From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
Join today to access over 23,200 courses taught by industry experts.
Control management
From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
Control management
- [Instructor] In addition to conducting regular audits and assessments, organizations should perform routine management of their own controls. Every security program should include control testing procedures, a process for managing exceptions to controls, the building of control remediation plans, and the use of compensating controls. Control testing should take place on a regular basis while periodic audits and assessments do evaluate the effectiveness of security controls, these usually occur relatively and frequently. Organizations should supplement these more formal tests with routine and automated monitoring of security controls. For example, an automated review process might routinely check to see if new ports are opened on a firewall in an unexpected manner. You'll also find that there is an exception to every rule in the world of security. You should have a defined process in place to help team members…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.