Information Security Management and Auditing

  1. Security Control Implementation
    1. Control Frameworks and Standards
      1. Control Framework Selection
        1. Baseline Control Establishment
          1. Control Customization
          2. Control Categories and Types
            1. Administrative Controls
              1. Policies and Procedures
                1. Security Awareness Training
                  1. Personnel Security Controls
                    1. Vendor Management
                    2. Technical Controls
                      1. Access Control Systems
                        1. Encryption Technologies
                          1. Network Security Controls
                            1. System Hardening
                            2. Physical Controls
                              1. Facility Security
                                1. Environmental Controls
                                  1. Equipment Protection
                                2. Control Functions
                                  1. Preventive Controls
                                    1. Access Restrictions
                                      1. Firewalls and Network Segmentation
                                        1. Security Configuration Management
                                        2. Detective Controls
                                          1. Security Monitoring Systems
                                            1. Log Analysis and SIEM
                                              1. Vulnerability Scanning
                                              2. Corrective Controls
                                                1. Incident Response Procedures
                                                  1. System Recovery Processes
                                                    1. Patch Management
                                                    2. Deterrent Controls
                                                      1. Security Awareness Programs
                                                        1. Warning Systems
                                                        2. Compensating Controls
                                                          1. Alternative Control Measures
                                                            1. Control Gap Mitigation
                                                              1. Effectiveness Assessment
                                                            2. Key Security Domains
                                                              1. Asset Management
                                                                1. Asset Inventory Management
                                                                  1. Information Classification
                                                                    1. Media Handling and Disposal
                                                                    2. Human Resources Security
                                                                      1. Pre-employment Screening
                                                                        1. Employment Terms and Conditions
                                                                          1. Disciplinary Processes
                                                                            1. Termination Procedures
                                                                            2. Access Control Management
                                                                              1. User Access Provisioning
                                                                                1. Privileged Access Management
                                                                                  1. Authentication Mechanisms
                                                                                    1. Access Review and Certification
                                                                                    2. Cryptographic Controls
                                                                                      1. Encryption Implementation
                                                                                        1. Key Management Systems
                                                                                          1. Digital Signatures
                                                                                            1. Certificate Management
                                                                                            2. Physical and Environmental Security
                                                                                              1. Secure Areas and Perimeters
                                                                                                1. Physical Entry Controls
                                                                                                  1. Equipment Security
                                                                                                    1. Environmental Monitoring
                                                                                                    2. Operations Security
                                                                                                      1. Change Management
                                                                                                        1. Capacity Management
                                                                                                          1. Malware Protection
                                                                                                            1. Backup and Recovery
                                                                                                              1. Network Security Management
                                                                                                              2. Communications Security
                                                                                                                1. Network Controls
                                                                                                                  1. Information Transfer Security
                                                                                                                    1. Electronic Messaging
                                                                                                                    2. System Development Security
                                                                                                                      1. Security in Development Lifecycle
                                                                                                                        1. Secure Coding Practices
                                                                                                                          1. Security Testing
                                                                                                                            1. Test Data Management
                                                                                                                            2. Supplier Relationship Security
                                                                                                                              1. Supplier Security Requirements
                                                                                                                                1. Third-Party Risk Management
                                                                                                                                  1. Service Delivery Management

                                                                                                                              Previous

                                                                                                                              3. Information Security Management Systems (ISMS)

                                                                                                                              Go to top

                                                                                                                              Next

                                                                                                                              5. Business Continuity and Incident Management