The Basics of Planning
This is the process of defining an organization's goals and determining how to achieve them.
What is planning?
This type of planning beings at the highest levels of management and flows down through the organization.
What is top-down strategic planning?
A high-level executive, such as a CIO or VP-IT, who will provide political support and influence for a specific project.
What is a champion?
This concept refers to an organization's overarching plan to achieve it's goals
What is strategy?
This type of planning begins at lower levels and moves upward, making it less effective in large, diverse organizations.
What is bottom-up strategic planning?
This structured approach helps solve problems by solving a step-by-step process.
What is a methodology?
These are the three common levels of planning.
Strategic, tactical, and operational.
This strategic management responsibility involves ensuring objectives are met, risks are properly managed, and enterprise resources are used responsibly to protect infrastructure and assets.
What is information security governance?
The individual responsible for the assessment, management, and implementation of information-protection activities in the organization.
Who is the Chief Security Officer (CSO) or Chief Information Security Officer (CISO)
A methodology for the design and implementation of an information system, the phases cover investigation, analysis, design, implementation, and maintenance.
What is the systems development life cycle?
Who are stakeholders?
This term refers to the merging of physical and cybersecurity efforts for a united security approach.
What is security convergence?
These mechanisms, policies, or procedures help counter attacks, reduce risk, and address vulnerabilities to improve an organization's security.
What are security controls and safeguards?
A formal approach to designing information security programs that follows the methodology of a traditional information systems development life cycle.
What is the security systems development life cycle (SecSDLC)
These three types of statements guide an organization's purpose, values, and long-term aspirations.
What are mission, vision, and values statements?
Name the five basic outcomes that should be achieved through InfoSec governance.
What are strategic alignment, risk management, resource management, performance measurement, and value delivery?
This type of control includes firewalls, encryption, and access controls to protect information.
What is a technical control?
These are the five phases of the SecSDLC.
Investigation, Analysis, Design, Implementation, and Maintenance.