IT Examiner School, Seaside, CA
Information Security - Risk Mitigation
• Policies and Procedures • Control Types/implementation • Inventory and Classification of Assets • User Security Controls • Physical Security • Change Management Within IT Environment • End-of-Life Management
• Application Security • Database Security • Encryption • Log Management • Malware Mitigation
Information Security – Policies and Procedures
Board approved Written Policies (Required by GLBA) • Address key areas such as personnel, physical and logical security, change management, strategic planning, and business continuity. • Depth and coverage of IT operations policies will vary based on institution size and complexity. Procedures describe the processes used to meet the requirements of the institution's IT policies. • Do not need to be formally Board approved. • Written for consistency and continuity. • Regularly updated as processes, systems, and threats change.
Made with FlippingBook - Online catalogs