Cism Content

CISM - Course Content

1. Information Security Governance and Strategy

Introduction:

  • Definition
  • Objective
  • Tasks
  • Overview 

 

Topics:

  • Effective Information Security Governance
  • Key Information Security Concepts and Issues
  • The IS Manager
  • Scope and Charter of Information Security Governance
  • IS Governance Metrics
  • Developing an IS Strategy – Common Pitfalls
  • IS Strategy Objectives
  • Determining Current State of Security
  • Strategy Resources
  • Strategy Constraints
  • Action Plan Immediate Goals
  • Action Plan Intermediate Goals

 

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary


2. Risk Management

Introduction:

  • Definition
  • Objective
  • Tasks
  • Overview

 

Topics:

  • Effective Information Security Risk Management
  • Integration into Life Cycle Processes
  • Implementing Risk Management
  • Risk Identification and Analysis Methods
  • Mitigation Strategies and Prioritisation
  • Reporting Changes to Management

 

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

3. Information Security Programme Management

Introduction:

  • Definition
  • Objective
  • Tasks
  • Overview

 

Topics:

  • Planning
  • Security Baselines
  • Business Processes
  • Infrastructure
  • Malicious Code (Malware)
  • Life Cycles
  • Impact on End Users
  • Accountability
  • Security Metrics
  • Managing Internal and External Resources

 

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

4. Information Security Management

Introduction:

  • Definition
  • Objective
  • Tasks
  • Overview

 

Topics:

  • Implementing Effective Information Security Management
  • Security Controls and Policies
  • Standards and Procedures
  • Trading Partners and Service Providers
  • Security Metrics and Monitoring
  • The Change Management Process
  • Vulnerability Assessments
  • Due Diligence
  • Resolution of Non-Compliance Issues
  • Culture, Behavior and Security Awareness

 

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary

5. Response Management

Introduction:

  • Definition
  • Objective
  • Tasks
  • Overview

 

Topics:

  • Performing a Business Impact Analysis
  • Developing Response and Recovery Plans
  • Incident Response Processes
  • Executing Response and Recovery Plans
  • Documenting Events
  • Post Event Reviews

 

Practice Questions; Review of Practice Questions;
Reference Materials and Glossary