Welcome to Week 2
Information Assurance Capability, Maturity and Appraisals Practice Activity
Select the Start button to begin
Start
Select the Listen button to play the narration for this slide
Listen
This week is where the pieces start connecting. You’re learning that frameworks aren’t just diagrams built by committees—they’re living structures that help real people manage risk and build stability. If you felt overwhelmed by acronyms, that’s normal. The shift you’re making is from memorizing names to understanding purpose: what each framework is trying to help an organization do, how it defines “good security,” and how multiple frameworks can work together without turning into chaos.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
As you answer the questions, keep a practical mindset: you’re not choosing frameworks like favorite tools. You’re deciding how to guide an organization that needs risk clarity, maturity growth, governance discipline, and credible assurance evidence—all at the same time.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
You will see a multiple-choice question with four options. Select the answer you think is correct. After choosing, an audio will tell you if it’s right or wrong, and you’ll automatically move to the next page to see feedback.
Let’s begin!
home
next
previous
Select the Listen button to play the narration for this slide
Listen
You join a small manufacturing company that asks you to “implement NIST.” During your first meeting, you discover leadership really wants two things: (1) a clear way to organize cybersecurity work, and (2) a way to measure whether the security program is improving over time
home
next
previous
Select the Listen button to play the narration for this slide
Listen
NIST CSF gives the risk-function structure while IA-CMM measures capability progression; together they guide long-term assurance.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Your organization is ISO/IEC 27001 certified. Leadership says, “We’re mature because we’re certified.” But incident response varies by team, and lessons learned rarely change procedures.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
ISO 27001 supports disciplined security management and evidence, but maturity requires consistent execution and continuous improvement in real operations.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
A security lead tries to map every single control in the organization to all frameworks at once (NIST CSF, COBIT, ISO 27001, IA-CMM). The team becomes confused, meetings multiply, and people start ignoring the effort.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Multi-framework integration can create overlap, misalignment, and resource constraints; without a purpose-driven translation layer, it becomes noise instead of guidance.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Your CIO wants a framework to clarify decision rights: who approves risk exceptions, who owns policy enforcement, and how cybersecurity aligns to business goals.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
COBIT is governance-focused and is designed to connect IT/security oversight to business objectives and leadership accountability.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
You’re asked to propose a practical integration approach for a resource-constrained organization. They need something realistic that avoids duplicated work and helps leaders understand progress.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
It uses each framework for its strength, avoids unnecessary overlap, respects constraints, and builds a cohesive, context-specific security structure.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
If you’re starting to see frameworks as different “languages” describing the same security story, you’re on track. Your next step is to carry this clarity into Week 3, where risk, vulnerability, and capability analysis become more concrete—and more human.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Congratulations!
You have successfully completed the practice video.
home
previous
W2_ISSC662_Practice_video
Griky Kontent
Created on February 3, 2026
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Practical Video
View
Akihabara Video
View
Essential Video
View
Video: Responsible Use of Social Media and Internet
View
Explainer Video: Keys to Effective Communication
View
Explainer Video: AI for Companies
View
Breaking news video
Explore all templates
Transcript
Welcome to Week 2
Information Assurance Capability, Maturity and Appraisals Practice Activity
Select the Start button to begin
Start
Select the Listen button to play the narration for this slide
Listen
This week is where the pieces start connecting. You’re learning that frameworks aren’t just diagrams built by committees—they’re living structures that help real people manage risk and build stability. If you felt overwhelmed by acronyms, that’s normal. The shift you’re making is from memorizing names to understanding purpose: what each framework is trying to help an organization do, how it defines “good security,” and how multiple frameworks can work together without turning into chaos.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
As you answer the questions, keep a practical mindset: you’re not choosing frameworks like favorite tools. You’re deciding how to guide an organization that needs risk clarity, maturity growth, governance discipline, and credible assurance evidence—all at the same time.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
You will see a multiple-choice question with four options. Select the answer you think is correct. After choosing, an audio will tell you if it’s right or wrong, and you’ll automatically move to the next page to see feedback.
Let’s begin!
home
next
previous
Select the Listen button to play the narration for this slide
Listen
You join a small manufacturing company that asks you to “implement NIST.” During your first meeting, you discover leadership really wants two things: (1) a clear way to organize cybersecurity work, and (2) a way to measure whether the security program is improving over time
home
next
previous
Select the Listen button to play the narration for this slide
Listen
NIST CSF gives the risk-function structure while IA-CMM measures capability progression; together they guide long-term assurance.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Your organization is ISO/IEC 27001 certified. Leadership says, “We’re mature because we’re certified.” But incident response varies by team, and lessons learned rarely change procedures.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
ISO 27001 supports disciplined security management and evidence, but maturity requires consistent execution and continuous improvement in real operations.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
A security lead tries to map every single control in the organization to all frameworks at once (NIST CSF, COBIT, ISO 27001, IA-CMM). The team becomes confused, meetings multiply, and people start ignoring the effort.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Multi-framework integration can create overlap, misalignment, and resource constraints; without a purpose-driven translation layer, it becomes noise instead of guidance.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Your CIO wants a framework to clarify decision rights: who approves risk exceptions, who owns policy enforcement, and how cybersecurity aligns to business goals.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
COBIT is governance-focused and is designed to connect IT/security oversight to business objectives and leadership accountability.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
You’re asked to propose a practical integration approach for a resource-constrained organization. They need something realistic that avoids duplicated work and helps leaders understand progress.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
It uses each framework for its strength, avoids unnecessary overlap, respects constraints, and builds a cohesive, context-specific security structure.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
If you’re starting to see frameworks as different “languages” describing the same security story, you’re on track. Your next step is to carry this clarity into Week 3, where risk, vulnerability, and capability analysis become more concrete—and more human.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Congratulations!
You have successfully completed the practice video.
home
previous