1. Periodic meetings involving briefings to the senior management about information security enhance an organization’s commitment and support of information security
2. Data custodians (aka security administrators) are responsible for enforcing access rights to the data by individuals and applications. However, data owners are responsible for approving such rights
3. More or less, policies and standards are usually fairly static. However, procedures are more likely to change as new versions of software and hardware are released
4. One of the qualifications of a CISO should be that he/she should have the ability to understand an organization’s business needs and enable security technologies to support those needs. An organization’s security must be aligned with that organization’s business requirements
5. An organization’s security architecture must incorporate stakeholder’s requirements and thus advance the interests of the business
6. Information Security is not the same thing as IT Security
7. IT Security is just a subset of Information Security
8. IT security is driven by the chief information officer (CIO) level, while Information security is driven by executive management and supported by the board of directors
9. Only data owners can determine requirements of RPO
10. RPO (recovery point objective) is the point back in time from the occurrence of an incident up to which the data can be recovered effectively. Any data between that point and the incident time is lost and is irrecoverable.
Out of 700 plus axioms
Those who will attend our classes will get the more – 700 plus axioms, plus handouts, plus 5 lectures of 4 hours each, plus sample Q/A, plus attendees can ask questions till the day before the exam.