Certified Information Security Manager (CISM)


Add to wishlist

    IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace. This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. This course trains students for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

    Another key course offered by ITU Online that prepares you for a ISACA certification is our Certified Information Systems Auditor (CISA)

    For more information on this certification, visit the ISACA Official Certification site.

    Course Syllabus

    Domain 1: Information Security Governance

    1. CISM Introduction
    2. Information Security
    3. Business Goals, Objectives, and Functions
    4. Business Goals and Information Security
    5. Information Security Threats
    6. Information Security Management
    7. Identity Management
    8. Data Protection
    9. Network Security
    10. Personnel Security
    11. Facility Security
    12. Security Compliance and Standards
    13. Information Security Strategy
    14. Inputs and Outputs of the Informtion Security Strategy
    15. Processes in an Information Security Strategy
    16. People in an Information Security Strategy
    17. Technologies in an Indormation Security Strategy
    18. Logical and Physical Information Security Strategy Architectures
    19. Information Security and Business Functions
    20. Information Security Policies and Enterprise Objectives
    21. International Standards for the Security Management
    22. ISO/IEC 27000 Standards
    23. International Info Government Standards
    24. Information Security Government Standards in the United States
    25. Methods of Coordinating Information Security Activites
    26. How to Develop an Information Security Strategy
    27. Information Security Governance
    28. Role of the Security in Governance
    29. Scope of Information Security Governance
    30. Charter of Information Security Governance
    31. Information Security Governance and Enterprise Governance
    32. How to Align Information Security Strategy with Corporate Governance
    33. Regulatory Requirements and Information Security
    34. Business Impact of Regulatory Requirements
    35. Liability Management
    36. Liability Management Strategies
    37. How to Identify Legal and Regulatory Requirements
    38. Business Case Development
    39. Budgetary Reporting Methods
    40. Budgetary Planning Strategy
    41. How to Justify Investment in Info Security
    42. Organizational Drivers
    43. Impact of Drivers on Info Security
    44. Third Party Relationships
    45. How to Identify Drivers Affecting the Organization
    46. Purpose of Obtaining Commitment to Info Security
    47. Methods for Obtaining Commitment
    48. ISSG
    49. ISSG Roles and Responsibilities
    50. ISSG Operation
    51. How to Obtain Senior Management’s Commitment to Info Security
    52. Info Security Management Roles and Responsibilities
    53. How to Define Roles and Responsibilities for Info Security
    54. The Need for Reporting and Communicating
    55. Methods for Reporting in an Organization
    56. Methods of Communication in an Organization
    57. How to Establish Reporting and Communicating Channels

    Domain 2: Risk Management

    1. Risk
    2. Risk Assessment
    3. Info Threat Types
    4. Info Vulnerabilities
    5. Common Points of Exposure
    6. Info Security Controls
    7. Types of Info Security Controls
    8. Common Info Security Countermeasures
    9. Overview of the Risk Assessment Process
    10. Factors Used in Risk Assessment and Analysis
    11. Risk Assessment Methodologies
    12. Quantitative Risk Assessment – Part 1
    13. Quantitative Risk Assessment – Part 2
    14. Qualitative Risk Assessment
    15. Hybrid Risk Assessment
    16. Best Practices for Info Security Management
    17. Gap Analysis
    18. How to Implement an Info Risk Assessment Process
    19. Info Classification Schemas
    20. Components of Info Classification Schemas
    21. Info Ownership Schemas
    22. Components of Info Ownership Schemas
    23. Info Resource Valuation
    24. Valuation Methodologies
    25. How to Determine Info Asset Classification and Ownership
    26. Baseline Modeling
    27. Control Requirements
    28. Baseline Modeling and Risk Based Assessment of Control Requirements
    29. How to Conduct Ongoing Threat and Vulnerability Evaluations
    30. BIA’s
    31. BIA Methods
    32. Factors for Determining Info Resource Sensitivity and Critically
    33. Impact of Adverse Events
    34. How to Conduct Periodic BIA’s
    35. Methods for Measuring Effectiveness of Controls and Countermeasures
    36. Risk Mitigation
    37. Risk Mitigation Strategies
    38. Effect of Implementing Risk Mitigation Strategies
    39. Acceptable Levels of Risk
    40. Cost Benefit Analysis
    41. How to Identify and Evaluate Risk Mitigation Strategies
    42. Life Cycle Processes
    43. Life Cycle-Based Risk Management
    44. Risk Management Life Cycle
    45. Business Life Cycle Processes Affected by Risk Management
    46. Life Cycled-Based Risk Management Principles and Practices
    47. How to Integrate Risk Management Into Business Life Cycle Processes
    48. Significant Changes
    49. Risk Management Process
    50. Risk Reporting Methods
    51. Components of Risk Reports
    52. How to Report Changes in Info Risk

    Domain 3: Information Security Program

    1. Info Security Strategies
    2. Common Info Security Strategies
    3. Info Security Implementation Plans
    4. Conversation of Strategies Into Implementation Plans
    5. Info Security Programs
    6. Info Security Program Maintenance
    7. Methods for Maintaining an Info Security Program
    8. Succession Planning
    9. Allocation of Jobs
    10. Program Documentation
    11. How to Develop Plans to Implement an Info Security Strategy
    12. Security Technologies and Controls
    13. Cryptographic Techniques
    14. Symmetric Cryptography
    15. Public Key Cryptography
    16. Hashes
    17. Access Control
    18. Access Control Categories
    19. Physical Access Controls
    20. Technical Access Controls
    21. Administrative Access Controls
    22. Monitoring Tools
    23. IDS’s
    24. Anti-Virus Systems
    25. Policy-Compliance Systems
    26. Common Activities Required in Info Security Programs
    27. Prerequisites for Implementing the Program
    28. Implementation Plan Management
    29. Types of Security Controls
    30. Info Security Controls Development
    31. How to Specify info Security Program Activities
    32. Business Assurance Function
    33. Common Business Assurance Functions
    34. Methods for Aligning info Security Programs with Business Assurance Functions
    35. How to Coordinate Info Security Programs with Business Assurance Functions
    36. SLA’s
    37. Internal Resources
    38. External Resources
    39. Services Provided by External Resources – Part 1
    40. Services Provided by External Resources – Part 2
    41. Skills Commonly Required for Info Security Program Implementation
    42. Dentification of Resources and Skills Required for a Particular Implementation
    43. Resource Acquisition Methods
    44. Skills Acquisition Methods
    45. How to Identify Resources Needed for Info Security Program Implementation
    46. Info Security Architectures
    47. The SABSA Model for Security Architecture
    48. Deployment Considerations
    49. Deployment of Info Security Architectures
    50. How to Develop Info Security Architecture
    51. Info Security Policies
    52. Components of Info Security Policies
    53. Info Security Policies and the Info Security Strategy
    54. Info Security Policies and Enterprise Business Objectives
    55. Info Security Policy Development Factors
    56. Methods for Communicating Info Security Policies
    57. Info Security Policy Maintenance
    58. How to Develop Info Security Policies
    59. Info Security Awareness Program, Training Programs, and Education Programs
    60. Security Awareness, Training, and Education Gap Analysis
    61. Methods for Closing the Security Awareness, Training, and Education Gaps
    62. Security-Based Cultures and Behaviors
    63. Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
    64. How to Develop Info Security Awareness, Training, and Education Programs
    65. Supporting Documentation for Info Security Policies
    66. Standards, Procedures, Guidelines, and Baselines
    67. Codes of Conduct
    68. NDA’s
    69. Methods for Developing Supporting Documentation
    70. Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
    71. Methods for Maintaining Supporting Documentation
    72. C and A
    73. C and A Programs
    74. How to Develop Supporting Documentation for Info Security Policies

    Domain 4: Information Security Program Implementation

    1. Enterprise Business Objectives
    2. Integrating Enterprise Business Objectives & Info Security Policies
    3. Organizational Processes
    4. Change Control
    5. Merges & Acquisitions
    6. Organizational Processes & Info Security Policies
    7. Methods for Integrating Info Security Policies & Organizational Processes
    8. Life Cycle Methodologies
    9. Types of Life Cycle Methodologies
    10. How to Integrate Info Security Requirements Into Organizational Processes
    11. Types of Contracts Affected by Info Security Programs
    12. Joint Ventures
    13. Outsourced Provides & Info Security
    14. Business Partners & Info Security
    15. Customers & Info Security
    16. Third Party & Info Security
    17. Risk Management
    18. Risk Management Methods & Techniques for Third Parties
    19. SLA’s & Info Security
    20. Contracts & Info Security
    21. Due Diligence & Info Security
    22. Suppliers & Info Security
    23. Subcontractors & Info Security
    24. How to Integrate Info Security Controls Into Contracts
    25. Info Security Metrics
    26. Types of Metrics Commonly Used for Info Security
    27. Metric Design, Development & Implementation
    28. Goals of Evaluating Info Security Controls
    29. Methods of Evaluating Info Security Controls
    30. Vulnerability Testing
    31. Types of Vulnerability Testing
    32. Effects of Vulnerability Assessment & Testing
    33. Vulnerability Correction
    34. Commercial Assessment Tools
    35. Goals of Tracking Info Security Awareness, Training, & Education Programs
    36. Methods for Tracking Info Security Awareness, Training, & Education Programs
    37. Evaluation of Training Effectiveness & Relevance
    38. How to Create Info Security Program Evaluation Metrics

    Domain 5: Information Security Program Management

    1. Management Metrics
    2. Types of Management Metrics
    3. Data Collection
    4. Periodic Reviews
    5. Monitoring Approaches
    6. KPI’s
    7. Types of Measurements
    8. Other Measurements
    9. Info Security Reviews

    Domain 6: Incident Management and Response

    1. Management Metrics
    2. Types of Management Metrics
    3. Data Collection
    4. Periodic Reviews
    5. Monitoring Approaches
    6. KPI’s
    7. Types of Measurements
    8. Other Measurements
    9. Info Security Reviews
    10. The Role of Assurance Providers
    11. Comparing Internal and External Assurance Providers
    12. Line Management Technique
    13. Budgeting
    14. Staff Management
    15. Facilities
    16. How to Manage Info Security Program Resources
    17. Security Policies
    18. Security Policy Components
    19. Implementation of Info Security Policies
    20. Administrative Processes and Procedures
    21. Access Control Types
    22. ACM
    23. Access Security Policy Principles
    24. Identity Management and Compliance
    25. Authentication Factors
    26. Remote Access
    27. User Registration
    28. Procurement
    29. How to Enforce Policy and Standards Compliance
    30. Types of Third Party Relationships
    31. Methods for Managing Info Security Regarding Third Parties
    32. Security Service Providers
    33. Third Party Contract Provisions
    34. Methods to Define Security Requirements in SLA’s, Security Provisions and SLA’s, and Methods to Monitor Security
    35. How to Enforce Contractual Info Security Controls
    36. SDLC
    37. Code Development
    38. Common Techniques for Security Enforcement
    39. How to Enforce Info Security During Systems Development
    40. Maintenance
    41. Methods of Monitoring Security Activities
    42. Impact of Change and Configuration Management Activities
    43. How to Maintain Info Security Within an Organization
    44. Due Diligence Activities
    45. Types of Due Diligence Activities
    46. Reviews of Info Access
    47. Standards of Managing and Controlling Info Access
    48. How to Provide Info Security Advice and Guidance
    49. Info Security Awareness
    50. Types of Info Security Stakeholders
    51. Methods of Stakeholder Education
    52. Security Stakeholder Education Process
    53. How to Provide Info Security Awareness and Training
    54. Methods of Testing the Effectiveness of Info Security Control
    55. The Penetration Testing Process
    56. Types of Penetration Testing
    57. Password Cracking
    58. Social Engineering Attacks
    59. Social Engineering Types
    60. External Vulnerability Reporting Sources
    61. Regulatory Reporting Requirements
    62. Internal Reporting Requirements
    63. How to Analyze the Effectiveness of Info Security Controls
    64. Noncompliance Issues
    65. Security Baselines
    66. Events Affecting the Security Baseline
    67. Info Security Problem Management Process
    68. How to Resolve Noncompliance Issues


    There are no reviews yet.

    Be the first to review “Certified Information Security Manager (CISM)”

    Your email address will not be published. Required fields are marked *