From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Unlock this course with a free trial

Join today to access over 25,500 courses taught by industry experts.

Information security program

Information security program

From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Start my 1-month free trial Buy for my team

Information security program

- [Kelly] Let's go ahead and take a look at the Information Security Program. So as I mentioned in the last section, you know, we talked about this is where the rubber meets the road. This is where we have this concept of strategy, but we're going to implement it and we're going to enforce it and we are going to bring it to life, so to speak. So this is how we achieve strategy, and it's going to consist of our policies, our procedures and standards, guidelines, third-party governance. This is where we look at classification of data, which we've talked about, certification and accreditation. And look, there's that magic word at the end, auditing. So when we start off with our policy, policy is going to voice management's expectations, maybe for the organization as a whole, or maybe in relation to specific issues, or maybe in relation to specific systems, right? But that's the purpose of policy. So when we look at policies, there are all sorts of policies that could be implemented. I've…

Contents