ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Similar documents
ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Certification Exam Outline Effective Date: September 2013

Certification Exam Outline Effective Date: April 2018

Certification Exam Outline Effective Date: April 2015

Certification Exam Outline Effective Date: July 2017

Certification Exam Outline Effective Date: August 1, 2019

Certification Exam Outline Effective Date: November 2018

Certification Exam Outline Effective Date: April 2015

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Certified Information Security Manager (CISM) Course Overview

Application for Certification

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

CCISO Blueprint v1. EC-Council

Certified information Systems Security Professional(CISSP) Bootcamp

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

CISA Training.

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

COURSE BROCHURE CISA TRAINING

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Security and Privacy Governance Program Guidelines

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

WORKSHARE SECURITY OVERVIEW

Solutions Technology, Inc. (STI) Corporate Capability Brief

Information Security Policy

Protecting your data. EY s approach to data privacy and information security

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology General Control Review

CISM QAE ITEM DEVELOPMENT GUIDE

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

E-guide Getting your CISSP Certification

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

HCISPP HealthCare Information Security and Privacy Practitioner

Global Statement of Business Continuity

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

CISM Certified Information Security Manager

The Common Controls Framework BY ADOBE

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Legal, Ethical, and Professional Issues in Information Security

CompTIA Project+ (2009 Edition) Certification Examination Objectives

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

TEL2813/IS2820 Security Management

CISA ITEM DEVELOPMENT GUIDE

Course Outline. CISSP - Certified Information Systems Security Professional

INFORMATION ASSURANCE DIRECTORATE

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

CompTIA Cybersecurity Analyst+

CITY OF MONTEBELLO SYSTEMS MANAGER

PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS. Overview

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Certified Information Systems Auditor (CISA)

We would like to announce to you a number of upcoming changes to the Certified Internal Auditor Exam:

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Fiscal 2015 Activities Review and Plan for Fiscal 2016

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

EU General Data Protection Regulation (GDPR) Achieving compliance

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

GUIDANCE NOTE ON CYBERSECURITY

CISM ITEM DEVELOPMENT GUIDE

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Certified Cyber Security Specialist

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

CIS 444: Computer. Networking. Courses X X X X X X X X X

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Driving Global Resilience

Business continuity management and cyber resiliency

Mohammad Shahadat Hossain

Security Program Design:

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

ROLE DESCRIPTION IT SPECIALIST

WELCOME ISO/IEC 27001:2017 Information Briefing

CERTIFICATION vs. CERTIFICATE

SECURITY & PRIVACY DOCUMENTATION

Level Access Information Security Policy

MNsure Privacy Program Strategic Plan FY

EXAM PREPARATION GUIDE

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

CLOUD GOVERNANCE SPECIALIST Certification

Google Cloud & the General Data Protection Regulation (GDPR)

Security Management Models And Practices Feb 5, 2008

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

ADIENT VENDOR SECURITY STANDARD

Data Security and Privacy Principles IBM Cloud Services

CompTIA CASP (Advanced Security Practitioner)

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Cybersecurity Auditing in an Unsecure World

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Chapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

ISO Implementation

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Transcription:

Certification Exam Outline Effective Date: April 2013

About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing information security programs, and demonstrates management and leadership skills. ISSMPs direct the alignment of security programs with the organization s mission, goals, and strategies in order to meet enterprise financial and operational requirements in support of its desired risk position. The broad spectrum of topics included in the ISSMP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following 5 domains: Security Leadership and Management Security Lifecycle Management Security Compliance Management Contingency Management Law, Ethics and Incident Management Experience Requirements Candidates must be a CISSP in good standing and have 2 years cumulative paid full-time work experience in 1 or more of the 5 domains of the CISSP-ISSMP CBK. Accreditation ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024. Job Task Analysis (JTA) (ISC)² has an obligation to its membership to maintain the relevancy of the ISSMP. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by security professionals who are engaged in the profession defined by the ISSMP. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today s practicing information security professionals. 2

CISSP-ISSMP Examination Information Length of exam Number of questions Question format Passing grade Exam availability Testing center 3 hours 125 Multiple choice 700 out of 1000 points English Pearson VUE Testing Center CISSP-ISSMP Examination Weights Domains Weight 1. Security Leadership and Management 38% 2. Security Lifecycle Management 21% 3. Security Compliance Management 14% 4. Contingency Management 12% 5. Law, Ethics and Incident Management 15% Total: 100% 3

Domain 1: Security Leadership and Management 1.1 Understand Security s Role in the Organization s Culture, Vision and Mission Define information security program vision and mission Align security with organization s goals and objectives Understand business processes and their relationships Describe the relationship between organization culture and security 1.2 Align Security Program with Organizational Governance Understand the organizational governance structure Understand the roles of key stakeholders Recognize sources and boundaries of authorization Define the security governance structure 1.3 Define and Implement Information Security Strategies Identify security requirements from business initiative Evaluate the capacity and capability to implement security strategies Manage implementation of security strategies Review and maintain security strategies 1.4 Manage Data Classification Sensitivity Criticality 1.5 Define and Maintain Security Policy Framework Determine applicable external standards Establish internal policies Garner/build organizational support for policies Direct development of and approve procedures, standards, guidelines and baselines»» Ensure periodic review of security policy framework 4

1.6 Manage Security Requirements in Contracts and Agreements Evaluation of service management agreements (e.g., risk, financial) Governance of managed services (e.g., infrastructure, software, platform as a service) Understand impact of organizational change (e.g., mergers and acquisitions, outsourcing, divestitures) Monitor and enforce compliance with contractual agreements 1.7 Develop and Maintain a Risk Management Program Understand enterprise risk management objectives Evaluate risk assessment results Communicate security business risk to management Determine and manage the appropriate countermeasures and make recommendations Obtain management acceptance and support of residual risk 1.8 Manage Security Aspects of Change Control Integrate security requirements with change control process Identify stakeholders Oversee documentation and tracking Assure policy compliance 1.9 Oversee Security Awareness and Training Programs Promote security programs to key stakeholders Identify training needs by target segment Monitor and report on effectiveness of security awareness and training programs 1.10 Define, Measure, and Report Security Metrics Identify KPIs Relate KPIs to the risk position of the organization Use metrics to drive security program development 1.11 Prepare, Obtain, and Administer Security Budget Manage and report financial responsibilities Prepare and secure annual budget Understand economic environment 5

1.12 Manage the Security Organization (e.g., define roles and responsibilities, determine FTEs, performance evaluation) 1.13 Understand Project Management Principles (e.g., time, scope, and cost relationship, work breakdown structure) 6

Domain 2: Security Lifecycle Management 2.1 Manage the Integration of Security into the System Development Lifecycle (SDLC) Identify lifecycle processes within the organization Integrate information security gates (decision points) and milestones into lifecycle Monitor compliance with the lifecycle Oversee the configuration management process 2.2 Integrate New Business Initiatives into the Security Architecture Participate in development of business case for new initiatives to integrate security Address impact of new business initiatives on security (e.g., cloud, big data) 2.3 Define and Oversee Comprehensive Vulnerability Management Programs (e.g., vulnerability scanning, penetration testing, threat analysis) Classify assets, systems, and services based on criticality to business Prioritize threats and vulnerabilities Oversee security testing Remediate vulnerabilities based on risk 7

Domain 3: Security Compliance Management 3.1 Validate Compliance with Organizational Security Policies and Procedures Define a compliance framework Implement validation procedures outlined in framework Utilize and report on security compliance metrics 3.2 Manage and Document Exceptions to the Compliance Framework 3.3 Coordinate with Auditors and Assist with the Internal and External Audit Process Preparation Scheduling (e.g., availability, mitigation timeline) Evaluation (e.g., validate findings, assess impact, provide comments, and resolution) Formulate response 8

Domain 4: Contingency Management 4.1 Oversee Development of Contingency Plans Address challenges related to the business continuity process (e.g., time, resources, verification) Address challenges related to the disaster recovery process (time, resources, verification) Coordinate with key stakeholders Understand organizational drivers and policies Oversee Business Impact Analysis (BIA) process 4.2 Guide Development of Recovery Strategies Identify and analyze alternatives Recommend and coordinate strategies Assign security roles and responsibilities 4.3 Manage Maintenance of the BCP and DRP plans (e.g., lessons learned, architecture changes) Plan testing, evaluation, and modification Determine survivability and resiliency capabilities Manage recovery process 9

Domain 5: Law, Ethics and Incident Management 5.1 Understand the Impact of Laws that Relate to Information Security Understand global privacy laws (e.g. customer, employee) Understand legal footprint of the organization (e.g., trans border data flow) Understand export laws Understand intellectual property laws (e.g., trademark, copyright, patent, licensing) Manage liability (e.g., downstream and upstream/direct and indirect) 5.2 Develop and Manage the Incident Handling and Investigation Processes Establish and maintain incident handling process Establish and maintain investigation process Quantify and report the financial impact of incidents and investigations to senior management 5.3 Understand Management Issues as They Relate to the (ISC)² Code of Ethics 10

Additional Examination Information Supplementary References Candidates are encouraged to supplement their education and experience by reviewing relevant resources that pertain to the CBK and identifying areas of study that may need additional attention. View the full list of supplementary references at www.isc2.org/certifications/references. Examination Policies and Procedures (ISC)² recommends that ISSMP candidates review exam policies and procedures prior to registering for the examination. Read the comprehensive breakdown of this important information at www.isc2.org/register-for-exam. Legal Info For any questions related to (ISC)² s legal policies, please contact the (ISC) 2 Legal Department at legal@isc2.org. Any Questions? (ISC)² Candidate Services 311 Park Place Blvd, Suite 400 Clearwater, FL 33759 (ISC)² Americas Tel: +1.727.785.0189 Email: info@isc2.org (ISC)² Asia Pacific Tel: +(852) 28506951 Email: isc2asia@isc2.org (ISC)² EMEA Tel: +44 (0)203 300 1625 Email: info-emea@isc2.org ISSMP Certification v817 Exam Outline 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback