Security Program Management (2020)
From CyberEdWiki
The intent of the Security Program Management Knowledge Unit is to provide students with the knowledge necessary to define and implement a security program for the protection of an organizations systems and data.
Contents
Outcomes[edit]
After completing the KU, students will be able to:
- Design and manage a security program, identifying goals, objectives and metrics.
- Assess the effectiveness of a security program.
- Apply the appropriate security policies, ensuring compliance with applicable laws and regulations.
- Evaluate, describe, test, and authorize a security program.
Topics[edit]
- Goals and objectives of a security program.
- Measuring the effectiveness of a security program (metrics).
- Roles and Responsibilities of the Security Organization
- Security Policies.
- Compliance with Applicable Laws and Regulations
- Security best practices and frameworks.
- Security Baselining
- Program Monitoring and Control
- Security Awareness, Training and Education
- Security program addresses:
- Physical Security
- Personnel Security
- System and Data Identification
- System security plans.
- Configuration and Patch management
- System Documentation
- Incident Response Program
- Disaster Recovery Program.
- BYOD issues
- Certification and Accreditation
Skills[edit]
- Identify goals and metrics for a security program.
- Select training courses based on identified needs.
NICE Framework Categories[edit]
CSEC 2017 Categories[edit]
Specialization Areas[edit]
See also[edit]
Related Knowledge Units
Original Knowledge Unit
Further reading[edit]
Suggested textbooks[edit]
Suggested academic readings[edit]
Sample knowledge test[edit]
Sample skills test[edit]
Sample abilities test[edit]
Additional notes or materials[edit]
Contacts[edit]
Reference ID[edit]
SPM