Developing Information Security Strategy(Using CISM Framework)

1
DEVELOPING
INFORMATION SECURITY STRATEGY (USING CISM
FRAMEWORK)
INFOSECTRAIN

• Identify Business Goals
• Align Security Objectives

Understand Business Objectives

• Identify Assets
• Identify Threats and Vulnerabilities
• Evaluate Impact and Likelihood
• Prioritize Risks

Conduct Risk Assessment

• Set Clear Security Goals
• Establish Key Performance Indicators (KPIs)

De?ne Security Objectives
INFOSECTRAIN

• Create Policies
• Develop Procedures
• Compliance and Legal Requirements

Develop Security Policies and Procedures

• Select Security Controls
• Implement Controls
• Integrate with Existing Processes

Identify and Implement Security Controls
2
INFOSECTRAIN

• Determine Budget
• Requirements
• Assign Roles and Responsibilities

Allocate Resources

Develop a Security Awareness Program

• Training and Education
• Continuous Awareness

INFOSECTRAIN

• Develop Incident Response Procedures
• De?ne Roles and Responsibilities
• Test and Re?ne Plan

Establish Incident Response Plan
INFOSECTRAIN

• Continuous Monitoring
• Regular Audits and Reviews
• Adjust Strategy as Needed

Monitor and Review

• Report to Stakeholders
• Continuous Improvement

Communicate and Report
sales_at_infosectrain.com Contact Us -1800-843-7890