Candidates should note that even though most frameworks for information security show the development of an IS program as starting with risk assessment and identification of control objectives, this may change depending on organizational objectives, and may be tailored to achieve the desired outcome, as discussed in ISG.
Candidates will be tested on operational components of a security program. They should have a solid grasp of the various components, including standard operating procedures, business operations security practices and maintenance of security technologies.
Candidates will also be tested on their ability to manage operational components. Sometimes these components fall outside of the information security domain (for example, operating system patching procedures). As such, the ability to communicate with IT, business units and other organizational units will be a plus for candidates. Examples of operational components that candidates will be tested on include:
- Identity management and access control administration
- Security event monitoring and analysis
- System patching procedures and configuration management
- Change control and/or release management processes
- Security metrics collection and reporting
- Maintenance of supplemental control techniques and program support technologies
- Incident response, investigation and resolution.
know more : level 3 network
No comments:
Post a Comment