GoogleCybersecurityCertificate
This section of the Google Cybersecurity Certificate course focuses on how security professionals use frameworks and controls to manage risk.
Security Frameworks
These are guidelines for building plans to mitigate risks and threats to data and privacy. They provide a structured approach to the security lifecycle (a constantly evolving set of policies and standards for managing risk, following guidelines, and meeting regulatory compliance). Frameworks help with:
- Protecting Personally Identifiable Information (PII)
- Securing financial information
- Identifying security weaknesses
- Managing organizational risks
- Aligning security with business goals
Four Core Components of Security Frameworks
- Identifying and Documenting Security Goals: Defining specific objectives, such as GDPR compliance.
- Setting Guidelines to Achieve Security Goals: Developing policies and procedures to meet the defined goals (e.g., new data handling policies for GDPR compliance).
- Implementing Strong Security Processes: Establishing and executing procedures to ensure compliance (e.g., designing procedures for verified user data requests in a social media company).
- Monitoring and Communicating Results: Tracking the effectiveness of implemented measures and reporting potential issues (e.g., monitoring the internal network and reporting GDPR-related security issues).
Security Controls
These are safeguards designed to reduce specific security risks. An example is mandatory privacy training for employees to reduce the risk of data breaches, tracked using software tools.
Relationship between Frameworks and Controls
Frameworks provide the overall structure and goals, while controls are the specific mechanisms used to achieve those goals. Security analysts work within the framework to implement and monitor controls. Understanding both is crucial for entry-level analysts, as it directly impacts their work and collaboration with others.