I just finished my upgrade to Safe Certification and now will be going for CISSP certification. Wish my luck guys!
- Effective security plans anticipates change, focuses on specific and achievable objectives, potential problems, and serves as the basis of decision making.
- Operational plans are the shortest and most frequently updated
- Tactical plans are mid term plans and supports strategical plans.
- Strategic plans are the long term plans (usually 5 years) and usually includes risk assessment.
- Data classification is the primary means by which data is protected based on its need for secrecy, sensitivity and confidentiality.
- Data classification is the process of organizing objects, subjects, items into groups of similarities (value, cost, vulnerability, risk, power, privilege)
- Stratify the process of organizing and securing data based on assigned labels of
importance and sensitivity.
- Data classification also addresses how data is removed and destroyed.
- Security policy is used to assign responsibilities, define acceptable risks, define roles, specify audit requirements and indicate compliance.
- Security policy are not optional rather mandatory.
- Three types of security policies are regulatory, advisory and informative.