CISM: Information Security Governance Part 1

Course: 1 Hour, 14 Minutes

• Information Security Strategy Techniques
• Information Security Relationship to Key Factors
• Available InfoSec Governance Frameworks
• Fundamental Concepts of Governance
• Standards, Frameworks, and Best Practices
• Governance Planning, Design, and Implementation
• Integrating into Corporate Governance
• Contributing Factors for InfoSec Development
• Developing Business Cases
• Strategic Budgetary Planning and Reporting
• Exercise: Describe InfoSec Governance

CISM: Information Security Governance Part 2

Course: 1 Hour, 11 Minutes

• Impact of Internal and External Influences
• Commitment from Senior Leadership and Stakeholders
• Senior Leadership and Stakeholder Communication
• Responsibilities of the InfoSec Manager
• Structures, Lines of Authority, and Escalation
• Security Responsibilities of Organizational Staff
• Monitoring Performance of InfoSec Responsibilities
• Establishing Reporting and Communication Channels
• Working with Key Information Security Metrics
• Exercise: Define InfoSec Governance

CISM: Information Risk Management Part 1

Course: 54 Minutes

• The Information Asset Classification Model Assigning Ownership of Information Assets and Risk
• Evaluating Impacts of Events on Information Assets Monitoring Internal and External Risk Factors
• Recognizing Information Asset Valuation Methods Legal, Regulatory, and Organizational
• Requirements Recognizing Information Security Threat Sources Identifying Events Needing Risk
• Reassessment Information Threats, Vulnerabilities, and Exposures Exercise: Define Information
• Risk Management

CISM: Information Risk Management Part 2

Course: 53 Minutes

• Risk Assessment and Analysis Methodologies
• Prioritizing Risk Scenarios and Treatment
• Realizing Risk Reporting Requirements
• Risk Treatment and Response Methodologies
• Comparing Control Baselines and Standards
• Analyzing Information Security Controls and Methods
• Information Security Gap Analysis Techniques
• Risk Management for Business and IT Processes
• Compliance Reporting Requirements and Processes
• Performing Cost Benefit Analysis for Risk Assessment
• Exercise: Define Information Risk Management

CISM: Information Security Program Development and Management Part 1

Course: 53 Minutes

• Aligning Security Programs with Business Functions
• Acquiring and Managing Resource Requirements
• Survey of Current and Emerging Security Technologies
• Designing and Implementing Security Controls
• Applying Information Security Controls and Resources
• Security Standards, Procedures, and Guidelines
• Regulations, Standards, Frameworks, and Practices
• Implementing Information Security Standards
• Exercise: Define Program Development and Control

CISM: Information Security Program Development and Management Part 2

Course: 57 Minutes

• Skills Training for Information Security Personne
• Developing Security Awareness and Training Programs
• Integrating Mandates into Organizational Processes
• Contracts, Agreements and Third-party Management
• Reviewing Third-party Contracts and Agreements
• Implementing Operational Security Metrics
• Testing the Effectiveness of Security Controls
• Communicating Program Status to Key Stakeholders
• Exercise: Describe Program Development & Management

CISM: Information Security Incident Management Part 1

Course: 1 Hour

• Incident Management Concepts and Practices
• Components of an Incident Response Plan
• Map the BCP and DRP to the Incident Response Plan
• Incident Classification and Categorization Methods
• Defining Incident Containment Methods
• Describing Notification and Escalation Processes
• Roles and Responsibilities in Security Incidents
• Incident Response Team Training, Tools and Equipment
• Forensic Requirements for Handling Evidence
• Exercise: Describe Security Incident Management

CISM: Information Security Incident Management Part 2

Course: 1 Hour

• Incident Reporting Requirements and Procedures
• Post-incident Review Practices and Investigations
• Quantifying Damages, Costs and Business Impacts
• Detecting, Logging, Analyzing and Documenting Events
• Classifying Resources for Investigation of Incidents
• Identifying Impact of Changes to the Environment
• Techniques to Test the Incident Response Plan
• Regulatory, Legal and Organization Requirements
• KPIs and Metrics to Evaluate the Response Plan
• Exercise: Define InfoSec s Course Test