CISM Training Course

Highlights

• Help focus on preparation for CISM Certification

• Protecting your resources using access control methods and cryptography

• Planning a secure environment

• Security objectives

• Compliance requirements and standard

• Operational security best practice

• Business continuity techniques

• Prevention and recovery from attack

Course Details

Security and Risk Management

• Aligning security to organisational objectives

  • Employing fundamental security principles

  • Managing security policies, standards and procedures

• Applying risk management concepts

  • Assessing threats and vulnerabilities

  • Performing risk analysis and control

• Preserving the business

  • Adhering to Business Continuity Management Code of Practice and Specifications

  • Performing a business impact analysis

• Investigating legal measures and techniques

  • Reviewing intellectual property, liability and laws

  • Differentiating traditional and computer crime

  • Addressing ethical behaviour and compliance

Security Engineering

• Examining security models and frameworks

  • The Information Security Triad and multi-level models

  • Investigating industry standards: ISO 27001/27002

• Exploring system and component security concepts

  • System design principles, capabilities, and limitations

  • Certification and accreditation criteria and models

• Protecting information by applying cryptography

  • Detailing symmetric and asymmetric encryption systems

  • Ensuring message integrity through hashing

  • Uncovering threats to cryptographic systems

• Safeguarding physical resources

  • Designing environments to resist hostile acts and threats

  • Denying unauthorised access

Asset Security

• Identifying, categorising and prioritising assets

  • Applying security controls to assets

  • Protecting data through proper handling

Communication and Network Security

• Defining a secure network architecture

  • TCP/IP and other protocol models

  • Protecting from network attacks

• Examining secure networks and components

  • Identifying wired and wireless technologies

  • Implementing firewalls, proxies and tunnels

Identity and Access Management

• Controlling access to protect assets

  • Defining administrative, technical and physical controls

  • Implementing centralised and decentralised approaches

  • Investigating biometric and multi-factor authentication

  • Identifying common threats

Security Assessment and Testing

• Designing and conducting security assessment strategies

  • Leveraging the role of testing and auditing to analyse the effectiveness of security controls

  • Differentiating detection and protection systems

• Conducting logging and monitoring activities

  • Distinguishing between the roles of internal and external audits

  • Defining secure account management

Security Operations

• Maintaining operational resilience

  • Managing security services effectively

  • Leveraging and supporting investigations and incident response

  • Differentiating detection and protection systems

• Developing a recovery strategy

  • Designing a disaster recovery plan

  • Implementing test and maintenance processes

Software Development Security

• Securing the software development life cycle

  • Applying software development methods and security controls

  • Highlighting threats: Cross-Site Scripting (XSS), JavaScript attacks and Buffer Overflow

  • Addressing database security concepts and issues

Who Should Attend

Experienced IT and Information Security staff who need to understand the concepts and threats and the impact on their organisations and also need help to prepare for CISM certification