Chapter 5 - 02 - UISG and Compliance Program PDF

Summary

This document discusses information security governance and compliance programs. It describes frameworks, organizational structure, and risk mitigation, focusing on how different business structures impact governance. The document also touches on stakeholder interests and how they relate to the governance model.

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Module Discuss Various Regulatory Frameworks, Laws, and Acts Flow / : \ ». 7 Learn to Design and Develop Understand Information Security | Governance and Compliance Program / ¢ Security Policies | "\ L...

Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Module Discuss Various Regulatory Frameworks, Laws, and Acts Flow / : \ ». 7 Learn to Design and Develop Understand Information Security | Governance and Compliance Program / ¢ Security Policies | "\ Learn to Conduct Different Types of ‘ Security and Awareness Training L All Rights Reserved. Reproduction is Strictly Prohibited. Understand Information Security Governance and Compliance Program Information associates, framework mitigation. satisfy the security governance is a framework created by members, partners, and other which can be used by enterprises to instruct, control, and manage IT security. The creates an organizational structure and provides clear visibility into risks that require It also ensures that security programs or strategies comply with regulations and business objectives. This section discusses the essential concepts of information security governance and compliance program. Module 05 Page 540 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Define, Implement, Manage and Maintain an Information Secunty Governance Program W, O i ¥y { A business driver is a condition, process, requirement, or other concern that influences the way in which an organization directs or manages activities QO The security professional must understand why an organization exists and how it conducts business before the process of developing information security governance can begin Copyright© by Il Rights Reserved. Reproduction s Strictly Prohibited Define, Implement, Manage and Maintain an Information Security Governance Program The corporate governance framework consists of explicit and implicit contracts between the company and the stakeholders for distribution of responsibilities, rights, rewards, and procedures for reconciling the sometimes conflicting interests of stakeholders in accordance with their duties, privileges, roles, and procedures for proper supervision (as well as control and information flows) to serve as a system of checks and balances. Reconciling the conflicting interests of stakeholders requires an understanding of the drivers that influence these interests. A business driver is a condition, process, requirement, or other concern that influences the way in which an organization directs or manages its activities. A close relationship exists between the drivers affecting an organization and the governance processes established to manage activities. At the highest levels of an organization, corporate governance defines how the organization will achieve its mission, vision, and objective. The security professional must understand why an organization exists and how it conducts business before the process of developing information security governance can begin. Governance provides structure to support the delivery of results that satisfy the interests and objectives of stakeholders, whether those stakeholders are shareholders, investors, employees, suppliers, customers, or the community. The form of business organization, its hierarchical structure, the industry in which it operates, and its maturity all work together to influence the product of corporate governance in an organization. Module 05 Page 541 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Form of Business Organization O The form of business organization, its hierarchical structure, the industry in which it operates, and its Q Proprietorships, partnerships, and corporations are the three most common approaches to organizing a business O Each approach has a unique influence on the scope and complexity of governance within an organization maturity all work together to influence the product of corporate governance in an organization Proprietorship Partnership Copyright © by EC ik Proprietorship Partnership QO A proprietorship, the simplest form of ownership, exists when a single individual owns the organization iL All Rights Reserved. Reproductionis Strictly Prohibited Corporation QO Corporations exist as legal entities that are separate from their owners mission, vision, and purpose of the organization on the basis of O A partnership (similar to a proprietorship) is two or more individuals who share the benefits and the responsibility for liabilities related to the operations of the organization P g QO Partnership allow owners to pool their knowledge and experience ::,si'oor:t:\;r Gt O QO Shareholder value is the primary force driving governance for corporations Q The proprietor defines the O The power to make decisions rests solely with this person However, governance becomes more complex as the partnership works to address the perspectives and desires of more people O Governance is direct because owners must establish the rules for running the corporation within the articles of incorporation Copyright © by EC-Council. All Rights Reserved. Reproduction s Strictly Prohibited Form of Business Organization The structure of the organization within which the information security exists creates key considerations when determining how to position the organization. The form of business organization, its hierarchical structure, the industry in which it operates, and its maturity all work together to influence the product of corporate governance in an organization. Module 05 Page 542 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Proprietorships, partnerships, and corporations are the three most common approaches to organizing a business. Each approach has a unique influence on the scope and complexity of governance within an organization. As an organization increases in size and complexity, the number of stakeholders and their competing interests grow as well. These factors work in combination to define the form of corporate governance that works best to support a particular organization. Proprietorship A proprietorship, the simplest form of ownership, exists when a single individual owns the organization, receives all the benefits of its operation, and assumes responsibility for all its liabilities. The proprietor defines the mission, vision, and purpose of the organization on the basis of his or her experience and priorities. The power to make decisions rests solely with this person. Partnership A partnership (similar to a proprietorship) is two or more individuals who share the benefits and the responsibility for liabilities related to the operations of the organization. Partnerships allow owners to pool their knowledge and experience. However, governance becomes more complex as the partnership works to address the perspectives and desires of more people. Corporation A corporation is the most complex form of business. Corporations exist as legal entities that are separate from their owners. Governance is direct because owners must establish the rules for running the corporation within the articles of incorporation. Shareholder value is the primary force driving governance for corporations. That value can exist as a financial return or as a product or service delivered in the interests of the community— the greater good. Module 05 Page 543 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser