Information Security Management and Auditing

  1. Business Continuity and Incident Management
    1. Incident Management Framework
      1. Incident Management Policy
        1. Incident Response Team Structure
          1. Incident Classification Systems
            1. Communication Protocols
            2. Incident Response Process
              1. Incident Detection and Analysis
                1. Detection Methods and Tools
                  1. Initial Assessment
                    1. Incident Classification
                    2. Incident Containment
                      1. Containment Strategies
                        1. Evidence Preservation
                          1. Communication Management
                          2. Incident Eradication and Recovery
                            1. Root Cause Analysis
                              1. System Restoration
                                1. Vulnerability Remediation
                                2. Post-Incident Activities
                                  1. Incident Documentation
                                    1. Lessons Learned Analysis
                                      1. Process Improvement
                                    2. Business Continuity Management
                                      1. Business Continuity Framework
                                        1. BCM Policy and Objectives
                                          1. BCM Governance Structure
                                            1. BCM Lifecycle
                                            2. Business Impact Analysis (BIA)
                                              1. Critical Business Process Identification
                                                1. Impact Assessment Methodology
                                                  1. Recovery Time and Point Objectives
                                                    1. Dependency Analysis
                                                    2. Risk Assessment for Continuity
                                                      1. Threat and Vulnerability Analysis
                                                        1. Business Continuity Risk Evaluation
                                                          1. Risk Treatment for Continuity
                                                          2. Business Continuity Strategy
                                                            1. Recovery Strategy Options
                                                              1. Resource Requirements
                                                                1. Alternative Site Planning
                                                                2. Business Continuity Plan Development
                                                                  1. Plan Structure and Content
                                                                    1. Response Procedures
                                                                      1. Communication Plans
                                                                        1. Resource Allocation
                                                                        2. Plan Testing and Maintenance
                                                                          1. Testing Methodologies
                                                                            1. Exercise Planning and Execution
                                                                              1. Plan Review and Updates
                                                                            2. Disaster Recovery Planning
                                                                              1. Disaster Recovery Framework
                                                                                1. DR Policy and Scope
                                                                                  1. DR Team Roles and Responsibilities
                                                                                  2. Recovery Infrastructure
                                                                                    1. Recovery Site Options
                                                                                      1. Technology Recovery Solutions
                                                                                        1. Data Backup and Restoration
                                                                                        2. Recovery Procedures
                                                                                          1. System Recovery Processes
                                                                                            1. Data Recovery Methods
                                                                                              1. Network Recovery
                                                                                              2. DR Testing and Validation
                                                                                                1. Testing Types and Frequency
                                                                                                  1. Test Result Analysis
                                                                                                    1. Plan Improvement

                                                                                                Previous

                                                                                                4. Security Control Implementation

                                                                                                Go to top

                                                                                                Next

                                                                                                6. Information Security Auditing Fundamentals