Aligning IT, Security and Risk Management Programs

Information Security Policies (ISO 27002:2013 Section 5) and Organization of Information Security (ISO 27002:2013 Section 6) are closely related, so we address both domains in this chapter. The Information Security Policies domain focuses on information security policy requirements and the need to align policy with organizational objectives. The Organization of Information Security domain focuses on the governance structure necessary to implement and manage information security policy operations, across and outside of the organization. Included in this chapter is a discussion of risk management because it is a fundamental aspect of governance, decision making, and policy. Risk management is important enough that it warrants two sets of standards: ISO/IEC 27005 and ISO/IEC 31000.

Spotlight

Ntrepid

Ntrepid provides a number of technology solutions that solve operational challenges in the areas of Internet operations, information management, analytics, linguistics, and tracking. People, Focus, and Passion describe what enables Ntrepid to make products of magnitude. With the right people, obsessive focus, and a passion for the work to be delivered, it is possible to do what others cannot. People Intuitive products that address complex issues and provide dramatic improvements in performance and user experience are difficult to create. Such products cannot be made overnight. Crafting elegant software that delivers against a complex set of requirements starts with individuals who can determine what is necessary to satisfy the needs of the solution. They must ask, "What are all the available options to complete the tasks? What is efficient, elegant, lightweight, and enduring?" They commit to delivering a sustainable, stable, and useful product — even if it means starting over from scra

OTHER VIDEOS

Wallarm Demo: Shadow API Detection

video | May 25, 2023

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability:...

Watch Now

Introduction to Netskope Cloud Firewall

video | May 15, 2023

Hybrid work changes the way people use applications. In this video, learn about how Netskope Cloud Firewall delivers the protection you need everywhere your business operates....

Watch Now

Cisco Secure Drives Security Resilience

video | April 11, 2023

Cisco Security Cloud is the one solution to help you be resilient across your network, users, clouds and apps. You'll be able to see across the multicloud environments, anticipate what’s next, take the right action, close security gaps, and more....

Watch Now

NGINX App Protect WAF Enables Security as Code

video | March 18, 2023

In our webinar “Easily View, Manage, and Scale Your App Security with F5 NGINX”, Solutions Architect Fabrizio Fiorucci discusses why shifting left is critical when centrally managing your web application firewall (WAF) fleet....

Watch Now

Spotlight

Ntrepid

Ntrepid provides a number of technology solutions that solve operational challenges in the areas of Internet operations, information management, analytics, linguistics, and tracking. People, Focus, and Passion describe what enables Ntrepid to make products of magnitude. With the right people, obsessive focus, and a passion for the work to be delivered, it is possible to do what others cannot. People Intuitive products that address complex issues and provide dramatic improvements in performance and user experience are difficult to create. Such products cannot be made overnight. Crafting elegant software that delivers against a complex set of requirements starts with individuals who can determine what is necessary to satisfy the needs of the solution. They must ask, "What are all the available options to complete the tasks? What is efficient, elegant, lightweight, and enduring?" They commit to delivering a sustainable, stable, and useful product — even if it means starting over from scra

Events