Certified Information Security Manager (CISM) Course Overview

Similar documents
CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Certified Information Systems Auditor (CISA)

CISM Certified Information Security Manager

FDIC InTREx What Documentation Are You Expected to Have?

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Threat and Vulnerability Assessment Tool

Cybersecurity Auditing in an Unsecure World

Application for Certification

Predstavenie štandardu ISO/IEC 27005

The Common Controls Framework BY ADOBE

CISA Training.

CISM QAE ITEM DEVELOPMENT GUIDE

Information Technology General Control Review

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

COURSE BROCHURE CISA TRAINING

ITIL Managing Across the Lifecycle Course

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Healthcare Security Success Story

Information Security Risk Strategies. By

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

The ITIL Foundation Examination

Manchester Metropolitan University Information Security Strategy

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Risk Management in Electronic Banking: Concepts and Best Practices

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

CISM ITEM DEVELOPMENT GUIDE

Rethinking Information Security Risk Management CRM002

Compliance: How to Manage (Lame) Audit Recommendations

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Designing and Building a Cybersecurity Program

Sizing and Implementing ISO/IEC in Controlled Environments

CCISO Blueprint v1. EC-Council

Structuring Security for Success

Introduction to ISO/IEC 27001:2005

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Session ID: CISO-W22 Session Classification: General Interest

ITG. Information Security Management System Manual

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Information Technology Branch Organization of Cyber Security Technical Standard

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Incident Response. Is Your CSIRT Program Ready for the 21 st Century?

E-guide Getting your CISSP Certification

SDLC Maturity Models

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Solutions Technology, Inc. (STI) Corporate Capability Brief

Continuous protection to reduce risk and maintain production availability

Information Technology Security Plan Policy, Control, and Procedures Manual Detect: Anomalies and Events

John Snare Chair Standards Australia Committee IT/12/4

locuz.com SOC Services

Program Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

NERC Staff Organization Chart

Security Metrics Framework

Advent IM Ltd ISO/IEC 27001:2013 vs

Exam Requirements v4.1

Building a Resilient Security Posture for Effective Breach Prevention

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

Security Incident Management in Microsoft Dynamics 365

Mohammad Shahadat Hossain

ISO & ISO & ISO Cloud Documentation Toolkit

Sirius Security Overview

Position Description IT Auditor

Consolidation Committee Final Report

Oracle Data Cloud ( ODC ) Inbound Security Policies

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Disaster Recovery and Business Continuity Planning (Mile2)

SECURITY & PRIVACY DOCUMENTATION

BRING EXPERT TRAINING TO YOUR WORKPLACE.

NERC Staff Organization Chart Budget 2019

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Corporate Information Security Policy

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Digital Service Management (DSM)

NERC Staff Organization Chart Budget

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Cyber Criminal Methods & Prevention Techniques. By

Implementing IT Governance

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Effective COBIT Learning Solutions Information package Corporate customers

TEL2813/IS2820 Security Management

01.0 Policy Responsibilities and Oversight

BCM Program Development

LESSONS LEARNED IN SMART GRID CYBER SECURITY

NERC Staff Organization Chart Budget 2018

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Transcription:

Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development, and information security incident management. Course Introduction Course Introduction 3m Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security Governance Overview Importance of Information Security Governance Outcomes of Information Security Governance Lesson 2: Effective Information Security Governance Business Goals and Objectives Roles and Responsibilities of Senior Management Governance, Risk Management and Compliance Business Model for Information Security Dynamic Interconnections Lesson 3: Information Security Concepts and Information Security Concepts and Lesson 4: Information Security Manager Responsibilities Senior Management Commitment Obtaining Senior Management Commitment Establishing Reporting and Communication Channels Lesson 5: Scope and Charter of Information Security Governance Assurance Process Integration and Convergence Convergence Governance and Third-Party Relationships Lesson 6: Information Security Governance Metrics Metrics Effective Security Metrics Security Implementation Metrics Strategic Alignment Risk Management Value Delivery Resource Management Performance Measurement Assurance Process Integration/Convergence Lesson 7: Information Security Strategy Overview Another View of Strategy 3h 48m

Lesson 8: Creating Information Security Strategy Information Security Strategy Common Pitfalls Objectives of the Information Security Strategy What is the Goal? Defining Objectives Business Linkages Business Case Development Business Case Objectives The Desired State COBIT COBIT Controls COBIT Framework Capability Maturity Model Balanced Scorecard Architectural Approaches ISO/IEC 27001 and 27002 Risk Objectives Lesson 9: Determining Current State Of Security Current Risk BIA Lesson 10: Information Security Strategy Development Elements of a Strategy The Roadmap Strategy Resources and Constraints Lesson 11: Strategy Resources Policies and Standards Definitions Enterprise Information Security Architectures Controls Countermeasures Personnel Organizational Structure Employee Roles and Responsibilities Skills Audits Compliance Enforcement Threat Assessment Vulnerability Assessment Risk Assessment Insurance Business Impact Assessment Outsourced Security Providers Lesson 12: Strategy Constraints Legal and Regulatory Requirements Physical Constraints The Security Strategy Lesson 13: Action Plan to Implement Strategy

Policy Development Standards Development Training and Awareness Action Plan Metrics General Metric Considerations CMM4 Statements Objectives for CMM4 Domain 01 Review Domain 02 - Information Risk Management Lesson 1: Risk Management Overview Types of Risk Analysis The Importance of Risk Management Risk Management Outcomes Risk Management Strategy Lesson 2: Good Information Security Risk Management Context and Purpose Scope and Charter Assets Other Risk Management Goals Roles and Responsibilities Lesson 3: Information Security Risk Management Concepts Lesson 4: Implementing Risk Management The Risk Management Framework The External Environment The Internal Environment The Risk Management Context Other Organizational Support Risk Analysis Lesson 5: Risk Assessment NIST Risk Assessment Methodology Aggregated or Cascading Risk Other Risk Assessment Approaches Identification of Risks Threats Vulnerabilities Risks Analysis of Relevant Risks Risk Analysis Semi-Quantitative Analysis Quantitative Analysis Example Evaluation of Risks Risk Treatment Options Impact Lesson 6: Controls Countermeasures Controls Residual Risk Information Resource Valuation 2h 25m

Methods of Valuing Assets Information Asset Classification Determining Classification Impact Lesson 7: Recovery Time Objectives Recovery Point Objectives Service Delivery Objectives Third-Party Service Providers Working with Lifecycle Processes IT System Development Project Management Lesson 8: Risk Monitoring and Communication Risk Monitoring and Communication Other Communications Domain 02 Review Domain 03 - Information Security Program Development Lesson 1: Development of Information Security Program Importance of the Program Outcomes of Security Program Development Effective Information Security Program Development Lesson 2: Information Security Program Objectives Program Objectives Defining Objectives Cross Organizational Responsibilities Lesson 3: Information Security Program Development Concepts Technology Resources Information Security Manager Lesson 4: Scope and Charter of Information Security Program Development Assurance Function Integration Challenges in Developing Information Security Program Pitfalls Objectives of the Security Program Program Goals The Steps of the Security Program Defining the Roadmap Elements of the Roadmap Lesson 5: Information Security Management Framework Security Management Framework COBIT 5 ISO/IEC 27001 Lesson 6: Information Security Framework Components Operational Components Management Components Administrative Components Educational and Informational Components Lesson 7: Information Security Program Resources Resources Documentation 4h 9m

Enterprise Architecture Controls as Strategy Implementation Resources Common Control Practices Countermeasures Personnel Security Awareness Awareness Topics Formal Audits Compliance Enforcement Project Risk Analysis Other Actions Other Organizational Support Program Budgeting Lesson 8: Implementing an Information Security Program Policy Compliance Standards Compliance Training and Education ISACA Control Objectives Third-party Service Providers Integration into Lifecycle Processes Monitoring and Communication Documentation The Plan of Action Lesson 9: Information Infrastructure and Architecture Managing Complexity Objectives of Information Security Architectures Physical and Environmental Controls Lesson 10: Information Security Program Information Security Program Deployment Metrics Metrics Strategic Alignment Risk Management Value Delivery Resource Management Assurance Process Integration Performance Measurement Security Baselines Lesson 11: Security Program Services and Operational Activities IS Liaison Responsibilities Cross-Organizational Responsibilities Security Reviews and Audits Management of Security Technology Due Diligence Compliance Monitoring and Enforcement Assessment of Risk and Impact Outsourcing and Service Providers Cloud Computing Integration with IT Processes Domain 03 Review

Domain 04 - Information Security Incident Management Lesson 1: Incident Management Overview Incident Management Overview Types of Events Goals of Incident Management Lesson 2: Incident Response Procedures Incident Response Procedures Importance of Incident Management Outcomes of Incident Management Incident Management Concepts Incident Management Systems Lesson 3: Incident Management Organization Incident Management Organization Responsibilities Senior Management Commitment Lesson 4: Incident Management Resources Policies and Standards Incident Response Technology Concepts Personnel Roles and Responsibilities (enotes) Skills Awareness and Education Audits Lesson 5: Incident Management Objectives Defining Objectives The Desired State Strategic Alignment Other Concerns Lesson 6: Incident Management Metrics and Indicators Implementation of the Security Program Management Management Metrics and Monitoring Other Security Monitoring Efforts Lesson 7: Current State of Incident Response Capability Threats Vulnerabilities Lesson 8: Developing an Incident Response Plan Elements of an Incident Response Plan BIA Escalation Process for Effective IM Help Desk Processes for Identifying Security Incidents Incident Management and Response Teams Organizing, Training, and Equipping the Response Staff Incident Notification Process Challenges in making an Incident Management Plan Lesson 9: BCP/DRP Goals of Recovery Operations Choosing a Site Selection Implementing the Strategy 4h 20m

Incident Management Response Teams Network Service High-availability Storage High-availability Risk Transference Other Response Recovery Plan Options Lesson 10: Testing Response and Recovery Plans Periodic Testing Analyzing Test Results Measuring the Test Results Lesson 11: Executing the Plan Updating the Plan Intrusion Detection Policies Who to Notify about an Incident Recovery Operations Other Recovery Operations Forensic Investigation Hacker / Penetration Methodology Domain 04 Review Course Closure Total Duration: 14h 44m

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback