You will establish processes to ensure that information security measures align with established business needs.
Certification: CISM The CISM exam is offered three times a year (June, September and December) and consists of 200 multiple-choice questions. The CISM exam is focused on the four domains defined by ISACA.
- Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
- Identify and manage information security risks to achieve business objectives.
- Create a program to implement the information security strategy.
- Implement an information security program.
- Oversee and direct information security activities to execute the information security program.
- Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents.
Lesson 1: Information Security Governance
- Topic 1A: Develop an Information Security Strategy
- Topic 1B: Align Information Security Strategy with Corporate Governance
- Topic 1C: Identify Legal and Regulatory Requirements
- Topic 1D: Justify Investment in Information Security
- Topic 1E: Identify Drivers Affecting the Organization
- Topic 1F: Obtain Senior Management Commitment to Information Security
- Topic 1G: Define Roles and Responsibilities for Information Security
- Topic 1H: Establish Reporting and Communication Channels
Lesson 2: Information Risk Management
- Topic 2A: Implement an Information Risk Assessment Process
- Topic 2B: Determine Information Asset Classification and Ownership
- Topic 2C: Conduct Ongoing Threat and Vulnerability Evaluations
- Topic 2D: Conduct Periodic BIAs
- Topic 2E: Identify and Evaluate Risk Mitigation Strategies
- Topic 2F: Integrate Risk Management into Business Life Cycle Processes
- Topic 2G: Report Changes in Information Risk
Lesson 3: Information Security Program Development
- Topic 3A: Develop Plans to Implement an Information Security Strategy
- Topic 3B: Security Technologies and Controls
- Topic 3C: Specify Information Security Program Activities
- Topic 3D: Coordinate Information Security Programs with Business Assurance Functions
- Topic 3E: Identify Resources Needed for Information Security Program Implementation
- Topic 3F: Develop Information Security Architectures
- Topic 3G: Develop Information Security Policies
- Topic 3H: Develop Information Security Awareness, Training, and Education Programs
- Topic 3I: Develop Supporting Documentation for Information Security Policies
Lesson 4: Information Security Program Implementation
- Topic 4A: Integrate Information Security Requirements into Organizational Processes
- Topic 4B: Integrate Information Security Controls into Contracts
- Topic 4C: Create Information Security Program Evaluation Metrics
Lesson 5: Information Security Program Management
- Topic 5A: Manage Information Security Program Resources
- Topic 5B: Enforce Policy and Standards Compliance
- Topic 5C: Enforce Contractual Information Security Controls
- Topic 5D: Enforce Information Security During Systems Development
- Topic 5E: Maintain Information Security Within an Organization
- Topic 5F: Provide Information Security Advice and Guidance
- Topic 5G: Provide Information Security Awareness and Training
- Topic 5H: Analyze the Effectiveness of Information Security Controls
- Topic 5I: Resolve Noncompliance Issues
Lesson 6: Incident Management and Response
- Topic 6A: Develop an Information Security Incident Response Plan
- Topic 6B: Establish an Escalation Process
- Topic 6C: Develop a Communication Process
- Topic 6D: Integrate an IRP
- Topic 6E: Develop IRTs
- Topic 6F: Test an IRP
- Topic 6G: Manage Responses to Information Security Incidents
- Topic 6H: Perform an Information Security Incident Investigation
- Topic 6I: Conduct Post-Incident Reviews
To ensure your success, we recommend that students taking this course should have professional experience in information security in at least one of the following areas:
- Information security governance
- Information risk management
- Information security program development
- Information security program management
- Incident management and response
- Familiarity with TCP/IP
- Understanding of UNIX, Linux, and Windows.