Information Security for Decision-makers Competency (Intermediate Level)

Topics covered

• define business acumen and describe how its is a common trait found in good leaders
• differentiate between types of security controls
• identify potential security features and protective measures to optimize security
• identify risks enabled by natural disasters, such as fires, tornados, and flooding
• identify the importance of data classification
• list common threats to IT systems and data, including hardware, software, malware, phishing, and human error
• list potential security technology predictions to plan for in the future
• name the key steps to consider when choosing a security vendor
• outline common criminal threats to IT systems, such as hackers, staff, breaches, theft, and fraud
• outline common responsibilities of a network security engineer, including ensuring hardware and software security and updating and patching resources
• outline measures that can be put in place to minimize disruptions
• outline the importance of performing an evaluation of security risks, threats, and vulnerabilities
• provide an overview of incident response planning and how it can help organizations better respond to critical incidents
• provide an overview of the stages of information security risk management (ISRM)
• recognize common responsibilities of a penetration tester and describe their roles in information security
• recognize how defense in depth is used to provide a layered approach to security
• recognize the importance of gathering information and making ethical decisions
• recognize the importance of having a structured process in place to identify, assess, and mitigate risk
• recognize what security vendors are and list the common related services they offer
• state how to identify risks to IT systems or information