Gap Analysis
Current performance versus desired performance
Zero Trust
No one should be trusted by default
Aligning Security with Business
Wearing two hats
Risk Management
Managing and Prioritizing Risks
Risk Management Terms
Risk Management Terminologies
Risk Management Process
Identify, assess, and prioritize risk
Risk Identification
Spotting risks early so the organization can prepare for them.
Risk Assessment
Vulnerability plus threat, equals risk
Risk Treatment
Reduce, transfer, accept, or avoid the risk
Risk Management Frameworks
CIS, ISO, NIST etc.
Security Controls
Physical, Technical, Administrative, etc.
Governance
Overall management of the organization's IT resources
Governance Elements
Policies, Standards, Procedures, and Guidelins
Compliance
Adherence to laws, regulations, standards, and policies
Laws and Regulations
Laws, regulations, standards, and policies
Intellectual Property
Intellectual Property
Import and Export Controls
Import and Export Controls
U.S. Privacy Laws
U.S. Privacy Laws
Other Privacy Laws
Other Privacy Laws
Vendor Assessment
Assessing vendors
Vendor Management
Assessing vendors
Third-Party Vendor Risks
Potential security from external entities