D832 - Managing Information Security

---

About

Managing Information Security expands on Fundamentals of Information Security by providing an in-depth analysis of the relationship between an information security program and broader business goals and objectives. Learners develop knowledge and experience in the development and management of an information security program essential to ongoing education, career progression, and value delivery to enterprises. Learners apply best practices to develop an information security governance framework, analyze mitigation in the context of compliance requirements, align security programs with security strategies and best practices, and recommend procedures for managing security strategies that minimize risk to an organization.

Objective

Objective

• Recommends Modifications to Established Information Security Governance
  • The learner recommends modifications to established information security governance to increase information assurance levels within an organization
• Recommends Strategies for Meeting Regulatory Compliance
  • The learner recommends strategies for meeting regulatory compliance within an organization
• Recommends Risk Mitigation Strategies
  • The learner recommends risk mitigation strategies relevant to an organization’s information security program
• Develops Security Incident Response Plans
  • The learner develops security incident response plans that align to an organization’s security goals and objectives and maintain business continuity
• Recommends Changes in Response to Cyber-Related Incident
  • The learner recommends changes to established security management programs in response to a cyber-related incident on an organization

Course Outline

• Cybersecurity Program and Project Management
• Cybersecurity and the Board of Directors
• Risk Management
  • Federal Financial Institutions Examination Council (FFIEC)
• The NIST Risk Management Framework
• Cybersecurity Metrics
• Risk Assessments
• The FFIEC: An Introduction
• Auditing Cybersecurity
• Managing Regulatory Visits and Requests for Information
• Addressing and Remediating Regulatory Findings
• Incident Response and Recovery
• Navigating the Cyber Insurance Maze
• Framework Elements
• Events
• Controls
• Assessments
• Issues
• Metrics
• People
• Analysis
• You Know Why…
• Choosing a Transformational Approach
• Marketing and Communications 101 for Security Awareness
• Behavior Management 101 for Security Awareness
• Culture Management 101 for Security Awareness
• Security Awareness Toolbox

Final Assessment

• D832 Task 1 - Recommend Strategies for Information Security Compliance, Risk, and Governance
• D832 Task 2 - Develop Security Incident Response Plans
• D832 Task 3 - Recommend Changes in Response to a Cyber-Related Incident

Resources

• Bayuk, J. L. (2024). Stepping through cybersecurity risk management: A systems thinking approach. Wiley.
• Carpenter, P. (2019). Transformational security awareness: What neuroscientists, storytellers, and marketers can teach us about driving secure behaviors. John Wiley & Sons.
• Edwards, J., & Weaver, G. (2024). The cybersecurity guide to governance, risk, and compliance. Wiley.