Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM)
CISM: Information Risk Management Part 1
CISM: Information Risk Management Part 2
CISM: Information Security Governance Part 1
CISM: Information Security Governance Part 2
CISM: Information Security Incident Management Part 1
CISM: Information Security Incident Management Part 2
CISM: Information Security Program Development and Management Part 1
CISM: Information Security Program Development and Management Part 2

CISM: Information Risk Management Part 1

Course Number:
it_spcesm_03_enus
Lesson Objectives

CISM: Information Risk Management Part 1

  • recognize information asset classification
  • assign ownership of assets and risk
  • evaluate impacts of events on information assets
  • monitor internal and external risk factors
  • recognize information asset valuation methods
  • specify legal, regulatory, and organizational requirements
  • recognize information security threat sources
  • identify events needing risk reassessment
  • define information threats, vulnerabilities, and exposures
  • describe what is involved with information risk management

Overview/Description

Discover how to implement an effective information risk management strategy for your organization, including how to recognize information asset classification, ownership, and threats, vulnerabilities, and exposures.



Target

Prerequisites: none

CISM: Information Risk Management Part 2

Course Number:
it_spcesm_04_enus
Lesson Objectives

CISM: Information Risk Management Part 2

  • identify risk assessment and analysis methodologies
  • prioritize risk scenarios and treatment
  • specify risk reporting requirements
  • apply risk treatment and response methodologies
  • compare control baselines and standards
  • analyze information security controls and methods
  • describe information security gap analysis techniques
  • define risk management for business and IT processes
  • specify compliance reporting requirements and processes
  • perform cost benefit analysis for risk assessment
  • describe information risk management

Overview/Description

Explore risk assessment and analysis methodologies, such as risk treatment, risk response, and gap analysis techniques, that can be used as part of your organization’s risk management strategy.



Target

Prerequisites: none

CISM: Information Security Governance Part 1

Course Number:
it_spcesm_01_enus
Lesson Objectives

CISM: Information Security Governance Part 1

  • identify InfoSec strategy techniques
  • compare InfoSec relationships to key factors
  • describe InfoSec governance frameworks
  • recognize concepts of governance
  • recall standards, frameworks, and best practices
  • define governance planning, design, and implementation
  • work with integrating into corporate governance
  • specify the contributing factors for InfoSec development
  • recognize developing business cases
  • describe strategic budgetary planning and reporting
  • describe InfoSec governance

Overview/Description
Explore the information security strategy techniques and best practices for a governance framework to meet your organizational goals and objectives.

Target

Prerequisites: none

CISM: Information Security Governance Part 2

Course Number:
it_spcesm_02_enus
Lesson Objectives

CISM: Information Security Governance Part 2

  • recognize the impact of internal and external influences
  • obtain commitment from senior leadership and stakeholders by using key information
  • specify the methods and considerations of senior leadership and stakeholder communication
  • define the responsibilities of the InfoSec manager
  • describe the types of organizational structures, lines of authority, and escalation points
  • recognize information security responsibilities of staff across the organization
  • recognize processes to monitor performance of InfoSec responsibilities
  • describe reporting and communication channels
  • work with key information security metrics
  • define InfoSec governance

Overview/Description

Examine the roles and security responsibilities of organizational staff, as well as effective communication and reporting techniques needed as part of an effective security governance framework.



Target

Prerequisites: none

CISM: Information Security Incident Management Part 1

Course Number:
it_spcesm_07_enus
Lesson Objectives

CISM: Information Security Incident Management Part 1

  • describe incident management concepts
  • define components of an incident response plan (IRP)
  • map the BCP and DRP to the IRP
  • specify methods for incident classification and categorization
  • definine incident containment methods
  • describe notification and escalation processes
  • define roles and responsibilities in security Incidents
  • know IRT training, tools and equipment
  • classify forensic requirements for handling evidence
  • describe security incident management

Overview/Description

Explore the fundamentals of security incident management, including methods for classifying incidents, roles, responsibilities, and training for incident response team members, and notification and escalation processes.



Target

Prerequisites: none

CISM: Information Security Incident Management Part 2

Course Number:
it_spcesm_08_enus
Lesson Objectives

CISM: Information Security Incident Management Part 2

  • describe incident reporting requirements and procedures
  • define post-incident review practices and investigations
  • quantify damages, costs and business impacts
  • detect, log, analyze and document events
  • classify resources for investigation of incidents
  • identify impact of changes to the environment
  • know techniques to test the incident response plan
  • specify regulatory, legal and organization requirements
  • define KPIs and metrics to evaluate the response plan
  • define InfoSec security management

Overview/Description
Security incidents can have a huge cost factor on an organization. Examine incident logging, analyzing, and documenting, as well as techniques for responding to and recovering from information security incidents.

Target

Prerequisites: none

CISM: Information Security Program Development and Management Part 1

Course Number:
it_spcesm_05_enus
Lesson Objectives

CISM: Information Security Program Development and Management Part 1

  • align security programs with business functions
  • acquire and manage resource requirements
  • recognize current and emerging security technologies
  • design and implement security controls
  • apply information security controls and resources
  • define security standards, procedures, and guidelines
  • describe regulations, standards, frameworks, and practices
  • implement information security standards
  • describe program development and control

Overview/Description
Create an effective information security program by examining the security technologies available, as well as techniques and best practices involved in meeting security regulations, standards, and guidelines.

Target

Prerequisites: none

CISM: Information Security Program Development and Management Part 2

Course Number:
it_spcesm_06_enus
Lesson Objectives

CISM: Information Security Program Development and Management Part 2

  • describe skills training for information security personnel
  • develop security awareness and training programs
  • integrate mandates into organizational processes
  • define contracts, agreements, and third-parties
  • review third-party contracts and agreements
  • implement operational security metrics
  • testing the effectiveness of security controls
  • communicate program status to key stakeholders
  • describe program development and management

Overview/Description
Information security is only effective if everyone involved is on-board and properly trained. Discover how to develop security awareness and training programs, and how to implement and test the effectiveness of security controls.

Target

Prerequisites: none

Close Chat Live