IT and security managers have some key responsibilities when it comes to operational security controls. Managers serve as a critical check-and-balance in many organizations and should routinely review the work of both their own teams and others. In this video, learn about the critical role of management review in a security program.
- [Narrator] Information technology…and security managers have some key responsibilities…when it comes to operational security controls.…Managers serve as a critical check and balance…in many organizations and should routinely review…the work of both their own teams and others.…Management reviews play two important roles…in the security process.…First, they provide an important double check…on the work performed by employees…and verify that the work was performed…accurately and completely.…
Second, they reduce fraud and malfeasance…by creating a culture of oversight.…If employees, particularly privileged users,…know that someone is checking their work,…they will be far less likely to engage…in unscrupulous activity.…Privileged user actions are one of the most…important tasks requiring management review.…System engineers, application administrators,…and other trusted employees often have the ability…to override normal security controls…and perform actions that would otherwise…violate security policies.…
This is a normal fact of life…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management