Course Description

IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace. This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. This course trains students for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

Another key course offered by ITU Online that prepares you for a ISACA certification is our Certified Information Systems Auditor (CISA)

For more information on this certification, visit the ISACA Official Certification site.

Certified Information Security Manager (CISM)

Additional information

12 Hours 38 Minutes

298 Course Videos

94 Prep Questions

Course Videos

This course contains the following modules and videos. Click the down arror to view video details.

Domain 1: Information Security Governance
  • CISM Introduction
  • Information Security
  • Business Goals, Objectives, and Functions
  • Business Goals and Information Security
  • Information Security Threats
  • Information Security Management
  • Identity Management
  • Data Protection
  • Network Security
  • Personnel Security
  • Facility Security
  • Security Compliance and Standards
  • Information Security Strategy
  • Inputs and Outputs of the Informtion Security Strategy
  • Processes in an Information Security Strategy
  • People in an Information Security Strategy
  • Technologies in an Indormation Security Strategy
  • Logical and Physical Information Security Strategy Architectures
  • Information Security and Business Functions
  • Information Security Policies and Enterprise Objectives
  • International Standards for the Security Management
  • ISO/IEC 27000 Standards
  • International Info Government Standards
  • Information Security Government Standards in the United States
  • Methods of Coordinating Information Security Activites
  • How to Develop an Information Security Strategy
  • Information Security Governance
  • Role of the Security in Governance
  • Scope of Information Security Governance
  • Charter of Information Security Governance
  • Information Security Governance and Enterprise Governance
  • How to Align Information Security Strategy with Corporate Governance
  • Regulatory Requirements and Information Security
  • Business Impact of Regulatory Requirements
  • Liability Management
  • Liability Management Strategies
  • How to Identify Legal and Regulatory Requirements
  • Business Case Development
  • Budgetary Reporting Methods
  • Budgetary Planning Strategy
  • How to Justify Investment in Info Security
  • Organizational Drivers
  • Impact of Drivers on Info Security
  • Third Party Relationships
  • How to Identify Drivers Affecting the Organization
  • Purpose of Obtaining Commitment to Info Security
  • Methods for Obtaining Commitment
  • ISSG
  • ISSG Roles and Responsibilities
  • ISSG Operation
  • How to Obtain Senior Management's Commitment to Info Security
  • Info Security Management Roles and Responsibilities
  • How to Define Roles and Responsibilities for Info Security
  • The Need for Reporting and Communicating
  • Methods for Reporting in an Organization
  • Methods of Communication in an Organization
  • How to Establish Reporting and Communicating Channels
Domain 2: Risk Management
  • Risk
  • Risk Assessment
  • Info Threat Types
  • Info Vulnerabilities
  • Common Points of Exposure
  • Info Security Controls
  • Types of Info Security Controls
  • Common Info Security Countermeasures
  • Overview of the Risk Assessment Process
  • Factors Used in Risk Assessment and Analysis
  • Risk Assessment Methodologies
  • Quantitative Risk Assessment - Part 1
  • Quantitative Risk Assessment - Part 2
  • Qualitative Risk Assessment
  • Hybrid Risk Assessment
  • Best Practices for Info Security Management
  • Gap Analysis
  • How to Implement an Info Risk Assessment Process
  • Info Classification Schemas
  • Components of Info Classification Schemas
  • Info Ownership Schemas
  • Components of Info Ownership Schemas
  • Info Resource Valuation
  • Valuation Methodologies
  • How to Determine Info Asset Classification and Ownership
  • Baseline Modeling
  • Control Requirements
  • Baseline Modeling and Risk Based Assessment of Control Requirements
  • How to Conduct Ongoing Threat and Vulnerability Evaluations
  • BIA's
  • BIA Methods
  • Factors for Determining Info Resource Sensitivity and Critically
  • Impact of Adverse Events
  • How to Conduct Periodic BIA's
  • Methods for Measuring Effectiveness of Controls and Countermeasures
  • Risk Mitigation
  • Risk Mitigation Strategies
  • Effect of Implementing Risk Mitigation Strategies
  • Acceptable Levels of Risk
  • Cost Benefit Analysis
  • How to Identify and Evaluate Risk Mitigation Strategies
  • Life Cycle Processes
  • Life Cycle-Based Risk Management
  • Risk Management Life Cycle
  • Business Life Cycle Processes Affected by Risk Management
  • Life Cycled-Based Risk Management Principles and Practices
  • How to Integrate Risk Management Into Business Life Cycle Processes
  • Significant Changes
  • Risk Management Process
  • Risk Reporting Methods
  • Components of Risk Reports
  • How to Report Changes in Info Risk
Domain 3: Information Security Program
  • Info Security Strategies
  • Common Info Security Strategies
  • Info Security Implementation Plans
  • Conversation of Strategies Into Implementation Plans
  • Info Security Programs
  • Info Security Program Maintenance
  • Methods for Maintaining an Info Security Program
  • Succession Planning
  • Allocation of Jobs
  • Program Documentation
  • How to Develop Plans to Implement an Info Security Strategy
  • Security Technologies and Controls
  • Cryptographic Techniques
  • Symmetric Cryptography
  • Public Key Cryptography
  • Hashes
  • Access Control
  • Access Control Categories
  • Physical Access Controls
  • Technical Access Controls
  • Administrative Access Controls
  • Monitoring Tools
  • IDS's
  • Anti-Virus Systems
  • Policy-Compliance Systems
  • Common Activities Required in Info Security Programs
  • Prerequisites for Implementing the Program
  • Implementation Plan Management
  • Types of Security Controls
  • Info Security Controls Development
  • How to Specify info Security Program Activities
  • Business Assurance Function
  • Common Business Assurance Functions
  • Methods for Aligning info Security Programs with Business Assurance Functions
  • How to Coordinate Info Security Programs with Business Assurance Functions
  • SLA's
  • Internal Resources
  • External Resources
  • Services Provided by External Resources - Part 1
  • Services Provided by External Resources - Part 2
  • Skills Commonly Required for Info Security Program Implementation
  • Dentification of Resources and Skills Required for a Particular Implementation
  • Resource Acquisition Methods
  • Skills Acquisition Methods
  • How to Identify Resources Needed for Info Security Program Implementation
  • Info Security Architectures
  • The SABSA Model for Security Architecture
  • Deployment Considerations
  • Deployment of Info Security Architectures
  • How to Develop Info Security Architecture
  • Info Security Policies
  • Components of Info Security Policies
  • Info Security Policies and the Info Security Strategy
  • Info Security Policies and Enterprise Business Objectives
  • Info Security Policy Development Factors
  • Methods for Communicating Info Security Policies
  • Info Security Policy Maintenance
  • How to Develop Info Security Policies
  • Info Security Awareness Program, Training Programs, and Education Programs
  • Security Awareness, Training, and Education Gap Analysis
  • Methods for Closing the Security Awareness, Training, and Education Gaps
  • Security-Based Cultures and Behaviors
  • Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
  • How to Develop Info Security Awareness, Training, and Education Programs
  • Supporting Documentation for Info Security Policies
  • Standards, Procedures, Guidelines, and Baselines
  • Codes of Conduct
  • NDA's
  • Methods for Developing Supporting Documentation
  • Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
  • Methods for Maintaining Supporting Documentation
  • C and A
  • C and A Programs
  • How to Develop Supporting Documentation for Info Security Policies
Domain 4: Information Security Program Implementation
  • Enterprise Business Objectives
  • Integrating Enterprise Business Objectives & Info Security Policies
  • Organizational Processes
  • Change Control
  • Merges & Acquisitions
  • Organizational Processes & Info Security Policies
  • Methods for Integrating Info Security Policies & Organizational Processes
  • Life Cycle Methodologies
  • Types of Life Cycle Methodologies
  • How to Integrate Info Security Requirements Into Organizational Processes
  • Types of Contracts Affected by Info Security Programs
  • Joint Ventures
  • Outsourced Provides & Info Security
  • Business Partners & Info Security
  • Customers & Info Security
  • Third Party & Info Security
  • Risk Management
  • Risk Management Methods & Techniques for Third Parties
  • SLA's & Info Security
  • Contracts & Info Security
  • Due Diligence & Info Security
  • Suppliers & Info Security
  • Subcontractors & Info Security
  • How to Integrate Info Security Controls Into Contracts
  • Info Security Metrics
  • Types of Metrics Commonly Used for Info Security
  • Metric Design, Development & Implementation
  • Goals of Evaluating Info Security Controls
  • Methods of Evaluating Info Security Controls
  • Vulnerability Testing
  • Types of Vulnerability Testing
  • Effects of Vulnerability Assessment & Testing
  • Vulnerability Correction
  • Commercial Assessment Tools
  • Goals of Tracking Info Security Awareness, Training, & Education Programs
  • Methods for Tracking Info Security Awareness, Training, & Education Programs
  • Evaluation of Training Effectiveness & Relevance
  • How to Create Info Security Program Evaluation Metrics
Domain 5: Information Security Program Management
  • Management Metrics
  • Types of Management Metrics
  • Data Collection
  • Periodic Reviews
  • Monitoring Approaches
  • KPI's
  • Types of Measurements
  • Other Measurements
  • Info Security Reviews
Domain 6: Incident Management and Response
  • Management Metrics
  • Types of Management Metrics
  • Data Collection
  • Periodic Reviews
  • Monitoring Approaches
  • KPI's
  • Types of Measurements
  • Other Measurements
  • Info Security Reviews
  • The Role of Assurance Providers
  • Comparing Internal and External Assurance Providers
  • Line Management Technique
  • Budgeting
  • Staff Management
  • Facilities
  • How to Manage Info Security Program Resources
  • Security Policies
  • Security Policy Components
  • Implementation of Info Security Policies
  • Administrative Processes and Procedures
  • Access Control Types
  • ACM
  • Access Security Policy Principles
  • Identity Management and Compliance
  • Authentication Factors
  • Remote Access
  • User Registration
  • Procurement
  • How to Enforce Policy and Standards Compliance
  • Types of Third Party Relationships
  • Methods for Managing Info Security Regarding Third Parties
  • Security Service Providers
  • Third Party Contract Provisions
  • Methods to Define Security Requirements in SLA's, Security Provisions and SLA's, and Methods to Monitor Security
  • How to Enforce Contractual Info Security Controls
  • SDLC
  • Code Development
  • Common Techniques for Security Enforcement
  • How to Enforce Info Security During Systems Development
  • Maintenance
  • Methods of Monitoring Security Activities
  • Impact of Change and Configuration Management Activities
  • How to Maintain Info Security Within an Organization
  • Due Diligence Activities
  • Types of Due Diligence Activities
  • Reviews of Info Access
  • Standards of Managing and Controlling Info Access
  • How to Provide Info Security Advice and Guidance
  • Info Security Awareness
  • Types of Info Security Stakeholders
  • Methods of Stakeholder Education
  • Security Stakeholder Education Process
  • How to Provide Info Security Awareness and Training
  • Methods of Testing the Effectiveness of Info Security Control
  • The Penetration Testing Process
  • Types of Penetration Testing
  • Password Cracking
  • Social Engineering Attacks
  • Social Engineering Types
  • External Vulnerability Reporting Sources
  • Regulatory Reporting Requirements
  • Internal Reporting Requirements
  • How to Analyze the Effectiveness of Info Security Controls
  • Noncompliance Issues
  • Security Baselines
  • Events Affecting the Security Baseline
  • Info Security Problem Management Process
  • How to Resolve Noncompliance Issues
Certified Information Security Manager (CISM)

Instructor Led Courses

All ITU Courses replicate a live class experience with an instructor on screen delivering the course's theories and concepts.

These lectures are pre-recorded and available to the user 24/7. They can be repeated, rewound, fast-forwarded.

Certified Information Security Manager (CISM)

Visual Demonstrations, Educational Games & Flashcards

ITU recognizes that all students do not learn alike and different delivery mediums are needed in order to achieve success for a large student base. With that in mind, we deliver our content in a variety of different ways to ensure that students stay engaged and productive throughout their courses.

Certified Information Security Manager (CISM)

Mobile Optimization & Progress Tracking

Our courses are optimized for all mobile devices allowing students to learn on the go whenever they have free time. Students can access their courses from anywhere and their progress is completely tracked and recorded.

Certified Information Security Manager (CISM)

Practice Quizzes and Exams

ITU Online's custom practice exams prepare you for your exams differently and more effectively than the traditional exam preps on the market. Students will have practice quizzes after each module to ensure you are confident on the topic you are learning.

Certified Information Security Manager (CISM)

World Class Learning Management System

ITU provides the next generation learning management system (LMS). An experience that combines the feature set of traditional Learning Management Systems with advanced functionality designed to make learning management easy and online learning engaging from the user’s perspective.

Need help? Call our support team at (855) 488-5327

ITU Online IT Training

ITU Online IT Training

PGlmcmFtZSBzcmM9Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vbWFwcy9lbWJlZD9wYj0hMW0xOCExbTEyITFtMyExZDYwNDQuMjc1NjM3NDU2ODA1ITJkLTczLjk4MzQ2MzY4MzI1MjA0ITNkNDAuNzU4OTkzNDExNDc4NTMhMm0zITFmMCEyZjAhM2YwITNtMiExaTEwMjQhMmk3NjghNGYxMy4xITNtMyExbTIhMXMweDAlM0EweDU1MTk0ZWM1YTFhZTA3MmUhMnNUaW1lcytTcXVhcmUhNWUwITNtMiExc2VuITJzITR2MTM5MjkwMTMxODQ2MSIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgZnJhbWVib3JkZXI9IjAiIHN0eWxlPSJib3JkZXI6MCI+PC9pZnJhbWU+
Thank You. We will contact you as soon as possible.
COMPANY NAME
CONTACT US
Dolor aliquet augue augue sit magnis, magna aenean aenean et! Et tempor, facilisis cursus turpis tempor odio putonius mudako empero brutto populius giten facilisis cursus turpis balocus tredium todo.
Thank You. We will contact you as soon as possible.
PGlmcmFtZSB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzcmM9Ii8vd3d3LnlvdXR1YmUuY29tL2VtYmVkL3NCV1BDdmR2OEJrP2F1dG9wbGF5PTEiIGZyYW1lYm9yZGVyPSIwIiBhbGxvd2Z1bGxzY3JlZW4+PC9pZnJhbWU+
ENJOY AURORA BOREALIS

WIN A FULL YEAR
OF IT TRAINING

Subscribe now to get special offers and discounts. By subscribing you will also be entered into our monthly drawing to win 1 full year of free ITU training.
Your Name
Your Email
WIN 1 YEAR OF FREE TRAINING
Subscribe to our mailing list and automatically be entered into our monthly drawing to win 1 year of free training from ITU Online.
2019 (C) All rights reserved.
We respect your privacy and will not sell your email
to any third party.
Congratulations to Anthony B. of New Pasadena TX, our Aug. 2019 Winner!
Drop a line.
This is Layered Popups' version of Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis.
2016 (C) All rights reserved.
WELCOME!
Subscribe to our free newsletter and win some prizes. Enter your email below and get updates and news weekly.
We never share your data with 3rd parties.
2018 (C) All rights reserved.
Subscribe Now
Get some fresh designer freebies by subscribing to our daily newsletter.
2016 (C) All rights reserved.