00:00:00
foreign
00:00:08
information security planning and
00:00:10
governance planning levels within
00:00:12
planning there are four major categories
00:00:14
that strategic practical organization
00:00:17
operational and continuancy planning
00:00:20
strategic company
00:00:22
the process that our organizations use
00:00:26
to determine their goals and objectives
00:00:28
planning it in thus ciso a cyber
00:00:33
security strategy offers a clear
00:00:35
detailed plan that standard standardized
00:00:38
security or as an organization
00:00:41
it helps ciso shift from a reactive to
00:00:45
proactive security ensuring that they
00:00:47
are ready and prepared to respond to a
00:00:50
various relevant threats
00:00:52
information security governance I.T
00:00:55
security governance is the system by
00:00:57
which an organization directs and
00:00:59
control and controls it security
00:01:04
governance
00:01:06
should
00:01:07
not be confused with I.T Security
00:01:09
Management information security
00:01:11
governance is a strategic planning Duty
00:01:14
that has become increasingly
00:01:17
important in recent years governance
00:01:21
is defined as the set of
00:01:23
responsibilities and promise exercise by
00:01:26
the board of directors and executive
00:01:28
management
00:01:29
we with the goal of providing strategic
00:01:33
Direction
00:01:34
information security governance on
00:01:36
outcomes information security must be
00:01:39
strategically aligned with business
00:01:42
strategy to meet corporate goals risk
00:01:45
management which in days
00:01:47
taking the necessary steps to manage and
00:01:51
mitigate hazards to information assets
00:01:55
resource management by efficiently and
00:01:58
effectively employing information
00:01:59
security Express expertise and
00:02:02
infrastructure measure Monitor and
00:02:05
Report information security governance
00:02:07
metrics to ensure the organizational
00:02:09
goals are accomplished increasing the
00:02:13
value of information information
00:02:14
security Investments in support of
00:02:17
corporate goals governance framework
00:02:20
governance Frameworks are the structures
00:02:23
of government and reflects the
00:02:25
interrelated relationships
00:02:28
factors and other influence
00:02:32
upon the institution
00:02:34
governance strategies often used
00:02:37
interchangeably with governance
00:02:40
framework as they both refer to the
00:02:43
structure of the government governance
00:02:45
of the organization
00:02:47
information security policy standards
00:02:50
and practice never go against the law
00:02:52
Inc if confronted in court be prepared
00:02:56
to defend yourself be properly
00:02:59
implemented to
00:03:00
widespread distribution and documented
00:03:03
acceptance
00:03:05
policy
00:03:07
this augmentation review
00:03:10
comprehension compliance uniform and
00:03:12
enforcement Enterprise information
00:03:15
security policy an Enterprise
00:03:19
information security policy these days
00:03:22
what a company's philosophy is on
00:03:24
security and helps to set the direction
00:03:27
scope and tone for all an organization
00:03:30
security efforts Enterprise Securities
00:03:33
the process of securing private data
00:03:35
information assets using solutions that
00:03:38
can scale across Dynamic and highly
00:03:40
distributed environments statement of
00:03:44
policy scope and applicability
00:03:46
definition of Technology address
00:03:49
responsibilities and authorized access
00:03:51
and uses of equipment user access
00:03:54
wherein
00:03:56
responsible use protection of privacy
00:03:59
private and use of equipment descriptive
00:04:02
use of misuse
00:04:04
criminal use offensive or housing
00:04:06
materials corporate or other
00:04:08
reconstruction
00:04:10
money system management management
00:04:12
of third material employer monitoring
00:04:15
virus
00:04:16
protection physical security encryption
00:04:19
violation of policy procedures for for
00:04:23
rewarding violation when as we penalties
00:04:26
for violations policy reviews and
00:04:30
modifications scheduled review of policy
00:04:33
procedures for modifications legal
00:04:36
disclaimers limitations of liability
00:04:39
statements of liability others claims
00:04:42
are needed
00:04:44
policy management policy management is
00:04:46
the process of creating communicating
00:04:48
and maintaining policies and procedures
00:04:50
within an organization an effective
00:04:53
policy management system can mitigate
00:04:56
risk in two ways first it makes policies
00:04:59
more quickly accessible to Direct Care
00:05:02
staff guiding care and safety decision
00:05:05
responsible individual there I stands
00:05:08
for directly responsible individual it's
00:05:10
a title given to the person who is
00:05:12
ultimately responsible for a decision or
00:05:15
making sure a project or task is
00:05:17
completed
00:05:18
why it is important to be responsible
00:05:20
individual
00:05:22
each step we take towards being
00:05:24
responsible and productive productive
00:05:27
helps to raise
00:05:28
our self esteem and our relationship
00:05:32
with friends family and co-workers
00:05:34
improved the unfold
00:05:38
being responsible basically divided we
00:05:41
have much less stress and Chaos in our
00:05:43
lives and we gain the respect of others
00:05:46
schedules of review
00:05:49
the most important single component of a
00:05:51
general business plan lean plan with
00:05:54
this traditional plan or any kind of
00:05:57
plan is a review scheduled this sets the
00:06:00
sets the plan into the context of
00:06:03
management everybody involved needs to
00:06:05
review the plan regularly and revise as
00:06:08
needed the main purpose of project
00:06:11
Baseline schedule is to analyze the
00:06:14
schedule Health structure and critical
00:06:16
path and comprise with the work under
00:06:19
the contract or other terminology scope
00:06:22
of scope of work prior to acceptance and
00:06:26
a private Baseline schedule review
00:06:29
procedures and branches review procedure
00:06:31
means the court of second is instance
00:06:35
examine is each case is full in full and
00:06:39
it's not bound by the arguments of the
00:06:42
appreciation appear or protest
00:06:46
the purpose of a comprehensive review is
00:06:49
to take an in-depth look and existing
00:06:52
administrative
00:06:53
bodies and Associated documents such as
00:06:56
such as procedures
00:06:58
regular reviewing your prices and
00:07:02
procedures keep your organization up to
00:07:05
date with the least latest regulation
00:07:07
and Technology as well as consistent
00:07:11
with the industry-based process policy
00:07:13
standard operation date revised date
00:07:15
showing the last time that the model
00:07:18
content was changed or updated automated
00:07:21
policy management policy management
00:07:23
automation platforms improve operational
00:07:26
efficiency and significantly mitigated
00:07:29
Risk by enabling
00:07:32
policy and legal teams to systematically
00:07:35
reduce the potential for reputational
00:07:37
damage ultimately
00:07:39
parse policy Management Solutions enable
00:07:42
organization to build an ethical and
00:07:45
defensible compliance program
00:07:49
the information security blueprint the
00:07:51
information is
00:07:52
formation security blueprint is a set of
00:07:56
studies that are the product to protect
00:07:58
the company's data also it is by letting
00:08:02
an address people have access to it in
00:08:04
various ways in addition to protect
00:08:07
and she's predicting the company's data
00:08:10
on paper for example in the computer
00:08:12
installed in the office
00:08:15
the iso2
00:08:17
7 000 series NISD special publication SP
00:08:22
812 NSD nist
00:08:26
special publication 814 NISD special
00:08:31
publication
00:08:32
818 we have one
00:08:36
Baseline and best business practice
00:08:38
growing up on a concept twice we Define
00:08:41
a best Baseline practice approach as a
00:08:45
context Plexi reference approach
00:08:47
consisting of processes tools techniques
00:08:49
and method which can be scaled on the
00:08:52
basis of complexity context and work
00:08:54
involved in the project
00:08:56
design of security architecture security
00:08:59
architecture and design looks at how
00:09:02
information security controls and
00:09:03
safeguards are implemented in IIT
00:09:06
systems in order to protect the
00:09:08
confidentiality integrity and
00:09:09
availability of the data that are used
00:09:12
processed and stored in those systems
00:09:15
levels of controls money there are
00:09:18
varying levels of control strategic
00:09:20
highest level operational mid-level and
00:09:22
tactical low level imagine the president
00:09:25
of company decides to build new company
00:09:27
headquarters operational controls and
00:09:30
Technical controls
00:09:32
Define the defense in depth
00:09:36
the defensing depth is a strategy that
00:09:39
leverage multiple security measures to
00:09:41
protect an organization's assets the
00:09:43
thinking is that if one line of defense
00:09:47
is compromised additional there is
00:09:49
exists as about up to ensure that
00:09:53
threats are stopped along the way
00:09:56
security education training and
00:09:59
awareness problems here the education
00:10:00
can be described as a learning
00:10:02
initiative that is aimed at reducing the
00:10:04
total number of security loopholes that
00:10:08
are likely to occur due to lack of
00:10:10
employee awareness security training
00:10:12
which are formal process for Education
00:10:15
employees and third-party stakeholders
00:10:17
like contractors and business partners
00:10:19
security awareness is a strategy used by
00:10:21
it and Security Professionals to prevent
00:10:24
and mitigate users
00:10:26
that attack identification and
00:10:28
prioritization
00:10:32
her priorities prioritize threats
00:10:35
ensuring their resources and attenuation
00:10:38
are
00:10:40
distributed effectively this
00:10:42
presentation can be applied during
00:10:45
planning design and implementation of
00:10:47
security to ensure that Solutions are
00:10:49
rightly effective as possible ensures
00:10:52
difference
00:10:53
are in line with involvement involving
00:10:56
events business unit analysis business
00:10:58
unit you need analysis is uneffective
00:11:01
where an company reviews each unit in
00:11:04
order to access its Effectiveness and
00:11:07
efficiency
00:11:08
the review may take place under the
00:11:10
units manager and organizational manager
00:11:12
which ensure objectively in review
00:11:14
process
00:11:16
business unit or b b u refers to
00:11:20
division facility or defend Department
00:11:22
of an organization
00:11:25
potential damage assessment damage
00:11:28
assessment are the critical step taken
00:11:30
on the path achieving restoration of
00:11:33
Natural Resources injured through the
00:11:35
release of and of oil or hazardous
00:11:38
substance they are used to determine the
00:11:41
field the nature and extend the extent
00:11:43
of injury and amount of damage caused by
00:11:46
the release incident response planning
00:11:48
an incident response plan is a certain
00:11:50
instruction to help it staff at
00:11:54
detectors fund to end
00:11:58
recover from network security incidents
00:12:02
these types of plans address issues that
00:12:05
cybercom cyber crime data loss and
00:12:07
service outage that threat and daily
00:12:09
work testing checklists are structured
00:12:12
walkthrough simulation parallel
00:12:15
and full Interruption incident
00:12:17
indicators
00:12:20
discovered unknown programs
00:12:23
unusual use of computing resources
00:12:25
system crashes that are out of ordinary
00:12:30
the four categories of event listing
00:12:32
below are likely incident indication
00:12:34
unexpected activities new accounts
00:12:36
attacks are reported by users
00:12:39
notification from idps
00:12:42
incident reaction documenting an
00:12:44
incident right about the facts that who
00:12:47
what where when and how include the
00:12:50
Improv impact of behavior
00:12:52
describe any attempt in in very discuss
00:12:56
and mitigate the issues and how the
00:12:59
person responded to that
00:13:01
incident containment strategies a
00:13:04
function that assists to limit and
00:13:05
prevent further damage from happening
00:13:08
along with
00:13:09
ensuring that there is no destruction or
00:13:12
Forest
00:13:13
evidence that may be needed for illegal
00:13:17
for for legal actions
00:13:20
against the towers later
00:13:22
incident recovery incident responses
00:13:26
away in which you manage the aftermath
00:13:29
of an ID security breach or failure
00:13:32
priorities of efforts
00:13:35
this means deciding what order that
00:13:39
should be completed based on importance
00:13:40
and immediency allowing you to get
00:13:44
things done in the most effective way
00:13:45
possible protect
00:13:48
prioritizing your daily tasks will help
00:13:51
you organize your time efficiently and
00:13:53
boost your productivity
00:13:55
damage assessment damage assessment is
00:13:57
the process of determining
00:14:00
the nature and extent of law Sovereign
00:14:02
harmful
00:14:05
to
00:14:06
Community resulting from a natural
00:14:09
accidental or human cause disaster
00:14:12
media media means
00:14:16
media such as
00:14:18
this this drive and tapes into which
00:14:21
backup systems start electronic data
00:14:25
media does not include media such as EB
00:14:28
or DVDs and USB flash drive
00:14:32
on which is which an individual user
00:14:35
starts Clinic documents
00:14:38
Disaster Recovery plan Disaster Recovery
00:14:41
plan or DRP is a documented structure
00:14:44
approach that describes how an
00:14:47
organization can quit their resume work
00:14:50
after unplanned incident and the airp is
00:14:53
an essential part of business continuity
00:14:56
plan business continuity plan there is
00:15:00
continuity planning or BCB is a document
00:15:04
that consists the critical information
00:15:06
of in
00:15:08
organization need to continue operating
00:15:11
during an unplanned event the BCP States
00:15:14
the essential function of business in
00:15:16
the identifies which system and prices
00:15:19
must be sustained in detail how to
00:15:22
maintain them
00:15:24
continuity study hard sites worm sites
00:15:27
cold sites time shares service various
00:15:31
various
00:15:32
mutual agreements crisis management guys
00:15:35
management plan is application of study
00:15:39
designed to have an organization deal
00:15:41
with a sudden and significant negative
00:15:43
event okay crisis can appear as a result
00:15:46
of unpredictable event or an
00:15:49
unforeseeable consequence of some events
00:15:53
that had been considered as a potential
00:15:55
risk
00:15:56
law enforcement involved Federal
00:15:59
authorities State investigate service
00:16:02
local
00:16:03
law enforcement thank you for listening
![[2024] Pass the Shell Interview | Shell Video Interview](https://ruhnrawpgxrzdrgaohnf.supabase.co/storage/v1/object/public/images/video/nk7yZw4TLzs/thumbnail.jpg)
![[2023] Pass the Shell Interview | Shell Video Interview](https://ruhnrawpgxrzdrgaohnf.supabase.co/storage/v1/object/public/images/video/8cjmuGCLVng/thumbnail.jpg)
