Information Security Management: Principles and Practices

About Course

Certified Information Security Manager indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid to advanced-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.

Course Content

Information Security Governance
This domain will provide you with a thorough insight into the culture, regulations and structure involved in enterprise governance, as well as enabling you to analyze, plan and develop information security strategies. Together, this will affirm high-level credibility in information security governance to stakeholders.

Introduction
Enterprise Governance
Organizational Culture
Legal, Regulatory and Contractual Requirements
Organizational Structures, Roles and Responsibilities
Information Security Strategy Development
Information Governance Frameworks and Standards
Strategic Planning (e.g., Budgets, Resources, Business Case)

Information Security Risk Management
This domain empowers you to analyze and identify potential information security risks, threats and vulnerabilities as well as giving you all the information about identifying and countering information security risks you will require to perform at management level.

Information Security Program
This domain covers the resources, asset classifications and frameworks for information security as well as empowering you to manage information security programs, including security control, testing, comms and reporting and implementation.

Information Security Program Development
Information Security Program Resources (e.g., People, Tools, Technologies)
Information Asset Identification and Classification
Industry Standards and Frameworks for Information Security
Information Security Policies, Procedures and Guidelines
Information Security Program Metrics
Information Security Program Management
Information Security Control Design and Selection
Information Security Control Implementation and Integrations
Information Security Control Testing and Evaluation
Information Security Awareness and Training
Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)
Information Security Program Communications and Reporting

Incident Management
This domain provides in-depth training in risk management and preparedness, including how to prepare a business to respond to incidents and guiding recovery. The second module covers the tools, evaluation and containment methods for incident management.

Incident Management Readiness
Incident Response Plan
Business Impact Analysis (BIA)
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Incident Classification/Categorization
Incident Management Training, Testing and Evaluation
Incident Management Tools and Techniques
Incident Investigation and Evaluation
Incident Containment Methods
Incident Response Communications (e.g., Reporting, Notification, Escalation)
Incident Eradication and Recovery
Post-Incident Review Practices

About Course

What Will You Learn?

Course Content

Introduction

Enterprise Governance

Organizational Culture

Legal, Regulatory and Contractual Requirements

Organizational Structures, Roles and Responsibilities

Information Security Strategy Development

Information Governance Frameworks and Standards

Strategic Planning (e.g., Budgets, Resources, Business Case)

Information Security Risk Assessment

Emerging Risk and Threat Landscape

Vulnerability and Control Deficiency Analysis

Risk Assessment and Analysis

Information Security Risk Response

Risk Treatment

Risk and Control Ownership

Risk Monitoring & Reporting

Information Security Program This domain covers the resources, asset classifications and frameworks for information security as well as empowering you to manage information security programs, including security control, testing, comms and reporting and implementation.

Information Security Program Development

Information Security Program Resources (e.g., People, Tools, Technologies)

Information Asset Identification and Classification

Industry Standards and Frameworks for Information Security

Information Security Policies, Procedures and Guidelines

Information Security Program Metrics

Information Security Program Management

Information Security Control Design and Selection

Information Security Control Implementation and Integrations

Information Security Control Testing and Evaluation

Information Security Awareness and Training

Management of External Services (e.g., Providers, Suppliers, Third Parties, Fourth Parties)

Information Security Program Communications and Reporting

Incident Management This domain provides in-depth training in risk management and preparedness, including how to prepare a business to respond to incidents and guiding recovery. The second module covers the tools, evaluation and containment methods for incident management.

Incident Management Readiness

Incident Response Plan

Business Impact Analysis (BIA)

Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP)

Incident Classification/Categorization

Incident Management Training, Testing and Evaluation

Incident Management Tools and Techniques

Incident Investigation and Evaluation

Incident Containment Methods

Incident Response Communications (e.g., Reporting, Notification, Escalation)

Incident Eradication and Recovery

Post-Incident Review Practices

Exam Preparation

Sample Q&A

Information Security Program
This domain covers the resources, asset classifications and frameworks for information security as well as empowering you to manage information security programs, including security control, testing, comms and reporting and implementation.

Incident Management
This domain provides in-depth training in risk management and preparedness, including how to prepare a business to respond to incidents and guiding recovery. The second module covers the tools, evaluation and containment methods for incident management.