Chapter 5 - 02 - UISG and Compliance Program - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician
Network Security Controls — Administrative Controls
Exam 212-82
Module
Discuss Various Regulatory
Frameworks, Laws, and Acts
Flow
/ :
\
».
7
Learn to Design and Develop
Understand Information Security
| Governance and Compliance
Program
/ ¢
Security Policies |
"\ Learn to Conduct Different Types of
‘
Security and Awareness Training
L All Rights Reserved.
Reproduction
is
Strictly Prohibited.
Understand Information Security Governance and Compliance
Program
Information
associates,
framework
mitigation.
satisfy the
security governance is a framework created by members, partners, and other
which can be used by enterprises to instruct, control, and manage IT security. The
creates an organizational structure and provides clear visibility into risks that require
It also ensures that security programs or strategies comply with regulations and
business objectives. This section discusses the essential concepts of information
security governance and compliance program.
Module 05 Page 540
Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician
Network Security Controls — Administrative Controls
Exam 212-82
Define, Implement, Manage and Maintain an
Information Secunty Governance Program
W,
O
i
¥y
{
A business driver is a condition, process, requirement, or other concern that influences the way in which
an organization directs or manages activities
QO The security professional must understand why an organization exists and how it conducts business before
the process of developing information security governance can begin
Copyright© by
Il
Rights
Reserved.
Reproduction
s Strictly Prohibited
Define, Implement, Manage and Maintain an Information Security Governance
Program
The corporate governance
framework
consists of explicit and implicit contracts
between
the
company and the stakeholders for distribution of responsibilities, rights, rewards, and
procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with
their duties, privileges, roles, and procedures for proper supervision (as well as control and
information flows) to serve as a system of checks and balances. Reconciling the conflicting
interests of stakeholders requires an understanding of the drivers that influence these interests.
A business driver is a condition, process, requirement, or other concern that influences the way
in which an organization directs or manages its activities. A close relationship exists between the
drivers affecting an organization and the governance processes established to manage activities.
At the highest levels of an organization, corporate governance defines how the organization will
achieve its mission, vision, and objective. The security professional must understand why an
organization exists and how it conducts business before the process of developing information
security governance can begin.
Governance provides structure to support the delivery of results that satisfy the interests and
objectives of stakeholders, whether those stakeholders are shareholders, investors, employees,
suppliers, customers,
or the community.
The form of business organization,
its hierarchical
structure, the industry in which it operates, and its maturity all work together to influence the
product of corporate governance in an organization.
Module 05 Page 541
Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician
Network Security Controls — Administrative Controls
Exam 212-82
Form of Business Organization
O
The form of business organization, its hierarchical structure, the industry in which it operates, and its
Q
Proprietorships, partnerships, and corporations are the three most common approaches to organizing
a business
O
Each approach has a unique influence on the scope and complexity of governance within an organization
maturity all work together to influence the product of corporate governance in an organization
Proprietorship
Partnership
Copyright © by EC
ik
Proprietorship
Partnership
QO A proprietorship, the simplest
form of ownership, exists when a
single individual owns the
organization
iL All Rights Reserved.
Reproductionis Strictly Prohibited
Corporation
QO Corporations exist as legal entities
that are separate from their
owners
mission, vision, and purpose of
the organization on the basis of
O A partnership (similar to a
proprietorship) is two or more
individuals who share the benefits and
the responsibility for liabilities related
to the operations of the organization
P
g
QO Partnership allow owners to pool their
knowledge and experience
::,si'oor:t:\;r Gt
O
QO Shareholder value is the primary
force driving governance for
corporations
Q The proprietor defines the
O The power to make decisions rests
solely with this person
However, governance becomes more
complex as the partnership works to
address the perspectives and desires of
more people
O
Governance is direct because
owners must establish the rules
for running the corporation within
the articles of incorporation
Copyright © by EC-Council. All Rights Reserved. Reproduction
s Strictly Prohibited
Form of Business Organization
The
structure
of the
organization
within
which
the
information
security
exists creates
key
considerations when determining how to position the organization. The form of business
organization, its hierarchical structure, the industry in which it operates, and its maturity all work
together to influence the product of corporate governance in an organization.
Module 05 Page 542
Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician
Network Security Controls — Administrative Controls
Exam 212-82
Proprietorships, partnerships, and corporations are the three most common approaches to
organizing a business. Each approach has a unique influence on the scope and complexity of
governance within an organization.
As an organization increases in size and complexity, the number of stakeholders and their
competing interests grow as well. These factors work in combination to define the form of
corporate governance that works best to support a particular organization.
Proprietorship
A proprietorship, the simplest form of ownership, exists when a single individual owns
the organization, receives all the benefits of its operation, and assumes responsibility for
all its liabilities. The proprietor defines the mission, vision, and purpose of the
organization on the basis of his or her experience and priorities. The power to make
decisions rests solely with this person.
Partnership
A partnership (similar to a proprietorship) is two or more individuals who share the
benefits and the responsibility for liabilities related to the operations of the organization.
Partnerships allow owners to pool their knowledge and experience. However, governance
becomes more complex as the partnership works to address the perspectives and desires
of more people.
Corporation
A corporation is the most complex form of business. Corporations exist as legal entities
that are separate from their owners. Governance is direct because owners must establish
the rules for running the corporation within the articles of incorporation. Shareholder
value is the primary force driving governance for corporations. That value can exist as a
financial return or as a product or service delivered in the interests of the community—
the greater good.
Module 05 Page 543
Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.