activity and business goals, and how to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions.

Who this course is for:
  • Experienced information security professionals
Course content
Expand all 31 lectures 01:40:27
+ Introduction
2 lectures 03:56

We will set expectations, review the index of lectures, plan the homework, and optionally look into the advantages of O-ISM3

Preview 01:27

We will review the origins, most important features and significance of O-ISM3

Preview 02:29
+ Constraints and Solutions
1 lecture 03:49

We will overview the constraints that make information security management unique, and mitigating solutions and strategies for each constraint.

[Constraints] and Solutions]
03:49
+ Concepts
7 lectures 27:03

We will differentiate data from information and learn how this is significant for information security management.

Preview 01:27

We will highlight the consequences of using the right abstraction level when modeling organisations and their IT infrastructure

Preview 05:42

We will define measurement,  and learn how this is significant for using metrics.

S3 - L3 Measurement
04:05

We will define metrics, distinguish valuable from poor metrics, list their types, and learn how they can be used in information security management.

S3 - L4 Metrics
06:33

We will define knowledge management, list the types of documents that support knowledge management, and detail the content of some of the most important types of document, stressing the importance of Deliverables.

S3 - L5 Knowledge Management
06:48

We will define continuous improvement and how it relates to capability of a process

S3 - L6 Continuous Improvement
01:20

We will define what a process is and how it is connected to value of information security

S3 - L7 Process
01:08
+ Scope
1 lecture 00:44

We will list some common scopes to prompt you finding what are the important environments of your organisation.

S4 - L1 Common Environment Scopes
00:44
+ Goals
15 lectures 38:14

We will check an overview of the main goals of information security management

S5 - L1 Risks, Maturity and Benefits
01:09

We will check in detail how information security management helps meeting organisational goals, and how they are related to specific objectives. Finally we will check a simple way to agree on how much security is enough.

Preview 07:03

We will define security objectives using a scientific, independent of the observer, operational definition . This will enable us to define what an incident is, and detail in an objective way how to achieve each security objective.

S5 - L3 Security as an Emergent Property
03:18

We will define Secrecy objectives, define what a Secrecy incident is, and detail how to achieve Secrecy objectives.

S5 - L4 Secrecy
02:51

We will define Intellectual Property you Own objectives, define what a Intellectual Property you Own incident is, and detail how to achieve Intellectual Property you Own objectives.

S5 - L5 Intellectual Property you Own
02:55

We will define Intellectual Property you Use objectives, define what a Intellectual Property you Use incident is, and detail how to achieve Intellectual Property you Use objectives.

S5 - L6 Intellectual Property you Use
01:54

We will define Privacy objectives, define what a Privacy incident is, and detail how to achieve Privacy  objectives.

S5 - L7 Privacy
05:23

We will define Availability objectives, define what a Availability incident is, and detail how to achieve Availability objectives.

S5 - L8 Availability
02:40

We will define Retention objectives, define what a Retention incident is, and detail how to achieve Retention objectives.

S5 - L9 Retention
01:25

We will define Expiration objectives, define what a Expiration incident is, and detail how to achieve Expiration objectives.

S5 - L10 Expiration
01:12

We will define Quality objectives, define what a Quality incident is, and detail how to achieve Quality objectives.

S5 - L11 Quality
01:27

We will define Technical objectives, define what a Technical incident is, and detail how to achieve Technical objectives.

S5 - L12 Technical Objectives
01:44

We will define Compliance objectives, define what a Compliance incident is, and detail how to achieve Compliance objectives.

S5 - L13 Compliance Objectives
01:03

We will apply our understanding of security objectives to make measurements, asking questions to the relevant business stakeholder of the systems we need to protect.

S5 - L14 Assignment: Use Case
02:03

We will recap the list of security objectives types that help understand security requirements, and we will review the symptoms of not using security objectives and their benefits.

S5 - L15 Security Objectives Recap
02:07
+ Process Management
5 lectures 26:41

We will learn how to implement an information security management process, that as a suite conform an information security management system, leaning on the concepts learnt earlier in the course.

S6 - L1 Process Implementation
10:54

We will learn how to design and generate Reports that reflect faithfully the results of our information security processes.

S6 - L2 Situational Awareness
04:27

We will learn how to use the information from Reports to take effective decisions conducive to continuous improvement.

S6 - L3 Decisions and Changes I
04:31

We will learn how to use Meeting Minutes to reflect the decisions that are conducive to continuous improvement.

S6 - L4 Decisions and Changes II
01:04

We will review the homework, briefly recap the most important points of the course, indicate next steps and suggest additional aspects of information security management to delve into.

S6 - L5 Summary
05:45