adam's notes

Policy and Governance

The Role of Governance

  • Provide critical risk information to leadership teams
  • leadership teams are responsible for crafting effective responses by changing policies and processes to reflect their objectives
    • governance, risk, and compliance (GRC) teams are established to achieve this goal
  • GRC teams
    • are responsible for creating and maintaining organizational policies used to direct the work of technical teams
    • define the organization’s expectations of its employees and its approach to cybersecurity

The Importance of Policy

  • policy and procedure documents become roadmaps
    • provide guidance and clear direction
    • important for security operations centers (SOC)
      • The location where security professionals monitor and protect critical information assets in an organization
    • define response actions
    • remove judgement when making decisions under pressure
    • ensure consistent and reliable performance

Cybersecurity service-level objectives (SLOs) are the standards that organizations and their leadership must meet to ensure the security of their network.

  • help measure and assess how well security operations protect the organization’s assets
  • common security-related SLOs:
    • mean time to detect (MTTD)
    • mean time to recover (MTTR)
    • mean time to remediate (MTTR)
    • mean time to respond (MTTR)
    • time to patch

Graph View

Backlinks