Managing Information Security Incidents (ISO/IEC 27002)

Whether you use technology for business or personal reasons, this course will provide you with the knowledge you need to establish a formal approach to managing information security incidents when they occur.
Course info
Rating
(11)
Level
Beginner
Updated
Sep 19, 2016
Duration
1h 57m
Table of contents
Course Overview
Preparing for Success
Building the Information Security Organization
Establishing Security Policies and a Code of Conduct
Enabling Information Security with People, Process, and Technology
Using the Security Incident Cycle to Improve Security Response
Logging and Managing Security Events and Incidents
Complying with Regulatory, Legislative, and Organization Mandates
Improving Security with a Formal Audit Program
Description
Course info
Rating
(11)
Level
Beginner
Updated
Sep 19, 2016
Duration
1h 57m
Description

In business, information security is everyone's responsibility. Everyone in an organization plays a part in establishing good security practices. However, in your personal life, securing your personal information is completely up to you. Nobody else is going to do it for you. Therefore, whether you are concerned about protecting your personal information or your business information, a solid awareness of information security incident concepts is an essential place to start. In this course, Managing Information Security Incidents (ISO/IEC 27002), you'll learn about getting prepared for the inevitability of having to manage information security incidents. First, you'll learn about building the information security organization, and establishing security policies and a code of conduct concepts. Next, you'll learn about enabling information security with people, processes, and technology. Finally, you'll learn about improving security using a formal audit program. After watching this course, you'll have a solid foundation of the concepts and knowledge needed to properly manage information security incidents.

About the author
About the author

Paul is a highly decorated IT Professional with over 14 years of experience in the areas of IT Training, IT Service Management, IT Infrastructure Management, and IT Security.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Paul Gadbois. Welcome to my information security incidents course based on the ISO/IEC 27002 standard. I'm a principal consultant at Tech Systems and have been involved in information security for over 15 years. Information security is an exciting area of technology that is in desperate need of skilled individuals. So whether you're a beginner or a skilled IT professional, this course will prepare you to identify vulnerabilities, mitigate risk, and manage a wide range of information security incidents. Some of the major topics that we'll cover in this course include, enabling information security with skilled people, formal security processes, and leading edge technology. Establishing a proven security incident management cycle to improve security response. Building an effective information security organization that's backed by organizational policy. And how to leverage information security to comply with a number of regulatory and legislative mandates. But by the time you complete this course, you will be well prepared to participate as an active member of any information security team. Before beginning the course, you should be familiar with the basic concepts that are outlined in the Managing Information Security Threats and Risks ISO/IEC27002 course found here on Pluralsight. com. This information security incident course builds on these foundational concepts. I hope you'll allow me to guide you and teach you as you take this journey to learn about information security incidents right here at Pluralsight. com.

Building the Information Security Organization
Welcome back. I'm Paul Gadbois, and you're watching the module that's titled Building the Information Security Organization. In this module I'm going to teach you some of the things to consider when planning to build an information security organization. Specifically I'm going to share with you some of the roles that should be established to ensure the appropriate level of focus and formality are applied to your information security practice. As wise man once said that information security doesn't just happen. And that wise man was right. Like most things that are worthwhile pursuing, information security must be carefully planned, organized, executed, and continuously reviewed for the potential improvement opportunities that will make your security operation effective. To obtain the best results, a formal information security practice must be well managed and supported by a formal information security organization. A well-developed security organization will have documented policies, processes, procedures, roles, and controls at the heart of their operation.