IT Examiner School, Seaside, CA

Information Security Adequacy of managing

• Network security devices o Firewalls o IDS o VPN o Wireless – configuration/monitoring • Log monitoring programs o Automated tools – Security monitoring tools – Policy enforcement

– Reporting of exceptions (mgmt./committee/board)

Information Security Program Management

An effective information security program includes: • Risk identification • Risk measurement • Risk mitigation • Risk monitoring and reporting