Online Course Information Security and Privacy Training Module START Click to begin…
Online Training Information Security Management
-
Upload
easy2comply -
Category
Documents
-
view
658 -
download
4
description
Transcript of Online Training Information Security Management
![Page 1: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/1.jpg)
Discover why 50,000 professionals have already switched to easy2comply
_Information Security Management
![Page 2: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/2.jpg)
Presentation Objective• Provide an overview of our Information Security
building blocks
• Offer insight into the look and feel of the application
• Showcase how you can easily use our software
2
![Page 3: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/3.jpg)
Who is it for?• Our Information Security software has been designed
with the needs of the Chief Information Security Officer in mind and can be used by: Information Security Steering Committee Information Security Managers Information Technology Managers
3
• No project is too big or too small It can be used by small groups (1 – 5 users) all
the way up to the whole enterprise (10,000 users)
• Implementing our software has never been easier!
![Page 4: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/4.jpg)
Information Security Management
4
Assets and Units
Threats and Controls Assessment Security Incidents
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards
![Page 5: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/5.jpg)
Assets and Units
5
Assets and Units
Threats and Controls Assessment Security Incidents
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards
You can also look at your tree horizontally across the enterprise. This feature allows you to drag and drop parts of your tree into simple
structures to ease reporting and comparative analysis.
This is where you define your organizational tree. Our software
combines a dual hierarchy: one for your assets, units and locations, and
one for your information security activities and procedures.
![Page 6: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/6.jpg)
Assets and Units
6
Structure can be built with no limitation to the
number of levels
Each item can be documented in terms of Owner, Type,
Asset Value and Attachments
![Page 7: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/7.jpg)
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards
Assets and Units
Threats and Controls Assessment
7
Threats and Controls Assessment Security Incidents
Identify your Threats within the Asset or Unit.
Document, categorize and classify the vulnerabilities.
Attach any supporting evidence to the risk record.
Mitigate your Threats by linking relevant controls to specific
Threats.Check the controls for their
level of effectiveness.Schedule the control checking
process.
Assess your Threats using one or more of the available methodologies:1) Impact vs. Likelihood Risk
Square2) Questionnaire
![Page 8: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/8.jpg)
Assessment Flow
8
Identify Assess Control
• Threats• Risk Description• Vulnerabilities
• Impact• Likelihood• Risk Score
• Control Mapping• Auditing• Remediation
![Page 9: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/9.jpg)
Threat Identification
9
Identify and assess all of the relevant Threats
![Page 10: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/10.jpg)
Threat Assessment
10
Assessment performed according the CIA-based
questionnaire or Impact vs. Likelihood.
Vulnerabilities needs to be
mapped to the relevant Threat.
![Page 11: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/11.jpg)
Control Mapping
11
…together with the associated set of Controls mapped to the
Threat.
Here you can see the Threat…
![Page 12: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/12.jpg)
Threat and Controls Assessment
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards
Assets and Units
Security Incidents
12
Security Incidents
Capture your Security Incidents and other Event
Data across your Tree
Assess the impact of the Incident and link each
impact to your Threat and Control map
Respond effectively to each Incident, draw relevant
conclusions and allocate Actions accordingly
![Page 13: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/13.jpg)
Incident Management
13
Record Damage Lesson Learned
• What• When• Where
• Multiple Impacts• Total Damage• Indirect Impacts
• Improvement Plan• Controls
![Page 14: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/14.jpg)
Incidents
14
![Page 15: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/15.jpg)
Incident Details
15
The narrative and the
investigation
Assign the failed Controls, investigate the
event and analyze the reasons why the Controls
were insufficient in preventing this from
happening
![Page 16: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/16.jpg)
Tasks, Notifications and Messages
16
Assets and Units
Threats and Controls Assessment Security Incidents
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards
Create and follow up on Actions:1. Link Actions to your Control2. Each Action has an Owner and a Due Date for follow up3. New Messaging feature
Define your own Alerts (for example):1. Missed Due Dates2. Approaching audits3. Changes to your data
Notifications are sent directly to your email inbox with a link taking you to the software
![Page 17: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/17.jpg)
Tasks Management
17
All Actions and Tasks are listed under the Organization’s Action Plan. Actions are listed
according to status, owner and due date
An individual action can contain multiple sub-tasks,
each allocated to a different owner with a
different due date
![Page 18: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/18.jpg)
Notifications and Messages
18
These notifications are delivered
directly into the user’s email
Software comes with the ability to generate
reminders, alerts and notifications regarding
Action Plan due dates and scheduled control tests.
![Page 19: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/19.jpg)
Reports and Dashboards
19
Assets and Units
Threats and Controls Assessment Security Incidents
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards
Built-in Reports are pre-defined report templates that can be generated and exported to
multiple file formats
Management Dashboards are colorful and interactive charts
generated by our powerful charting engine
Excel Reports are templates created by the User that define precisely the data
wanted to be seen
![Page 20: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/20.jpg)
Built-in Reports
20
![Page 21: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/21.jpg)
Dashboards
21
![Page 22: Online Training Information Security Management](https://reader033.fdocuments.us/reader033/viewer/2022061120/546c1cf6af795976298b4eac/html5/thumbnails/22.jpg)
Information Security Management
22
Assets and Units
Threats and Controls Assessment Security Incidents
Tasks, Noti fi cati ons and Messages
Reports and Management Dashboards