ISACA’s Certified Information Security Manager (CISM) certification indicates expertise in information security governance, program development and management, incident management and risk management. Take your career out of the technical realm to management!
ISACA’s Certified Information Security Manager (CISM) certification indicates expertise in information security governance, program development and management, incident management, and risk management. Take your career out of the technical realm to management!
Course Outline
Domain 1: Information Security Governance
Develop an information security strategy, aligned with business goals and directives.
Establish and maintain an information security governance framework.
Integrate information security governance into corporate governance.
Develop and maintain information security policies.
Develop business cases to support investments in information security.
Identify internal and external influences to the organization.
Gain ongoing commitment from senior leadership and other stakeholders.
Define, communicate and monitor information security responsibilities
Establish internal and external reporting and communication channels.
Domain 2: Information Risk Management
Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information.
Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization.
Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.
Domain 3: Information Security Program Development & Management
Develop a security program, aligned with information security strategy
Ensure alignment between the information security program and other business functions
Establish and maintain requirements for all resources to execute the IS program
Establish and maintain IS architectures to execute the IS program
Develop documentation that ensures compliance with policies
Develop a program for information security awareness and training
Integrate information security requirements into organizational processes
Integrate information security requirements into contracts and activities of third parties
Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program
Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.
Domain 4: Information Security Incident Management
Define (types of) information security incidents
Establish an incident response plan
Develop processes for timely identification of information security incidents
Develop processes to investigate and document information security incidents
Develop incident escalation and communication processes
Establish teams that effectively respond to information security incidents
Test and review the incident response plan
Establish communication plans and processes
Determine the root cause of IS incidents
Align incident response plan with DRP and BCP
Cybercert is one of the leading security and technology training organizations, focusing on a range of cyber security, cloud computing, and project management-related courses. The Cybercert Instructor team consists of experienced and enthusiastic professionals who have many years of industry experience.
We provide professional training and exam preparation for all areas of information technology and cyber security courses. Our learning system is designed to support how learning is done today and evolve to meet advances in technology and individual learning needs.
Cybercert believes cyber security knowledge is the power when fighting against today’s cybercrime. As the leading cybersecurity training company, we empower people to be cyber-safe at work and home and help IT and security professionals achieve their career goals.
It’s our mission to equip all organizations and individuals with the knowledge, skills, and confidence to outsmart cybercrime. We specialize in areas where technologies and security requirements are changing rapidly and the demand for qualified candidates significantly exceeds supply.
Be able to describe the operation and use of different network technologies.
Configure and manage the essential features of Palo Alto Networks® Next Generation firewalls
This course is designed for you as a non-technical end user of computers, mobile devices, networks, and the Internet, to enable you to use technology more securely to minimize digital risks.
This cybersecurity course gives you a holistic perspective on the challenges of designing a secure system, touching on all the roles needed to deliver a cohesive security solution.
Become familiar with the threats and risks that are at our doors from the moment we are connected to a network, on the Web or in connection with social networks.
© 2024 coursetakers.com All Rights Reserved. Terms and Conditions of use | Privacy Policy