Certified Information Security Manager (CISM)
CM
eTrain
Summary
- Exam(s) / assessment(s) not included in price, and must be purchased separately
- Tutor is available to students
Overview
The Certified Information Security Manager (CISM) course helps the candidates to achieve the CISM certification. The certification is offered by the Information Systems Audit and Control Association (ISACA) to validate the expertise and knowledge of the candidates regarding the relationship between an information security program and the broader business targets. The certification also validates that the candidate has the hands-on knowledge of developing, managing and implementing an information security program for an organization.
CISM certification is a certification by ISACA for experienced Information security management professionals with work experience in developing and managing information security programs. The CISM course covers the four domains of the CISM certification exam. The course is an ideal preparatory course for the students seeking to gain CISM certification as well as the IT security and information security professionals looking to build on their practical experience.
Prerequisites:
- As the case with the CISM certification exam, the candidates are required to have a minimum of five years of experience in information security management.
Student Materials:
Student Workbook
Student Prep Guide
Certification Exams:
Certified Information Security Manager
Who Should Attend?
- Experienced information security managers and officers
- IT consultants and managers
- IT auditors
- IT security policy makers
- Privacy officers
- Network administrators
- Network security engineers
- Candidates seeking CISM certificatio
Certification
Certified Information Security Manager (CISM)
Description
Course Curriculum
Course Introduction
Introduction (0:10)
CourseI Introduction (1:02)
Instructor Introduction (1:20)
Information Security Governance
Lesson 1: Information Security Governance Overview (0:53)
Information Security Governance Overview Part1 (1:12)
Information Security Governance Overview Part2 (2:00)
Information Security Governance Overview Part3 (1:22)
Information Security Governance Overview Part4 (1:32)
Information Security Governance Overview Part5 (0:29)
Importance of Information Security Governance Part1 (1:18)
Importance of Information Security Governance Part2 (6:20)
Outcomes of Information Security Governance Part1 (0:33)
Outcomes of Information Security Governance Part2 (1:26)
Outcomes of Information Security Governance Part3 (2:45)
Outcomes of Information Security Governance Part4 (1:27)
Outcomes of Information Security Governance Part5 (1:54)
Outcomes of Information Security Governance Part6 (1:28)
Lesson 2: Effective Information Security Governance (0:31)
Business Goals and Objectives Part1 (1:31)
Business Goals and Objectives Part2 (2:00)
Roles and Responsibilities of Senior Management Part1 (1:02)
Roles and Responsibilities of Senior Management Part2 (0:43)
Domain Tasks Part1 (1:21)
Domain Tasks Part2 (3:16)
Business Model for Information Security Part1 (0:45)
Business Model for Information Security Part2 (1:09)
Business Model for Information Security Part3 (3:16)
Business Model for Information Security Part4 (1:37)
Dynamic Interconnections Part1 (0:34)
Dynamic Interconnections Part2 (2:55)
Dynamic Interconnections Part3 (1:55)
Dynamic Interconnections Part4 (0:51)
Lesson 3: Information Security Concepts and Technologies (3:26)
Information Security Concepts and Technologies Part1 (2:58)
Information Security Concepts and Technologies Part2 (3:25)
Information Security Concepts and Technologies Part3 (1:50)
Technologies Part1 (1:41)
Technologies Part2 (6:12)
Lesson 4: Information Security Manager (0:33)
Responsibilities (1:48)
Senior Management Commitment Part1 (0:48)
Senior Management Commitment Part2 (2:27)
Obtaining Senior Management Commitment Part1 (0:24)
Obtaining Senior Management Commitment Part2 (0:53)
Establishing Reporting and Communication Channels Part1 (1:13)
Establishing Reporting and Communication Channels Part2 (1:07)
Lesson 5: Scope and Charter of Information Security Governance (1:55)
Assurance Process Integration and Convergence (2:24)
Convergence (2:32)
Governance and Third-Party Relationships (2:38)
Lesson 6: Information Security Governance Metrics (0:56)
Metrics (1:38)
Effective Security Metrics Part1 (1:46)
Effective Security Metrics Part2 (1:01)
Effective Security Metrics Part3 (1:51)
Effective Security Metrics Part4 (0:39)
Security Implementation Metrics (1:17)
Strategic Alignment Part1 (2:56)
Strategic Alignment Part2 (1:10)
Risk Management (1:14)
Value Delivery (1:01)
Resource Management Part1 (0:47)
Resource Management Part2 (0:41)
Performance Measurement (3:06)
Assurance Process Integration/Convergence (2:54)
Lesson 7: Information Security Strategy Overview (0:53)
Another View of Strategy (0:41)
Lesson 8: Creating Information Security Strategy (0:16)
Information Security Strategy (1:22)
Common Pitfalls Part1 (4:38)
Common Pitfalls Part2 (2:19)
Objectives of the Information Security Strategy (1:33)
What is the Goal? (1:40)
Defining Objectives (1:22)
Business Linkages (1:48)
Business Case Development Part1 (1:43)
Business Case Development Part2 (2:36)
Business Case Development Part3 (0:45)
Business Case Objectives (0:57)
The Desired State (1:48)
COBIT (1:08)
COBIT Controls (1:09)
COBIT Framework (0:48)
Capability Maturity Model (1:38)
Balanced Scorecard (1:22)
Architectural Approaches (1:03)
ISO/IEC 27001 and 27002 (0:59)
Risk Objectives Part1 (1:38)
Risk Objectives Part2 (3:11)
Lesson 9: Determining Current State Of Security (0:45)
Current Risk Part1 (2:37)
Current Risk Part2 (1:11)
BIA (1:11)
Lesson 10: Information Security Strategy Development (1:52)
The Roadmap (1:01)
Elements of a Strategy (3:27)
Strategy Resources and Constraints (2:45)
Lesson 11: Strategy Resources (0:32)
Policies and Standards (1:00)
Definitions (5:48)
Enterprise Information Security Architectures (1:30)
Controls (3:00)
Countermeasures (0:55)
Technologies (1:50)
Personnel (1:54)
Organizational Structure (3:47)
Employee Roles and Responsibilities (0:28)
Skills (1:16)
Audits (1:41)
Compliance Enforcement (2:24)
Threat Assessment (1:41)
Vulnerability Assessment (2:21)
Risk Assessment (2:19)
Insurance (2:04)
Business Impact Assessment (2:32)
Outsourced Security Providers (2:57)
Lesson 12: Strategy Constraints (0:22)
Legal and Regulatory Requirements (1:42)
Physical Constraints (2:56)
The Security Strategy (1:35)
Lesson 13: Action Plan to Implement Strategy (1:13)
Gap Analysis Part1 (1:35)
Gap Analysis Part2 (0:52)
Gap Analysis Part3 (3:01)
Policy Development Part1 (1:41)
Policy Development Part2 (1:00)
Standards Development (2:44)
Training and Awareness (0:35)
Action Plan Metrics (1:23)
General Metric Considerations Part1 (0:23)
General Metric Considerations Part2 (0:35)
General Metric Considerations Part3 (0:42)
General Metric Considerations Part4 (0:23)
CMM4 Statements (2:00)
Objectives for CMM4 (0:47)
Section Review (0:44)
Review Questions
Information Risk Management
Lesson 1: Risk Management Overview (0:59)
Risk Management Overview (1:51)
Types of Risk Analysis (7:08)
The Importance of Risk Management (2:14)
Risk Management Outcomes (1:34)
Risk Management Strategy (1:49)
Lesson 2: Good Information Security Risk Management (4:14)
Context and Purpose (3:08)
Scope and Charter (0:38)
Assets (2:31)
Other Risk Management Goals (2:02)
Roles and Responsibilities (2:51)
Lesson 3: Information Security Risk Management Concepts (6:06)
Technologies (6:39)
Lesson 4: Implementing Risk Management (2:08)
The Risk Management Framework (2:00)
The External Environment (1:48)
The Internal Environment (2:06)
The Risk Management Context (0:47)
Gap Analysis (2:21)
Other Organizational Support (4:09)
Risk Analysis (1:22)
Lesson 5: Risk Assessment (1:19)
NIST Risk Assessment Methodology (3:49)
Aggregated or Cascading Risk (2:54)
Other Risk Assessment Approaches (1:18)
Identification of Risks (1:48)
Threats (1:08)
Vulnerabilities Part1 (2:11)
Vulnerabilities Part2 (4:10)
Risks (1:35)
Analysis of Relevant Risks (1:48)
Risk Analysis (2:29)
Semi -Quantitative Analysis (1:51)
Quantitative Analysis Example (4:14)
Evaluation of Risks (0:46)
Risk Treatment Options (4:39)
Impact (2:59)
Lesson 6: Controls Countermeasures (0:25)
Controls (4:43)
Residual Risk (3:38)
Information Resource Valuation (1:33)
Methods of Valuing Assets (1:36)
Information Asset Classification (3:32)
Determining Classification (2:05)
Impact Part1 (3:53)
Impact Part2 (1:03)
Lesson 7: Recovery Time Objectives (0:49)
Recovery Point Objectives (4:18)
Service Delivery Objectives (1:58)
Third-Party Service Providers (1:43)
Working with Lifecycle Processes (2:08)
IT System Development (2:11)
Project Management Part1 (0:46)
Project Management Part2 (2:10)
Lesson 8: Risk Monitoring and Communication (1:17)
Risk Monitoring and Communication (0:38)
Other Communications (1:25)
Section Review (1:01)
Review Questions
Information Security Program Development
Who is this course for?
Requirements
Career path
Questions and answers
Currently there are no Q&As for this course. Be the first to ask a question.
Reviews
Currently there are no reviews for this course. Be the first to leave a review.
Add to basket or enquire
Course provided by
Legal information
This course is advertised on reed.co.uk by the Course Provider, whose terms and conditions apply. Purchases are made directly from the Course Provider, and as such, content and materials are supplied by the Course Provider directly. Reed is acting as agent and not reseller in relation to this course. Reed's only responsibility is to facilitate your payment for the course. It is your responsibility to review and agree to the Course Provider's terms and conditions and satisfy yourself as to the suitability of the course you intend to purchase. Reed will not have any responsibility for the content of the course and/or associated materials.
