Difference between revisions of "Security Program Management (2020)"

From CyberEdWiki
Jump to: navigation, search
m (Text replacement - "To complete this KU, students should be able to:" to "After completing the KU, students will be able to:")
 
Line 2: Line 2:
  
 
== Outcomes ==
 
== Outcomes ==
To complete this KU, students should be able to:
+
After completing the KU, students will be able to:
 
# Design and manage a security program, identifying goals, objectives and metrics.
 
# Design and manage a security program, identifying goals, objectives and metrics.
 
# Assess the effectiveness of a security program.
 
# Assess the effectiveness of a security program.

Latest revision as of 22:07, 21 November 2019

The intent of the Security Program Management Knowledge Unit is to provide students with the knowledge necessary to define and implement a security program for the protection of an organizations systems and data.

Outcomes[edit]

After completing the KU, students will be able to:

  1. Design and manage a security program, identifying goals, objectives and metrics.
  2. Assess the effectiveness of a security program.
  3. Apply the appropriate security policies, ensuring compliance with applicable laws and regulations.
  4. Evaluate, describe, test, and authorize a security program.

Topics[edit]

  1. Goals and objectives of a security program.
  2. Measuring the effectiveness of a security program (metrics).
  3. Roles and Responsibilities of the Security Organization
  4. Security Policies.
    1. Compliance with Applicable Laws and Regulations
    2. Security best practices and frameworks.
  5. Security Baselining
  6. Program Monitoring and Control
  7. Security Awareness, Training and Education
  8. Security program addresses:
    1. Physical Security
    2. Personnel Security
    3. System and Data Identification
    4. System security plans.
    5. Configuration and Patch management
    6. System Documentation
    7. Incident Response Program
    8. Disaster Recovery Program.
    9. BYOD issues
  9. Certification and Accreditation

Skills[edit]

  1. Identify goals and metrics for a security program.
  2. Select training courses based on identified needs.

NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units


Original Knowledge Unit

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

SPM