Enterprise Information Security Management
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
5 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Enterprise Information Security Management to your Wishlist.

Add to Wishlist

Enterprise Information Security Management

Part 2: Models, Frameworks, and Approaches
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
5 students enrolled
Last updated 7/2017
English
English
Current price: $10 Original price: $95 Discount: 89% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 3.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Student will learn major measures organizations take to manage information security and solve information security problems.
  • After learning the course student can compare their own organization with conditions in the courses, to gain a better decission of what models, frameworks and approaches to take to achieve a better level secuirty in their organization.
View Curriculum
Requirements
  • You should know basic concept of IT security and enterprise management.
  • You should have basic understanding on risk management.
Description

The purpose of this series course is to address the growing challenges of managing information security risks in enterprise and government organizations, prompted by the complexity and risks of today’s changing technological landscape, as well as increasingly demanding business aspirations. These challenges are further escalated by the inadequacies of existing risk management models and professional development approaches.

Similar to warfares,In information security, there are various strategies, frameworks, approaches, and models, that have been developed over the years, which could help practitioners design, plan, build, deploy, and operate an information security management program in organizations. In this part, we'll discuss how organizations use them.

By the end of this module, you should gain a level of understanding of the models, frameworks, strategies, and approaches applicable to enterprise information security management; discourse their pros and cons, and apply your learning to given scenarios and in your organizations.

Who is the target audience?
  • Information Security Managers
  • CISO
  • CTO
  • Security Practitioners
  • Security Engineers
  • Compliance Managers
  • Risk Analysts
  • IT Auditors
  • IT Managers
Compare to Other Information Security Courses
Curriculum For This Course
88 Lectures
03:32:13
+
1. Overview of Models, Frameworks, and Approaches in Information Security Manage
7 Lectures 16:11



1.4 Three Major Frameworks
03:58

1.5 Policy, Standards, Guidelines, and Best Practices
02:36

1.6 Relationship between Policy, Standards, Guidelines, and Best Practices
02:16

1.7 Program, Projects and Plan
02:31
+
2. Military (Government) Security Approach
5 Lectures 16:04

2.2 Information Classification, Security Clearance and Access Control
04:30

2.3 Need to Know Principle
03:15

2.4 Least Privilege and Need to Hold
02:03

2.5 Summary for Military Security Approach
04:45
+
3. Commercial Security Approach
7 Lectures 17:17

3.2 Discretionary Access Control (DAC) Policy
01:43

3.3 Clark & Wilson’s Integrity Model
02:45

3.4 Brewer and Nash’s Security Model
01:37

2.3.5 Weakest link and Defense in Depth
01:32

3.6 Baseline security
02:32

3.7 Summary for Commercial Security Approach
06:01
+
4. Risk-Based Approach
19 Lectures 46:38

4.2 Complex Systems
02:54

4.3 Diver and Motivation for Risk-Based Approach
03:26

4.4 Risk Management Objective
01:50

4.5 Risk Management Process
01:18

4.6 A Quick Recap on Risk
02:32

4.7 Risk Assessment-Quantitative Assessment
08:19

4.8 Qualitative Risk Assessment
02:00

4.9 Scenario-Based Assessment (Qualitative)
01:42

4.10 Risk Treatment
01:37

4.11 Cost of Security Controls
02:08

4.12 Residual Risks
01:59

4.13 ISOIEC 27001 ISMS
02:23

4.14 Benefits of ISOIEC 27001 ISMS
02:30

4.15 Measuring Effectiveness
02:42

4.16 Risk of Risk-based Approach
02:46

4.17 Operational Challenges
01:47

4.18 Certification Challenges
01:38

4.19 Summary for Risk-Based Approach
02:13
+
5. Responsive security
20 Lectures 56:42

5.2, The Circular Problem of Information Security Principles
03:22

5.3 Social-technical Issues and Dilemmas - Measurability of Outcomes
01:53

5.4.Social-technical Issues and Dilemmas - Fear, Uncertainty, Doubt
03:01

5.5.Social-technical Issues and Dilemmas - Compliance, Audit and Performance
01:27

5.6.Social-technical Issues and Dilemmas - Organizational Silo
03:07

5.7 Solution for Social-technical Issues and Dilemmas - Responsive Security
01:24

5.8 Piezoelectric Theory of ISRM
02:57

5.9 A Recap on Risk
01:19

5.10 Three Steps to Reduce Exposure
00:11

5.11 Key Principles to Address Risk and Uncertainties
05:16

5.12 Social Methods for Responsive Security
02:23

5.13 Technical Tools and Methods for Responsive Security
07:02

5.14 Outcome of Responsive Security
02:46

5.15 Case Study - Anti-Phishing Campaign
08:13

5.16 Inspiration on Responsiveness from the Case Study
03:27

5.17 Towards criticality alignment - Why
00:30

5.18 Towards criticality alignment - How
01:26

5.19 Architecture of A Responsive Security System
01:34

5.20 Summary for Responsive Security
04:54
+
6. Balanced Security Scorecard (BSS)
11 Lectures 19:18
6.1 Balanced Security Scorecard - from Approach to Strategic Execution
01:07

6.2 A Brief Background for Balanced Security Scorecard (BSS)
00:45

6.3 Key Principle and Functions of BSS
01:18

6.4 Kaplan and Norton’s Balanced Scorecard
01:23

6.5 Kaplan and Norton’s Balanced Scorecard - Improve cost and productivity
02:02

6.6 Kaplan and Norton’s Balanced Scorecard - Reduce Risk 音频已提取.wav
03:42

6.7 Drivers and Motivations
01:35

6.8 Focus of Resources
02:09

6.9 Performance
01:11

6.10 Outcomes
02:16

6.11 Remarks on Balanced Security Scorecard
01:50
+
7. Security Maturity Model
11 Lectures 25:10
7.1 Introduction to Security Maturity Model
01:51

7.2 A Brief Background for Security Maturity Model
00:26

7.3 Developments of Security Maturity Model
02:31

7.4 Process, Capability, and Maturity
01:19

7.5 ISO-IEC 21827 (2008) and O-ISM3
02:14

7.6 Key Characteristics of ISM3
02:07

7.7 Process, Capability, and Maturity in ISM3
02:06

7.8 Measurability of Security Outcomes in ISM3
01:32

7.9 Integration of ISM3 with ISOIEC 27001 ISMS
03:56

7.10 Information Security Program CMM 音频已提取.wav
01:19

7.11 Summary for Security Maturity Model
05:49
+
8. New School of Information Security
4 Lectures 05:16
8.1 New School Approach of Information Security
00:38

8.2 A Brief Background for New School Approach
00:38

8.3 Key Principles of New School Approach
03:06

8.4 Remarks on New School Approach
00:54
+
9. Other Models/Approaches
4 Lectures 09:37
9.1 IT Infrastructure Library (ITIL) Service Management Framework
01:53

9.2 Control Objectives for Information and Related Technologies (COBIT)
02:36

9.3 Statement on Standards for Attestation Engagements (SSAE 16)
03:45

About the Instructor
CRC Press
4.8 Average rating
2 Reviews
30 Students
3 Courses
A premier global publisher of science & technology resources

Publishing books since 1913, CRC Press is a premier global publisher of science, technology, and medical resources. We offer unique, trusted content by expert authors, spreading knowledge and promoting discovery worldwide. We aim to broaden thinking and advance understanding in the sciences, providing researchers, academics, professionals, and students with the tools they need to share ideas and realize their potential.
CRC Press is a member of Taylor & Francis Group, an Informa business.

Meng-Chow Kang
5.0 Average rating
1 Review
17 Students
2 Courses
Head of Security Assurance, AWS APAC

Meng-Chow Kang is Head of Security Assurance in Asia Pacific Region at Amazon Web Services. He was Director and Chief Information Security Officer of Cisco Systems Asia Pacific, China and Japan from Feb 2009 to June 2017. He’s also one of the board members of ISC2. Besides serving as Convenor, or Chair of the Security Controls and Services Working Group in ISO/IEC JTC 1/SC 27, and a co-Rapporteur for ITU-T SG17 previously, he is also Adjunct Associate Professor at Nanyang Technological University of Singapore. 

Dr. Kang received his MSc degree in Information Security from the Royal Holloway and Bedford New College, University of London, and a PhD in Information Security Risk Management at the Southern Cross University, Australia. He has been a Certified Information Systems Security Professional (CISSP) since 1998.

Dr. Kang is author of the CRC Press book Responsive Security: Be Ready to Be Secure.