From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
Join today to access over 23,200 courses taught by industry experts.
Customizing security standards
From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
Customizing security standards
- [Instructor] The security standards offered by industry experts are an excellent starting point for an organization's own security standards. But they're rarely ready to use out of the box and they often require customization to meet the organization's own security requirements. Organizations commonly start with these baselines and then add, remove and modify controls to develop their own security standards. The purpose of these customization efforts is to scope and tailor the standard to meet the organization's specific needs. For example, an industry standard might suggest using full disc encryption to protect stored data on an endpoint and suggest the use of AES encryption with a 128, 192 or 256-bit key. The organization might have a compliance requirement that mandates the use of 256-bit keys. In this case, the organization might modify the standard to require the use of a 256-bit key removing the options for a 128 or…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.