Certified Information Security Manager (CISM)



Similar documents
How To Teach A Security Manager

(Instructor-led; 3 Days)

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

CISM ITEM DEVELOPMENT GUIDE

Domain 1 The Process of Auditing Information Systems

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

Security Controls What Works. Southside Virginia Community College: Security Awareness

Certified Information Systems Auditor (CISA)

HKITPC Competency Definition

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

Somewhere Today, A Project is Failing

NUMBER: IA-643 CREDIT HOURS: 3 PREREQUISITE: IA

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

Enterprise Security Tactical Plan

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Application for CISM Certification

ITIL v3 Service Manager Bridge

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

CISM Certified Information Security Manager

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

16) INFORMATION SECURITY INCIDENT MANAGEMENT

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

COBIT Helps Organizations Meet Performance and Compliance Requirements

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Taking Information Security Risk Management Beyond Smoke & Mirrors

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

IT Governance. What is it and how to audit it. 21 April 2009

IT Risk & Security Specialist Position Description

Revised October 2013

Program Overview and 2015 Outlook

FFIEC Cybersecurity Assessment Tool

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

EA vs ITSM. itsmf

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Candidate s Guide to the CISM Exam and Certification

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

IT Governance: framework and case study. 22 September 2010

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Information Security Governance:

Cybersecurity The role of Internal Audit

BUSINESS PROCESS MANAGEMENT and IT. Helping Align IT with Business

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

SECURITY. Risk & Compliance Services

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

IT Audit in the Cloud

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

Feature. Developing an Information Security and Risk Management Strategy

The PNC Financial Services Group, Inc. Business Continuity Program

Certified Information Security Manager 2011 Candidate s Guide to the CISM. Exam and Certification

Logging In: Auditing Cybersecurity in an Unsecure World

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

Securing the Microsoft Cloud

Assessing the Effectiveness of a Cybersecurity Program

Information Security Program CHARTER

CISM ITEM DEVELOPMENT GUIDE

Benchmark of controls over IT activities Report. ABC Ltd

ITIL: Planning, Protection & Optimization (PPO) (Revision 1.6)

Intelligence Driven Security

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Ensuring Cloud Security Using Cloud Control Matrix

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

TABLE OF CONTENTS INTRODUCTION... 1

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

In the launch of this series, Information Security Management

CONSULTING IMAGE PLACEHOLDER

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

14 October 2015 ISACA Curaçao Conference By: Paul Helmich

Using QUalysgUard to Meet sox CoMplianCe & it Control objectives

Developing National Frameworks & Engaging the Private Sector

Improving Residual Risk Management Through the Use of Security Metrics

Domain 5 Information Security Governance and Risk Management

Data Governance. Unlocking Value and Controlling Risk. Data Governance.

Enterprise Security Architecture

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

Software Application Control and SDLC

Information security governance has become an essential

Measuring Continuity Planning Program. Performance

CYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Information Security Specialist Training on the Basis of ISO/IEC 27002

PII Compliance Guidelines

Transcription:

Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security Governance Overview Importance of Information Security Governance Outcomes of Information Security Governance Lesson 2: Effective Information Security Governance Business Goals and Objectives Roles and Responsibilities of Senior Management Governance, Risk Management and Compliance Business Model for Information Security Dynamic Interconnections Lesson 3: Information Security Concepts and Information Security Concepts and Lesson 4: Information Security Manager Responsibilities Senior Management Commitment Obtaining Senior Management Commitment Establishing Reporting and Communication Channels Lesson 5: Scope and Charter of Information Security Governance Assurance Process Integration and Convergence Convergence Governance and Third-Party Relationships Lesson 6: Information Security Governance Metrics Metrics Effective Security Metrics Security Implementation Metrics Strategic Alignment Risk Management Value Delivery Resource Management Performance Measurement Assurance Process Integration/Convergence Lesson 7: Information Security Strategy Overview Another View of Strategy Lesson 8: Creating Information Security Strategy Information Security Strategy Common Pitfalls Objectives of the Information Security Strategy What is the Goal? Defining Objectives Business Linkages Business Case Development Business Case Objectives The Desired State COBIT COBIT Controls 3m 3hr 48m

COBIT Framework Capability Maturity Model Balanced Scorecard Architectural Approaches ISO/IEC 27001 and 27002 Risk Objectives Lesson 9: Determining Current State Of Security Current Risk BIA Lesson 10: Information Security Strategy Development Elements of a Strategy The Roadmap Strategy Resources and Constraints Lesson 11: Strategy Resources Policies and Standards Definitions Enterprise Information Security Architectures Controls Countermeasures Personnel Organizational Structure Employee Roles and Responsibilities Skills Audits Compliance Enforcement Threat Assessment Vulnerability Assessment Risk Assessment Insurance Business Impact Assessment Outsourced Security Providers Lesson 12: Strategy Constraints Legal and Regulatory Requirements Physical Constraints The Security Strategy Lesson 13: Action Plan to Implement Strategy Gap Analysis Policy Development Standards Development Training and Awareness Action Plan Metrics General Metric Considerations CMM4 Statements Objectives for CMM4 Domain 01 Review Domain 02 - Information Risk Management Lesson 1: Risk Management Overview Types of Risk Analysis The Importance of Risk Management Risk Management Outcomes Risk Management Strategy Lesson 2: Good Information Security Risk Management Context and Purpose Scope and Charter 2hr 18m

Assets Other Risk Management Goals Roles and Responsibilities Lesson 3: Information Security Risk Management Concepts Lesson 4: Implementing Risk Management The Risk Management Framework The External Environment The Internal Environment The Risk Management Context Risk Analysis Lesson 5: Risk Assessment NIST Risk Assessment Methodology Aggregated or Cascading Risk Other Risk Assessment Approaches Identification of Risks Threats Vulnerabilities Risks Analysis of Relevant Risks Risk Analysis Semi-Quantitative Analysis Quantitative Analysis Example Evaluation of Risks Risk Treatment Options Impact Lesson 6: Controls Countermeasures Controls Residual Risk Information Resource Valuation Methods of Valuing Assets Information Asset Classification Determining Classification Impact Lesson 7: Recovery Time Objectives Recovery Point Objectives Service Delivery Objectives Third-Party Service Providers Working with Lifecycle Processes IT System Development Project Management Lesson 8: Risk Monitoring and Communication Risk Monitoring and Communication Other Communications Domain 02 Review Domain 03 - Information Security Program Development Lesson 1: Development of Information Security Program Importance of the Program Outcomes of Security Program Development Effective Information Security Program Development Cross Organizational Responsibilities Lesson 2: Information Security Program Development Concepts Technology Resources Information Security Manager Lesson 3: Scope and Charter of Information Security Program Development 2hr 50m

Assurance Function Integration Challenges in Developing Information Security Program Pitfalls Objectives of the Security Program Program Goals The Steps of the Security Program Defining the Roadmap Elements of the Roadmap Gap Analysis Lesson 4: Information Security Program Resources Resources Documentation Enterprise Architecture Controls as Strategy Implementation Resources Common Control Practices Countermeasures Personnel Security Awareness Awareness Topics Formal Audits Compliance Enforcement Project Risk Analysis Other Actions Other Organizational Support Program Budgeting Lesson 5: Implementing an Information Security Program Policy Compliance Standards Compliance Training and Education ISACA Control Objectives Third-party Service Providers Integration into Lifecycle Processes Monitoring and Communication Documentation The Plan of Action Lesson 6: Information Infrastructure and Architecture Managing Complexity Objectives of Information Security Architectures Physical and Environmental Controls Lesson 7: Information Security Program Information Security Program Deployment Metrics Metrics Strategic Alignment Risk Management Value Delivery Resource Management Assurance Process Integration Performance Measurement Security Baselines Domain 03 Review Domain 04 - Information Security Program Management Lesson 1: Information Security Management Overview Importance of Security Management Outcomes of Effective Security Management 2hr 22m

Risk Management Value Delivery Business Process Assurance Lesson 2: Organizational Roles and Responsibilities Information Security Manager Responsibilities Risk Management Responsibilities Technology Competencies Management and Administrative Responsibilities Board of Directors Executive Management Security Steering Committee Information Technology Unit Business Unit Manager Other Business Units Lesson 3: The Framework for Information Security Management Technical Components Operational Components of Security Management Components of Security The Administration Components of Security Other Components Lesson 4: Measuring Performance Measuring Risk and Loss Metrics for Organizational Objectives Determining Compliance Measuring Productivity Other Metrics Lesson 5: Challenges Facing Information Security What Is the State of Security Management The State of Information Security Management Lesson 6: Resources Control Best Practices Control Countermeasures Other Control Countermeasures Lesson 7: Other Management Considerations Implementation of the Security Program Management Management Metrics and Monitoring Other Security Monitoring Efforts The Lifecycle Process Other Aspects of Monitoring What Should Be Done About Noncompliance Issues Domain 04 Review Domain 05 - Incident Management and Response Lesson 1: Responding to the Incident Overview Responding to the Incident Overview Response and Management Incident Response Planning Importance of Incident Response Outcomes of the IRP Lesson 2: Incident Management Concepts Software Engineering Institute Definitions of Incident Response Incident Management Charter Lesson 3: The Incident Response Manager The Objectives of Incident Management Monitoring and Measuring Incident Management 2hr 57m

Alignment Integration Other Incident Management Considerations Lesson 4: What Are Good Incident Management Procedures The Difficulties of Creating an Incident Management Plan Lesson 5: Resources for Incident Management Human Resources Incident Response Team Organization IRT Roles and Responsibilities IRT Roles IRT Skills BIA IRT Capability Combining the BIA with the IRT Creating the Incident Response Plan Response and Recovery Plans Goals of Recovery Operations Choosing a Site Selection Implementing the Strategy Incident Management Response Teams Network Service High-availability Storage High-availability Risk Transference Other Response Recovery Plan Options Lesson 6: Testing Response and Recovery Plans Periodic Testing Analyzing Test Results Measuring the Test Results Lesson 7: Executing the Plan Updating the Plan Intrusion Detection Policies Who to Notify about an Incident Recovery Operations Other Recovery Operations Forensic Investigation Hacker / Penetration Methodology Demo - Vulnerability Scan Domain 05 Review Course Closure Total Duration: 14hrs 19m

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information