IT and security managers have some key responsibilities when it comes to operational security controls. Managers serve as a critical check-and-balance in many organizations and should routinely review the work of both their own teams and others. In this video, learn about the critical role of management review in a security program.
- [Narrator] Information technology…and security managers have some key responsibilities…when it comes to operational security controls.…Managers serve as a critical check and balance…in many organizations and should routinely review…the work of both their own teams and others.…Management reviews play two important roles…in the security process.…First, they provide an important double check…on the work performed by employees…and verify that the work was performed…accurately and completely.…
Second, they reduce fraud and malfeasance…by creating a culture of oversight.…If employees, particularly privileged users,…know that someone is checking their work,…they will be far less likely to engage…in unscrupulous activity.…Privileged user actions are one of the most…important tasks requiring management review.…System engineers, application administrators,…and other trusted employees often have the ability…to override normal security controls…and perform actions that would otherwise…violate security policies.…
This is a normal fact of life…
Looking for study partners?Join the CISSP Exam study group
Learn about security assessment and testing practices needed to prepare for the Certified Information Systems Security Professional (CISSP) exam. CISSP—the industry's gold standard certification—is necessary for many top jobs. This course helps you approach the exam with confidence by providing coverage of key topics, including threat assessment, log monitoring, and software testing. It also covers disaster recovery and security process assessment. Students who complete this course will be prepared to answer questions on the sixth CISSP exam domain: Security Assessment and Testing.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management