1 / 18

ISACA s CISM Domain 2 Information Risk Management

let us discuss domain 2 of CISM, which is Information Risk Management.

infosectrain1
Download Presentation

ISACA s CISM Domain 2 Information Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISACA’s CISM Domain 2: Information Risk Management www.infosectrain.com | sales@infosectrain.com

  2. www.infosectrain.com | sales@infosectrain.com

  3. CISM Domains: Information Security Governance Information Risk Management Information Security Program Development and Management Information Security Incident Management In this blog, let us discuss domain 2 of CISM, which is Information Risk Management. Note: To get a clear understanding of Information Risk Management, let me explain them separately. www.infosectrain.com | sales@infosectrain.com

  4. Information: Information is organized, structured, and processed data which helps in decision making. For example, assume you have a toy shop, a single customer sales of an item is called data, and this data becomes information when you can find the most popular and least popular toys. And with that information, you can add and remove toys from your shop/store. Risk: Risk in this context is the potential possibility of occurrences of incidents or events that may materially harm the company’s data/information. Management: Management means identifying, assessing, evaluating, and dealing with risks (coping with any changes) through proactive, deliberate, explicit, and systematic measures. Additionally, it means managing the process, controlling the authorization, resourcing, risk treatment, etc. www.infosectrain.com | sales@infosectrain.com

  5. Information Risk Management process: The process of Information Security management can be summed up as shown in this diagram. www.infosectrain.com | sales@infosectrain.com

  6. The first stage of the process is to identify the potential risk factors like vulnerabilities, threats, incidents, and impacts. The second stage is to evaluate the risks, which includes accessing or considering the information collected in the first stage to define the significance of various risks. In the third stage, which is threat risks, we avoid, share, or mitigate them. In this stage, we usually implement the risk treatment decisions. Handling changes may seem obvious, but their importance is emphasized in the above mentioned infographic. The information risks within an organization are constantly shifting, partly as a result of the risk treatment, partly as a result of various other factors. At the end of the diagram, you can see that organizations must often respond to external obligations like market pressure, exceptions, and compliance. www.infosectrain.com | sales@infosectrain.com

  7. Information Risk Management best practices: No one can guarantee that the IRM process of one data asset can be successful with another data asset; hence it is essential for organizations to use a combination of various strategies and policies. But, there are a few best practices that every organization must commonly implement to maintain a strong cybersecurity posture. https://youtu.be/eBnnpLD8cXE Here are the three best practices that must be taken by every organization to maintain a great Information Risk Management program. www.infosectrain.com | sales@infosectrain.com

  8. Monitor the IT environment: Constantly monitoring the IT environment will help the organization identify vulnerabilities and help to prioritize the remediation activities. For instance, many organizations struggle to configure cloud resources. News reports often mention Amazon’s S3 buckets. Inherently, these public cloud storage locations are not risky, but not configuring them appropriately opens them up to the public, including to attackers. By monitoring your IT environment continuously and consistently, you can identify misconfigured databases and storage locations, improving the security of your data. www.infosectrain.com | sales@infosectrain.com

  9. Monitor the supply team: Risk mitigation from third-party vendors is also an important aspect of your IT risk management approach. While you may have authority over your vendors, you may not be able to hold their vendors to the same contractual requirements. You require insight into the cybersecurity posture throughout your ecosystem as part of your holistic Information Risk Management approach. You might be at risk if your vendor’s vendor uses a cloud database and stores your information as plain text. Continually monitor your supply stream for encryption, which makes data unreadable even if a hacker accesses it, this gives you insight into the cyber health of your ecosystem. www.infosectrain.com | sales@infosectrain.com

  10. Monitor compliance: Legislative agencies and industry standards groups have issued increasingly strict compliance rules as data breaches continue to make headlines. Several new legislation, like the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the New York Stop Hacks and Improve Electronic Data Security (NY SHIELD) Act, mandate constant monitoring as part of a cybersecurity compliance program. You must monitor and record your efforts to offer assurance to internal and external auditors in order to develop a compliant IT risk management program. You must prioritize repair measures and record your operations as you regularly monitor your enterprise’s IT ecosystem, giving proof of governance to your auditors. www.infosectrain.com | sales@infosectrain.com

  11. Why InfosecTrain? • InfosecTrain allows you to customize your training schedules; our trainers will provide one-on-one training. • You can hire a trainer from Infosec Train who will teach you at your own pace. • As ISACA is our premium training partner, our trainers know how much and what exactly to teach to make you a professional. • One more great part is that you will have access to all our recorded sessions. www.infosectrain.com | sales@infosectrain.com

  12. That sounds exciting, right? So what are you waiting for? Enroll in our CISM course and get certified. Here you can get the best CISM domain training. www.infosectrain.com | sales@infosectrain.com

  13. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  14. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  15. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  16. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  17. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related