Final Exam: InfoSec Leadership

WHAT YOU WILL LEARN

• 

  Outline common responsibilities of an infosec leader, such as security operations, fraud prevention, program management, and investigations
  

  provide an overview of the potential education requirements of an infosec leader
  

  describe how common backgrounds working in security or business management can help you become an infosec leader
  

  outline common leadership qualities of an infosec leader, including functional leadership, responsiveness, service delivery, and governance
  

  describe how good interpersonal skills help define a good security leader
  

  discuss the importance of honesty and integrity in the realm of information security
  

  recognize the importance of gathering information and making ethical decisions
  

  define the context of it risk
  

  differentiate between risks, threats, and vulnerabilities
  

  outline common criminal threats to it systems, such as hackers, staff, breaches, theft, and fraud
  

  discuss risks enabled by natural disasters such as fires, tornados, and flooding
  

  differentiate between quantitative and qualitative risk analysis
  

  provide an overview of vulnerability assessment tools and describe how they can be used to scan for known security flaws or bugs
  

  describe how penetration testing can be used to evaluate it security and identify vulnerabilities
  

  define crises and discuss crisis management practices
  

  discuss key components of an organizational crisis readiness program, including planning, training, technology, tools, and continuous improvement
  

  provide an overview of security incidents
  

  outline the roles and responsibilities of a crisis management team
  

  provide an overview of the incident response planning and how it can help organizations better respond to critical incidents
  

  outline aspects of the first step of the incident response
• 

  describe how to best determine a solution to eradicate incidents
  

  define what an information security plans are and describe how it can offer economic benefits and can provide a competitive advantage
  

  discuss the importance of performing an evaluation of security risks, threats, and vulnerabilities
  

  identify potential security features and protective measures to optimize security
  

  discuss how to plan for resiliency through detection, response, and recovery
  

  outline how data classification planning can help restrict and categorize data by type, sensitivity, and business value
  

  describe how to establish an information security compliance plan
  

  recognize the importance of disaster recovery and incident management planning
  

  discuss some of the major considerations and misconceptions when considering outsourcing information security
  

  define security vendors and list common related services they offer
  

  discuss the typical lifecycle of a vendor relationship
  

  provide an overview of vendor risk management and discuss how it can be used to deal with the monitoring and management of risks resulting from third-party vendors and their related products and services
  

  recognize best practices to follow for vendor risk management
  

  list common information security vendors to consider
  

  discuss potential information security threats and how complexity is making it challenging to predict and plan for
  

  list potential security technology predictions to plan for in the future
  

  discuss how ransomware attacks will likely continue to increase
  

  outline how to prepare for future cybercrime attacks
  

  provide an overview of the threats posed by the ever-growing crime-as-a-service (caas) community
  

  recognize the potential for future work shortages and voids created by skills gaps