SlideShare a Scribd company logo

Cisa domain 2 part 3 governance and management of it

Download as PPTX, PDF
S
ShivamSharma909

The process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and what countermeasures to take in reducing risk to an acceptable level.

Education
1 of 13
www.infosectrain.com PART 3 – CISA Domain 2 – Governance and Management of IT
InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.
4 PA RT 3 – C I S A D o m a i n 2 – G o v e r n a n c e a n d M a n a g e m en t o f I T  W h a t i s R i s k M a n a g e m e n t ?  W h a t a r e t h e s t e p s i n v o l v e d i n R i s k M a n a g e m e n t p r o c e s s ?  W h a t i s H u m a n R e s o u r c e M a n a g e m e n t ?  W h a t a r e t h e S o u r c i n g P r a c t i c e s ? 7 . R i s k M a n a g e m en t :  T h e p r o c e s s o f i d e n t i f y i n g v u l n e r a b i l i t i e s a n d t h r e a t s t o t h e i n f o r m a t i o n r e s o u r c e s u s e d b y a n o r g a n i z a t i o n i n a c h i e v i n g b u s i n e s s o b j e c t i v e s a n d w h a t c o u n t e r m e a s u r e s t o t a k e i n r e d u c i n g r i s k t o a n a c c e p t a b l e l e v e l .  e n c o m p a s s e s i d e n t i f y i n g , a n a l y z i n g , e v a l u a t i n g , t r e a t i n g , m o n i t o r i n g a n d c o m m u n i c a t i n g t h e i m p a c t o f r i s k o n I T p r o c e s s e s  T h e B o a r d m a y c h o o s e t o t r e a t t h e r i s k i n a n y o f t h e f o l l o w i n g w a y s 1.Avoid—Eliminate the risk by eliminating the cause 2.Mitigate—Lessen the probability or impact of the risk by defining, implementing and monitoring appropriate controls 3.Share/Transfer (deflect, or allocate)—Share risk with partners or transfer via insurance coverage, contractual agreement or other means 4.Accept—Formally acknowledge the existence of the risk and monitor it. C C I S O C e r t i f i c a t i o n
5 P o i n t s t o r e m e m b e r : T h e b e s t t o a s s e s s I T r i s k s i s a c h i e v e d b y – e v a l u a t i n g t h r e a t s a s s o c i a t e d w i t h e x i s t i n g I T a s s e t s a n d I T p r o j e c t s .  T h e s t e p s o f R i s k M a n a g e m e n t p r o c e s s i n v o l v e : Step – 1: Asset identification – Examples: Information, Data, Software, Hardware, documents, personnel. Step – 2: Evaluation of threats and vulnerabilities: 1 . T h r e a t – A t h r e a t i s a p e r s o n o r e v e n t t h a t h a s t h e p o t e n t i a l f o r i m p a c t i n g a v a l u a b l e r e s o u r c e i n a n e g a t i v e m a n n e r. C o m m o n c l a u s e s o f t h r e a t s a r e :  E r r o r s  M a l i c i o u s d a m a g e / a t t a c k  F r a u d  T h e f t  E q u i p m e n t / s o f t w a r e f a i l u r e
6 1 . V u l n e r a b i l i t y – V u l n e r a b i l i t y r e f e r t o w e a k n e s s e s i n a s y s t e m . T h e y m a k e t h r e a t o u t c o m e s p o s s i b l e a n d p o t e n t i a l l y e v e n m o r e d a n g e r o u s . E x a m p l e s a r e :  L a c k o f u s e r k n o w l e d g e  L a c k o f s e c u r i t y f u n c t i o n a l i t y  I n a d e q u a t e u s e r a w a r e n e s s / e d u c a t i o n ( e . g . , p o o r c h o i c e o f p a s s w o r d s )  U n t e s t e d t e c h n o l o g y  T r a n s m i s s i o n o f u n p r o t e c t e d c o m m u n i c a t i o n s  S t e p 3 – E v a l u a t i o n o f t h e i m p a c t – T h e r e s u l t o f a t h r e a t a g e n t e x p l o i t i n g a v u l n e r a b i l i t y i s c a l l e d a n i m p a c t • In commercial organizations, threats usually result in 1 . a d i r e c t f i n a n c i a l l o s s i n t h e s h o r t t e r m o r 2 . a n u l t i m a t e ( i n d i r e c t ) f i n a n c i a l l o s s i n t h e l o n g t e r m
7 E x a m p l e s o f s u c h l o s s e s i n c l u d e : • Direct loss of money (cash or credit) • Breach of legislation (e.g., unauthorized disclosure) • Loss of reputation/goodwill • Endangering of staff or customers • Breach of confidence • Loss of business opportunity • Reduction in operational efficiency/performance • Interruption of business activity  S t e p 4 – C a l c u l a t i o n o f R i s k – A c o m m o n m e t h o d o f c o m b i n i n g t h e e l e m e n t s i s t o c a l c u l a t e f o r e a c h t h r e a t : p r o b a b i l i t y o f o c c u r r e n c e × m a g n i t u d e o f i m p a c t . T h i s w i l l g i v e a m e a s u r e o f o v e r a l l r i s k . S t e p 5 – E v a l u a t i o n o f a n d r e s p o n s e t o R i s k A f t e r r i s k h a s b e e n i d e n t i f i e d , e x i s t i n g c o n t r o l s c a n b e e v a l u a t e d o r n e w c o n t r o l s d e s i g n e d t o r e d u c e t h e v u l n e r a b i l i t i e s t o a n a c c e p t a b l e l e v e l . • T h e s e c o n t r o l s a r e r e f e r r e d t o a s c o u n t e r m e a s u r e s o r s a f e g u a r d s a n d i n c l u d e a c t i o n s , d e v i c e s , p r o c e d u r e s o r t e c h n i q u e s • R e s i d u a l r i s k , t h e r e m a i n i n g l e v e l o f r i s k a f t e r c o n t r o l s h a v e b e e n a p p l i e d , c a n b e u s e d b y m a n a g e m e n t t o f u r t h e r r e d u c e r i s k b y i d e n t i f y i n g t h o s e a r e a s i n w h i c h m o r e c o n t r o l i s r e q u i r e d .
8 8 . H u m a n R e s o u r c e M a n a g e m e n t :  O n H i r i n g p r o c e s s , t h e f i r s t s t e p b e f o r e h i r i n g a c a n d i d a t e i s b a c k g r o u n d c h e c k s ( e . g . , c r i m i n a l , f i n a n c i a l , p r o f e s s i o n a l , r e f e r e n c e s , q u a l i f i c a t i o n s )  A r e q u i r e d v a c a t i o n ( h o l i d a y ) e n s u r e s t h a t o n c e a y e a r, a t a m i n i m u m , s o m e o n e o t h e r t h a n t h e r e g u l a r e m p l o y e e w i l l p e r f o r m a j o b f u n c t i o n . T h i s r e d u c e s t h e o p p o r t u n i t y t o c o m m i t i m p r o p e r o r i l l e g a l a c t s . D u r i n g t h i s t i m e , i t m a y b e p o s s i b l e t o d i s c o v e r f r a u d u l e n t a c t i v i t y a s l o n g a s t h e r e h a s b e e n n o c o l l u s i o n b e t w e e n e m p l o y e e s t o c o v e r p o s s i b l e d i s c r e p a n c i e s ( M a n d a t o r y l e a v e i s a c o n t r o l m e a s u r e )  J o b r o t a t i o n p r o v i d e s a n a d d i t i o n a l c o n t r o l ( t o r e d u c e t h e r i s k o f f r a u d u l e n t o r m a l i c i o u s a c t s ) b e c a u s e t h e s a m e i n d i v i d u a l d o e s n o t p e r f o r m t h e s a m e t a s k s a l l t h e t i m e . T h i s p r o v i d e s a n o p p o r t u n i t y f o r a n i n d i v i d u a l o t h e r t h a n t h e r e g u l a r l y a s s i g n e d p e r s o n t o p e r f o r m t h e j o b a n d n o t i c e p o s s i b l e i r r e g u l a r i t i e s .  O n Te r m i n a t i o n p o l i c i e s , p o l i c i e s b e s t r u c t u r e d t o p r o v i d e a d e q u a t e p r o t e c t i o n f o r t h e o r g a n i z a t i o n ’ s c o m p u t e r a s s e t s a n d d a t a . T h e f o l l o w i n g c o n t r o l p r o c e d u r e s s h o u l d b e a p p l i e d : • Return of all devices, access keys, ID cards and badges • Deletion/revocation of assigned logon IDs and passwords • Notification to appropriate staff and security personnel regarding the employee’s status change to “terminated” • Arrangement of the final pay routines • Performance of a termination interview
9 P o i n t s t o r e m e m b e r : •T h e C I S A c a n d i d a t e s h o u l d b e a w a r e o f t h e a b o v e p r o c e s s – f r o m h i r i n g t o t e r m i n a t i o n . I S A C A t e s t s o n t h e k n o w l e d g e a t e a c h s t e p – o n w h a t t h e e n t e r p r i s e s h o u l d / s h o u l d n o t d o . •T h e e m p l o y e e s s h o u l d b e a w a r e o f t h e e n t e r p r i s e I S p o l i c y . I f n o t , t h e l a c k o f k n o w l e d g e w o u l d l e a d t o u n i n t e n t i o n a l d i s c l o s u r e o f s e n s i t i v e i n f o r m a t i o n •W h e n a n e m p l o y e e i s t e r m i n a t e d , t h e i m m e d i a t e a c t i o n / m o s t i m p o r t a n t a c t i o n / f i r s t s t e p t h a t t h e e n t e r p r i s e s h o u l d d o i s – d i s a b l e t h e e m p l o y e e ’ s l o g i c a l a c c e s s a n d c o m m u n i c a t e o n t h e t e r m i n a t i o n o f t h e e m p l o y e e 9 . S o u r c i n g P r a c t i c e s :  D e l i v e r y o f I T f u n c t i o n s c a n i n c l u d e : • Insourced – Fully performed by the organization’s staff • Outsourced – Fully performed by the vendor’s staff • Hybrid – Performed by a mix of the organization’s and vendor’s staffs; can include joint ventures/supplemental staff
10  I T f u n c t i o n s c a n b e p e r f o r m e d a c r o s s t h e g l o b e , t a k i n g a d v a n t a g e o f t i m e z o n e s a n d a r b i t r a g i n g l a b o r r a t e s , a n d c a n i n c l u d e : • Onsite – Staff work onsite in the IT department. • Offsite – Also known as nearshore, staff work at a remote location in the same geographic • Offshore—Staff work at a remote location in a different geographic region  O b j e c t i v e o f o u t s o u r c i n g – t o a c h i e v e l a s t i n g , m e a n i n g f u l i m p r o v e m e n t i n b u s i n e s s p r o c e s s e s a n d s e r v i c e s t h r o u g h c o r p o r a t e r e s t r u c t u r i n g t o t a k e a d v a n t a g e o f a v e n d o r ’ s c o r e c o m p e t e n c i e s  T h e m a n a g e m e n t s h o u l d c o n s i d e r t h e f o l l o w i n g a r e a s f o r m o v i n g I T f u n c t i o n s o f f s i t e o r o f f s h o r e : • Legal, regulatory and tax issues • Continuity of operations • Personnel • Telecommunication issues • Cross-border and cross-cultural issues
11 P o i n t s t o r e m e m b e r : •T h e m o s t i m p o r t a n t f u n c t i o n o f I S m a n a g e m e n t i n o u t s o u r c i n g p r a c t i c e s i s – m o n i t o r i n g t h e o u t s o u r c i n g p r o v i d e r ’ s p e r f o r m a n c e •T h e e n t e r p r i s e c a n n o t o u t s o u r c e t h e a c c o u n t a b i l i t y f o r I T s e c u r i t y p o l i c y. T h e a c c o u n t a b i l i t y a l w a y s l i e s w i t h t h e s e n i o r m a n a g e m e n t / B o a r d o f d i r e c t o r s •W h e n t h e o u t s o u r c i n g s e r v i c e i s p r o v i d e d i n a n o t h e r c o u n t r y, t h e m a j o r c o n c e r n f o r t h e I S a u d i t o r i s – t h e l e g a l j u r i s d i c t i o n c a n b e q u e s t i o n e d •T h e c l a u s e i n o u t s o u r c i n g c o n t r a c t t h a t c a n h e l p i n i m p r o v i n g t h e s e r v i c e l e v e l s a n d m i n i m i z e t h e c o s t s i s – G a i n - s h a r i n g p e r f o r m a n c e b o n u s e s .
12
OUR CONTACT A B O U T O U R C O M PA N Y InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. 1800-843-7890 sales@infosectrain.co m www.infosectrain.com https://www.facebook.com/Infosectrain/ https://www.linkedin.com/company/infosec-train/ https://www.youtube.com/c/InfosecTrain

Recommended

Cisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itCisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itShivamSharma909
 
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Sri Ambati
 
Himanshu Resume S
Himanshu Resume SHimanshu Resume S
Himanshu Resume SHimanshu Chhabra
 
Franchisee Business Proposal
Franchisee Business ProposalFranchisee Business Proposal
Franchisee Business ProposalPRSInternational1
 
AUDIT TRAIL AND TRACEABLILTY OF PRODUCTS
AUDIT TRAIL AND TRACEABLILTY OF PRODUCTSAUDIT TRAIL AND TRACEABLILTY OF PRODUCTS
AUDIT TRAIL AND TRACEABLILTY OF PRODUCTSORGANIL SERVICES
 
Aziza simon
Aziza simonAziza simon
Aziza simonAziza Taya
 
Dholera
DholeraDholera
DholeraAtik Bheda
 
Its My Data Not Yours!
Its My Data Not Yours!Its My Data Not Yours!
Its My Data Not Yours!University of Hertfordshire
 

Recommended

Cisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itCisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itShivamSharma909
 
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018
Keynote - Jagdish Mitra - Democratizing AI - H2O AI World London 2018Sri Ambati
 
Himanshu Resume S
Himanshu Resume SHimanshu Resume S
Himanshu Resume SHimanshu Chhabra
 
Franchisee Business Proposal
Franchisee Business ProposalFranchisee Business Proposal
Franchisee Business ProposalPRSInternational1
 
AUDIT TRAIL AND TRACEABLILTY OF PRODUCTS
AUDIT TRAIL AND TRACEABLILTY OF PRODUCTSAUDIT TRAIL AND TRACEABLILTY OF PRODUCTS
AUDIT TRAIL AND TRACEABLILTY OF PRODUCTSORGANIL SERVICES
 
Aziza simon
Aziza simonAziza simon
Aziza simonAziza Taya
 
Dholera
DholeraDholera
DholeraAtik Bheda
 
Its My Data Not Yours!
Its My Data Not Yours!Its My Data Not Yours!
Its My Data Not Yours!University of Hertfordshire
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Google clarified structured data's effect on SEO
Google clarified structured data's effect on SEOGoogle clarified structured data's effect on SEO
Google clarified structured data's effect on SEOrebecca fantl
 
Company Profile 2014 (Before Rebranding)
Company Profile 2014 (Before Rebranding)Company Profile 2014 (Before Rebranding)
Company Profile 2014 (Before Rebranding)Tonny Tok
 
WTIA Marketing Series: What Can You Learn from a Gaming Company
WTIA Marketing Series: What Can You Learn from a Gaming CompanyWTIA Marketing Series: What Can You Learn from a Gaming Company
WTIA Marketing Series: What Can You Learn from a Gaming Companynpyron
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Accounting Class Project - Creating a Private Placement Memorandum
Accounting Class Project - Creating a Private Placement MemorandumAccounting Class Project - Creating a Private Placement Memorandum
Accounting Class Project - Creating a Private Placement MemorandumQuin T
 
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%GoLeanSixSigma.com
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Formnearnow
 
Gameful classroom description_math_land
Gameful classroom description_math_landGameful classroom description_math_land
Gameful classroom description_math_landKatefanelli
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
Audience theory
Audience theoryAudience theory
Audience theoryMatthewNothing
 
Josh Griffin - Examples of Work
Josh Griffin - Examples of WorkJosh Griffin - Examples of Work
Josh Griffin - Examples of WorkJoshua Griffin
 
Presentation For Minnor Project MCET
Presentation For Minnor Project MCETPresentation For Minnor Project MCET
Presentation For Minnor Project MCETShhuvradipChakrabort
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summaryfsikipa
 
Technology as essential market infrastructure: building trusted and world-lea...
Technology as essential market infrastructure: building trusted and world-lea...Technology as essential market infrastructure: building trusted and world-lea...
Technology as essential market infrastructure: building trusted and world-lea...Національна комісія з цінних паперів та фондового ринку
 
AIE Ireland Task
AIE Ireland TaskAIE Ireland Task
AIE Ireland TaskElio Laureano
 
Non-profit marketing workshop
Non-profit marketing workshopNon-profit marketing workshop
Non-profit marketing workshopColin Stokes
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-sStephen Kelleher
 
Top Model Makes Automatic Machines Work.pdf
Top Model Makes Automatic Machines Work.pdfTop Model Makes Automatic Machines Work.pdf
Top Model Makes Automatic Machines Work.pdfLenore Industries
 
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docxeugeniadean34240
 

More Related Content

What's hot

Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Wise Person
 
Google clarified structured data's effect on SEO
Google clarified structured data's effect on SEOGoogle clarified structured data's effect on SEO
Google clarified structured data's effect on SEOrebecca fantl
 
Company Profile 2014 (Before Rebranding)
Company Profile 2014 (Before Rebranding)Company Profile 2014 (Before Rebranding)
Company Profile 2014 (Before Rebranding)Tonny Tok
 
WTIA Marketing Series: What Can You Learn from a Gaming Company
WTIA Marketing Series: What Can You Learn from a Gaming CompanyWTIA Marketing Series: What Can You Learn from a Gaming Company
WTIA Marketing Series: What Can You Learn from a Gaming Companynpyron
 
Accounting Class Project - Creating a Private Placement Memorandum
Accounting Class Project - Creating a Private Placement MemorandumAccounting Class Project - Creating a Private Placement Memorandum
Accounting Class Project - Creating a Private Placement MemorandumQuin T
 
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%GoLeanSixSigma.com
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Formnearnow
 
Gameful classroom description_math_land
Gameful classroom description_math_landGameful classroom description_math_land
Gameful classroom description_math_landKatefanelli
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
Josh Griffin - Examples of Work
Josh Griffin - Examples of WorkJosh Griffin - Examples of Work
Josh Griffin - Examples of WorkJoshua Griffin
 
Presentation For Minnor Project MCET
Presentation For Minnor Project MCETPresentation For Minnor Project MCET
Presentation For Minnor Project MCETShhuvradipChakrabort
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summaryfsikipa
 
Non-profit marketing workshop
Non-profit marketing workshopNon-profit marketing workshop
Non-profit marketing workshopColin Stokes
 

What's hot (20)

Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Google clarified structured data's effect on SEO
Google clarified structured data's effect on SEOGoogle clarified structured data's effect on SEO
Google clarified structured data's effect on SEO
 
Company Profile 2014 (Before Rebranding)
Company Profile 2014 (Before Rebranding)Company Profile 2014 (Before Rebranding)
Company Profile 2014 (Before Rebranding)
 
WTIA Marketing Series: What Can You Learn from a Gaming Company
WTIA Marketing Series: What Can You Learn from a Gaming CompanyWTIA Marketing Series: What Can You Learn from a Gaming Company
WTIA Marketing Series: What Can You Learn from a Gaming Company
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA Training
 
Accounting Class Project - Creating a Private Placement Memorandum
Accounting Class Project - Creating a Private Placement MemorandumAccounting Class Project - Creating a Private Placement Memorandum
Accounting Class Project - Creating a Private Placement Memorandum
 
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Form
 
Gameful classroom description_math_land
Gameful classroom description_math_landGameful classroom description_math_land
Gameful classroom description_math_land
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)
 
Audience theory
Audience theoryAudience theory
Audience theory
 
Josh Griffin - Examples of Work
Josh Griffin - Examples of WorkJosh Griffin - Examples of Work
Josh Griffin - Examples of Work
 
Presentation For Minnor Project MCET
Presentation For Minnor Project MCETPresentation For Minnor Project MCET
Presentation For Minnor Project MCET
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1
 
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summary
 
Technology as essential market infrastructure: building trusted and world-lea...
Technology as essential market infrastructure: building trusted and world-lea...Technology as essential market infrastructure: building trusted and world-lea...
Technology as essential market infrastructure: building trusted and world-lea...
 
AIE Ireland Task
AIE Ireland TaskAIE Ireland Task
AIE Ireland Task
 
Non-profit marketing workshop
Non-profit marketing workshopNon-profit marketing workshop
Non-profit marketing workshop
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-s
 

Similar to Cisa domain 2 part 3 governance and management of it

Top Model Makes Automatic Machines Work.pdf
Top Model Makes Automatic Machines Work.pdfTop Model Makes Automatic Machines Work.pdf
Top Model Makes Automatic Machines Work.pdfLenore Industries
 
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docxeugeniadean34240
 
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...ÉTAMINE STUDIOS
 
1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx
1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx
1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptxJohnLagman3
 
Classroom Structuring and Management.ppt
Classroom Structuring and Management.pptClassroom Structuring and Management.ppt
Classroom Structuring and Management.pptBelceZeusAsuncion1
 
InstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docxInstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docxdirkrplav
 
ANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSE
ANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSEANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSE
ANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSEDami Ben-Omotehinse, LLM (UCL)
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesAltair
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015The Media Kitchen
 
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for ActionMichael Wirscham
 
5 Event Safety Tips - Guardian Paramedics
5 Event Safety Tips - Guardian Paramedics5 Event Safety Tips - Guardian Paramedics
5 Event Safety Tips - Guardian ParamedicsGuardian Paramedics
 
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxScanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxkenjordan97598
 
Lesson 5 Conferences with vocabulary and activities.pdf
Lesson 5 Conferences with vocabulary and activities.pdfLesson 5 Conferences with vocabulary and activities.pdf
Lesson 5 Conferences with vocabulary and activities.pdfOfeliaMendozaVillega
 
Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012Vidhyalakshmi K
 
Diapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfDiapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfNataliaFlrezSalazar
 

Similar to Cisa domain 2 part 3 governance and management of it (20)

Top Model Makes Automatic Machines Work.pdf
Top Model Makes Automatic Machines Work.pdfTop Model Makes Automatic Machines Work.pdf
Top Model Makes Automatic Machines Work.pdf
 
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
 
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
 
1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx
1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx
1-SYSTEM-ANALYSIS-AND-DESIGN-INTRODUCTION.pptx
 
Classroom Structuring and Management.ppt
Classroom Structuring and Management.pptClassroom Structuring and Management.ppt
Classroom Structuring and Management.ppt
 
InstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docxInstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docx
 
ANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSE
ANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSEANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSE
ANALYSIS OF SUB-PARTICIPATION AGREEMENTS DAMILOLA BEN-OMOTEHINSE
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015
 
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media Buying
 
Engineer Internship
Engineer InternshipEngineer Internship
Engineer Internship
 
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for Action
 
ENG4000 Documents
ENG4000 DocumentsENG4000 Documents
ENG4000 Documents
 
5 Event Safety Tips - Guardian Paramedics
5 Event Safety Tips - Guardian Paramedics5 Event Safety Tips - Guardian Paramedics
5 Event Safety Tips - Guardian Paramedics
 
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxScanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
 
Lesson 5 Conferences with vocabulary and activities.pdf
Lesson 5 Conferences with vocabulary and activities.pdfLesson 5 Conferences with vocabulary and activities.pdf
Lesson 5 Conferences with vocabulary and activities.pdf
 
Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012Blue ocean strategy - 21.1.2012
Blue ocean strategy - 21.1.2012
 
Methods of Cooking
Methods of CookingMethods of Cooking
Methods of Cooking
 
Diapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfDiapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdf
 
TRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSTRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESS
 

More from ShivamSharma909

Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
CYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfShivamSharma909
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfShivamSharma909
 
Top 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdfTop 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdfShivamSharma909
 
Top 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdfTop 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdfShivamSharma909
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseShivamSharma909
 
Why cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fitWhy cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fitShivamSharma909
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Top 20 azure interview questions
Top 20 azure interview questionsTop 20 azure interview questions
Top 20 azure interview questionsShivamSharma909
 
Top 15 aws security interview questions
Top 15 aws security interview questionsTop 15 aws security interview questions
Top 15 aws security interview questionsShivamSharma909
 
EC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystEC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystShivamSharma909
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingShivamSharma909
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Domain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingDomain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingShivamSharma909
 
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack TechniquesDomain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack TechniquesShivamSharma909
 
Domain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance TechniquesDomain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance TechniquesShivamSharma909
 
Domain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical HackingDomain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical HackingShivamSharma909
 
How is az 303 different from az-304
How is az 303 different from az-304How is az 303 different from az-304
How is az 303 different from az-304ShivamSharma909
 

More from ShivamSharma909 (20)

Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
CYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdf
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdf
 
Top 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdfTop 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdf
 
Top 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdfTop 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdf
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training Course
 
Why cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fitWhy cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fit
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Top 20 azure interview questions
Top 20 azure interview questionsTop 20 azure interview questions
Top 20 azure interview questions
 
Top 15 aws security interview questions
Top 15 aws security interview questionsTop 15 aws security interview questions
Top 15 aws security interview questions
 
EC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystEC-Council Certified SOC Analyst
EC-Council Certified SOC Analyst
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network Hacking
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application Hacking
 
Domain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingDomain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter Hacking
 
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack TechniquesDomain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
 
Domain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance TechniquesDomain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance Techniques
 
Domain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical HackingDomain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical Hacking
 
How is az 303 different from az-304
How is az 303 different from az-304How is az 303 different from az-304
How is az 303 different from az-304
 

Recently uploaded

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Cisa domain 2 part 3 governance and management of it

  • 1. www.infosectrain.com PART 3 – CISA Domain 2 – Governance and Management of IT
  • 2. InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.
  • 3.
  • 4. 4 PA RT 3 – C I S A D o m a i n 2 – G o v e r n a n c e a n d M a n a g e m en t o f I T  W h a t i s R i s k M a n a g e m e n t ?  W h a t a r e t h e s t e p s i n v o l v e d i n R i s k M a n a g e m e n t p r o c e s s ?  W h a t i s H u m a n R e s o u r c e M a n a g e m e n t ?  W h a t a r e t h e S o u r c i n g P r a c t i c e s ? 7 . R i s k M a n a g e m en t :  T h e p r o c e s s o f i d e n t i f y i n g v u l n e r a b i l i t i e s a n d t h r e a t s t o t h e i n f o r m a t i o n r e s o u r c e s u s e d b y a n o r g a n i z a t i o n i n a c h i e v i n g b u s i n e s s o b j e c t i v e s a n d w h a t c o u n t e r m e a s u r e s t o t a k e i n r e d u c i n g r i s k t o a n a c c e p t a b l e l e v e l .  e n c o m p a s s e s i d e n t i f y i n g , a n a l y z i n g , e v a l u a t i n g , t r e a t i n g , m o n i t o r i n g a n d c o m m u n i c a t i n g t h e i m p a c t o f r i s k o n I T p r o c e s s e s  T h e B o a r d m a y c h o o s e t o t r e a t t h e r i s k i n a n y o f t h e f o l l o w i n g w a y s 1.Avoid—Eliminate the risk by eliminating the cause 2.Mitigate—Lessen the probability or impact of the risk by defining, implementing and monitoring appropriate controls 3.Share/Transfer (deflect, or allocate)—Share risk with partners or transfer via insurance coverage, contractual agreement or other means 4.Accept—Formally acknowledge the existence of the risk and monitor it. C C I S O C e r t i f i c a t i o n
  • 5. 5 P o i n t s t o r e m e m b e r : T h e b e s t t o a s s e s s I T r i s k s i s a c h i e v e d b y – e v a l u a t i n g t h r e a t s a s s o c i a t e d w i t h e x i s t i n g I T a s s e t s a n d I T p r o j e c t s .  T h e s t e p s o f R i s k M a n a g e m e n t p r o c e s s i n v o l v e : Step – 1: Asset identification – Examples: Information, Data, Software, Hardware, documents, personnel. Step – 2: Evaluation of threats and vulnerabilities: 1 . T h r e a t – A t h r e a t i s a p e r s o n o r e v e n t t h a t h a s t h e p o t e n t i a l f o r i m p a c t i n g a v a l u a b l e r e s o u r c e i n a n e g a t i v e m a n n e r. C o m m o n c l a u s e s o f t h r e a t s a r e :  E r r o r s  M a l i c i o u s d a m a g e / a t t a c k  F r a u d  T h e f t  E q u i p m e n t / s o f t w a r e f a i l u r e
  • 6. 6 1 . V u l n e r a b i l i t y – V u l n e r a b i l i t y r e f e r t o w e a k n e s s e s i n a s y s t e m . T h e y m a k e t h r e a t o u t c o m e s p o s s i b l e a n d p o t e n t i a l l y e v e n m o r e d a n g e r o u s . E x a m p l e s a r e :  L a c k o f u s e r k n o w l e d g e  L a c k o f s e c u r i t y f u n c t i o n a l i t y  I n a d e q u a t e u s e r a w a r e n e s s / e d u c a t i o n ( e . g . , p o o r c h o i c e o f p a s s w o r d s )  U n t e s t e d t e c h n o l o g y  T r a n s m i s s i o n o f u n p r o t e c t e d c o m m u n i c a t i o n s  S t e p 3 – E v a l u a t i o n o f t h e i m p a c t – T h e r e s u l t o f a t h r e a t a g e n t e x p l o i t i n g a v u l n e r a b i l i t y i s c a l l e d a n i m p a c t • In commercial organizations, threats usually result in 1 . a d i r e c t f i n a n c i a l l o s s i n t h e s h o r t t e r m o r 2 . a n u l t i m a t e ( i n d i r e c t ) f i n a n c i a l l o s s i n t h e l o n g t e r m
  • 7. 7 E x a m p l e s o f s u c h l o s s e s i n c l u d e : • Direct loss of money (cash or credit) • Breach of legislation (e.g., unauthorized disclosure) • Loss of reputation/goodwill • Endangering of staff or customers • Breach of confidence • Loss of business opportunity • Reduction in operational efficiency/performance • Interruption of business activity  S t e p 4 – C a l c u l a t i o n o f R i s k – A c o m m o n m e t h o d o f c o m b i n i n g t h e e l e m e n t s i s t o c a l c u l a t e f o r e a c h t h r e a t : p r o b a b i l i t y o f o c c u r r e n c e × m a g n i t u d e o f i m p a c t . T h i s w i l l g i v e a m e a s u r e o f o v e r a l l r i s k . S t e p 5 – E v a l u a t i o n o f a n d r e s p o n s e t o R i s k A f t e r r i s k h a s b e e n i d e n t i f i e d , e x i s t i n g c o n t r o l s c a n b e e v a l u a t e d o r n e w c o n t r o l s d e s i g n e d t o r e d u c e t h e v u l n e r a b i l i t i e s t o a n a c c e p t a b l e l e v e l . • T h e s e c o n t r o l s a r e r e f e r r e d t o a s c o u n t e r m e a s u r e s o r s a f e g u a r d s a n d i n c l u d e a c t i o n s , d e v i c e s , p r o c e d u r e s o r t e c h n i q u e s • R e s i d u a l r i s k , t h e r e m a i n i n g l e v e l o f r i s k a f t e r c o n t r o l s h a v e b e e n a p p l i e d , c a n b e u s e d b y m a n a g e m e n t t o f u r t h e r r e d u c e r i s k b y i d e n t i f y i n g t h o s e a r e a s i n w h i c h m o r e c o n t r o l i s r e q u i r e d .
  • 8. 8 8 . H u m a n R e s o u r c e M a n a g e m e n t :  O n H i r i n g p r o c e s s , t h e f i r s t s t e p b e f o r e h i r i n g a c a n d i d a t e i s b a c k g r o u n d c h e c k s ( e . g . , c r i m i n a l , f i n a n c i a l , p r o f e s s i o n a l , r e f e r e n c e s , q u a l i f i c a t i o n s )  A r e q u i r e d v a c a t i o n ( h o l i d a y ) e n s u r e s t h a t o n c e a y e a r, a t a m i n i m u m , s o m e o n e o t h e r t h a n t h e r e g u l a r e m p l o y e e w i l l p e r f o r m a j o b f u n c t i o n . T h i s r e d u c e s t h e o p p o r t u n i t y t o c o m m i t i m p r o p e r o r i l l e g a l a c t s . D u r i n g t h i s t i m e , i t m a y b e p o s s i b l e t o d i s c o v e r f r a u d u l e n t a c t i v i t y a s l o n g a s t h e r e h a s b e e n n o c o l l u s i o n b e t w e e n e m p l o y e e s t o c o v e r p o s s i b l e d i s c r e p a n c i e s ( M a n d a t o r y l e a v e i s a c o n t r o l m e a s u r e )  J o b r o t a t i o n p r o v i d e s a n a d d i t i o n a l c o n t r o l ( t o r e d u c e t h e r i s k o f f r a u d u l e n t o r m a l i c i o u s a c t s ) b e c a u s e t h e s a m e i n d i v i d u a l d o e s n o t p e r f o r m t h e s a m e t a s k s a l l t h e t i m e . T h i s p r o v i d e s a n o p p o r t u n i t y f o r a n i n d i v i d u a l o t h e r t h a n t h e r e g u l a r l y a s s i g n e d p e r s o n t o p e r f o r m t h e j o b a n d n o t i c e p o s s i b l e i r r e g u l a r i t i e s .  O n Te r m i n a t i o n p o l i c i e s , p o l i c i e s b e s t r u c t u r e d t o p r o v i d e a d e q u a t e p r o t e c t i o n f o r t h e o r g a n i z a t i o n ’ s c o m p u t e r a s s e t s a n d d a t a . T h e f o l l o w i n g c o n t r o l p r o c e d u r e s s h o u l d b e a p p l i e d : • Return of all devices, access keys, ID cards and badges • Deletion/revocation of assigned logon IDs and passwords • Notification to appropriate staff and security personnel regarding the employee’s status change to “terminated” • Arrangement of the final pay routines • Performance of a termination interview
  • 9. 9 P o i n t s t o r e m e m b e r : •T h e C I S A c a n d i d a t e s h o u l d b e a w a r e o f t h e a b o v e p r o c e s s – f r o m h i r i n g t o t e r m i n a t i o n . I S A C A t e s t s o n t h e k n o w l e d g e a t e a c h s t e p – o n w h a t t h e e n t e r p r i s e s h o u l d / s h o u l d n o t d o . •T h e e m p l o y e e s s h o u l d b e a w a r e o f t h e e n t e r p r i s e I S p o l i c y . I f n o t , t h e l a c k o f k n o w l e d g e w o u l d l e a d t o u n i n t e n t i o n a l d i s c l o s u r e o f s e n s i t i v e i n f o r m a t i o n •W h e n a n e m p l o y e e i s t e r m i n a t e d , t h e i m m e d i a t e a c t i o n / m o s t i m p o r t a n t a c t i o n / f i r s t s t e p t h a t t h e e n t e r p r i s e s h o u l d d o i s – d i s a b l e t h e e m p l o y e e ’ s l o g i c a l a c c e s s a n d c o m m u n i c a t e o n t h e t e r m i n a t i o n o f t h e e m p l o y e e 9 . S o u r c i n g P r a c t i c e s :  D e l i v e r y o f I T f u n c t i o n s c a n i n c l u d e : • Insourced – Fully performed by the organization’s staff • Outsourced – Fully performed by the vendor’s staff • Hybrid – Performed by a mix of the organization’s and vendor’s staffs; can include joint ventures/supplemental staff
  • 10. 10  I T f u n c t i o n s c a n b e p e r f o r m e d a c r o s s t h e g l o b e , t a k i n g a d v a n t a g e o f t i m e z o n e s a n d a r b i t r a g i n g l a b o r r a t e s , a n d c a n i n c l u d e : • Onsite – Staff work onsite in the IT department. • Offsite – Also known as nearshore, staff work at a remote location in the same geographic • Offshore—Staff work at a remote location in a different geographic region  O b j e c t i v e o f o u t s o u r c i n g – t o a c h i e v e l a s t i n g , m e a n i n g f u l i m p r o v e m e n t i n b u s i n e s s p r o c e s s e s a n d s e r v i c e s t h r o u g h c o r p o r a t e r e s t r u c t u r i n g t o t a k e a d v a n t a g e o f a v e n d o r ’ s c o r e c o m p e t e n c i e s  T h e m a n a g e m e n t s h o u l d c o n s i d e r t h e f o l l o w i n g a r e a s f o r m o v i n g I T f u n c t i o n s o f f s i t e o r o f f s h o r e : • Legal, regulatory and tax issues • Continuity of operations • Personnel • Telecommunication issues • Cross-border and cross-cultural issues
  • 11. 11 P o i n t s t o r e m e m b e r : •T h e m o s t i m p o r t a n t f u n c t i o n o f I S m a n a g e m e n t i n o u t s o u r c i n g p r a c t i c e s i s – m o n i t o r i n g t h e o u t s o u r c i n g p r o v i d e r ’ s p e r f o r m a n c e •T h e e n t e r p r i s e c a n n o t o u t s o u r c e t h e a c c o u n t a b i l i t y f o r I T s e c u r i t y p o l i c y. T h e a c c o u n t a b i l i t y a l w a y s l i e s w i t h t h e s e n i o r m a n a g e m e n t / B o a r d o f d i r e c t o r s •W h e n t h e o u t s o u r c i n g s e r v i c e i s p r o v i d e d i n a n o t h e r c o u n t r y, t h e m a j o r c o n c e r n f o r t h e I S a u d i t o r i s – t h e l e g a l j u r i s d i c t i o n c a n b e q u e s t i o n e d •T h e c l a u s e i n o u t s o u r c i n g c o n t r a c t t h a t c a n h e l p i n i m p r o v i n g t h e s e r v i c e l e v e l s a n d m i n i m i z e t h e c o s t s i s – G a i n - s h a r i n g p e r f o r m a n c e b o n u s e s .
  • 12. 12
  • 13. OUR CONTACT A B O U T O U R C O M PA N Y InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. 1800-843-7890 sales@infosectrain.co m www.infosectrain.com https://www.facebook.com/Infosectrain/ https://www.linkedin.com/company/infosec-train/ https://www.youtube.com/c/InfosecTrain