	12 Hours 38 Minutes
	349 Course Videos
	58 Prep Questions

Certified Information Security Manager (CISM)

$99.00

IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace. This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. This course trains students for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

Another key course offered by ITU Online that prepares you for a ISACA certification is our Certified Information Systems Auditor (CISA)

For more information on this certification, visit the ISACA Official Certification site.

Categories: Online IT Training Courses, Cybersecurity

Course Modules & Videos

The Certified Information Security Manager (CISM) course is organized into the following modules. Click a module title to view the video list contained in each section.

Domain 1: Information Security Governance

CISM Introduction
Information Security
Business Goals, Objectives, and Functions
Business Goals and Information Security
Information Security Threats
Information Security Management
Identity Management
Data Protection
Network Security
Personnel Security
Facility Security
Security Compliance and Standards
Information Security Strategy
Inputs and Outputs of the Informtion Security Strategy
Processes in an Information Security Strategy
People in an Information Security Strategy
Technologies in an Indormation Security Strategy
Logical and Physical Information Security Strategy Architectures
Information Security and Business Functions
Information Security Policies and Enterprise Objectives
International Standards for the Security Management
ISO/IEC 27000 Standards
International Info Government Standards
Information Security Government Standards in the United States
Methods of Coordinating Information Security Activites
How to Develop an Information Security Strategy
Information Security Governance
Role of the Security in Governance
Scope of Information Security Governance
Charter of Information Security Governance
Information Security Governance and Enterprise Governance
How to Align Information Security Strategy with Corporate Governance
Regulatory Requirements and Information Security
Business Impact of Regulatory Requirements
Liability Management
Liability Management Strategies
How to Identify Legal and Regulatory Requirements
Business Case Development
Budgetary Reporting Methods
Budgetary Planning Strategy
How to Justify Investment in Info Security
Organizational Drivers
Impact of Drivers on Info Security
Third Party Relationships
How to Identify Drivers Affecting the Organization
Purpose of Obtaining Commitment to Info Security
Methods for Obtaining Commitment
ISSG
ISSG Roles and Responsibilities
ISSG Operation
How to Obtain Senior Management's Commitment to Info Security
Info Security Management Roles and Responsibilities
How to Define Roles and Responsibilities for Info Security
The Need for Reporting and Communicating
Methods for Reporting in an Organization
Methods of Communication in an Organization
How to Establish Reporting and Communicating Channels

Domain 2: Risk Management

Risk
Risk Assessment
Info Threat Types
Info Vulnerabilities
Common Points of Exposure
Info Security Controls
Types of Info Security Controls
Common Info Security Countermeasures
Overview of the Risk Assessment Process
Factors Used in Risk Assessment and Analysis
Risk Assessment Methodologies
Quantitative Risk Assessment - Part 1
Quantitative Risk Assessment - Part 2
Qualitative Risk Assessment
Hybrid Risk Assessment
Best Practices for Info Security Management
Gap Analysis
How to Implement an Info Risk Assessment Process
Info Classification Schemas
Components of Info Classification Schemas
Info Ownership Schemas
Components of Info Ownership Schemas
Info Resource Valuation
Valuation Methodologies
How to Determine Info Asset Classification and Ownership
Baseline Modeling
Control Requirements
Baseline Modeling and Risk Based Assessment of Control Requirements
How to Conduct Ongoing Threat and Vulnerability Evaluations
BIA's
BIA Methods
Factors for Determining Info Resource Sensitivity and Critically
Impact of Adverse Events
How to Conduct Periodic BIA's
Methods for Measuring Effectiveness of Controls and Countermeasures
Risk Mitigation
Risk Mitigation Strategies
Effect of Implementing Risk Mitigation Strategies
Acceptable Levels of Risk
Cost Benefit Analysis
How to Identify and Evaluate Risk Mitigation Strategies
Life Cycle Processes
Life Cycle-Based Risk Management
Risk Management Life Cycle
Business Life Cycle Processes Affected by Risk Management
Life Cycled-Based Risk Management Principles and Practices
How to Integrate Risk Management Into Business Life Cycle Processes
Significant Changes
Risk Management Process
Risk Reporting Methods
Components of Risk Reports
How to Report Changes in Info Risk

Domain 3: Information Security Program

Info Security Strategies
Common Info Security Strategies
Info Security Implementation Plans
Conversation of Strategies Into Implementation Plans
Info Security Programs
Info Security Program Maintenance
Methods for Maintaining an Info Security Program
Succession Planning
Allocation of Jobs
Program Documentation
How to Develop Plans to Implement an Info Security Strategy
Security Technologies and Controls
Cryptographic Techniques
Symmetric Cryptography
Public Key Cryptography
Hashes
Access Control
Access Control Categories
Physical Access Controls
Technical Access Controls
Administrative Access Controls
Monitoring Tools
IDS's
Anti-Virus Systems
Policy-Compliance Systems
Common Activities Required in Info Security Programs
Prerequisites for Implementing the Program
Implementation Plan Management
Types of Security Controls
Info Security Controls Development
How to Specify info Security Program Activities
Business Assurance Function
Common Business Assurance Functions
Methods for Aligning info Security Programs with Business Assurance Functions
How to Coordinate Info Security Programs with Business Assurance Functions
SLA's
Internal Resources
External Resources
Services Provided by External Resources - Part 1
Services Provided by External Resources - Part 2
Skills Commonly Required for Info Security Program Implementation
Dentification of Resources and Skills Required for a Particular Implementation
Resource Acquisition Methods
Skills Acquisition Methods
How to Identify Resources Needed for Info Security Program Implementation
Info Security Architectures
The SABSA Model for Security Architecture
Deployment Considerations
Deployment of Info Security Architectures
How to Develop Info Security Architecture
Info Security Policies
Components of Info Security Policies
Info Security Policies and the Info Security Strategy
Info Security Policies and Enterprise Business Objectives
Info Security Policy Development Factors
Methods for Communicating Info Security Policies
Info Security Policy Maintenance
How to Develop Info Security Policies
Info Security Awareness Program, Training Programs, and Education Programs
Security Awareness, Training, and Education Gap Analysis
Methods for Closing the Security Awareness, Training, and Education Gaps
Security-Based Cultures and Behaviors
Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
How to Develop Info Security Awareness, Training, and Education Programs
Supporting Documentation for Info Security Policies
Standards, Procedures, Guidelines, and Baselines
Codes of Conduct
NDA's
Methods for Developing Supporting Documentation
Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
Methods for Maintaining Supporting Documentation
C and A
C and A Programs
How to Develop Supporting Documentation for Info Security Policies

Domain 4: Information Security Program Implementation

Enterprise Business Objectives
Integrating Enterprise Business Objectives & Info Security Policies
Organizational Processes
Change Control
Merges & Acquisitions
Organizational Processes & Info Security Policies
Methods for Integrating Info Security Policies & Organizational Processes
Life Cycle Methodologies
Types of Life Cycle Methodologies
How to Integrate Info Security Requirements Into Organizational Processes
Types of Contracts Affected by Info Security Programs
Joint Ventures
Outsourced Provides & Info Security
Business Partners & Info Security
Customers & Info Security
Third Party & Info Security
Risk Management
Risk Management Methods & Techniques for Third Parties
SLA's & Info Security
Contracts & Info Security
Due Diligence & Info Security
Suppliers & Info Security
Subcontractors & Info Security
How to Integrate Info Security Controls Into Contracts
Info Security Metrics
Types of Metrics Commonly Used for Info Security
Metric Design, Development & Implementation
Goals of Evaluating Info Security Controls
Methods of Evaluating Info Security Controls
Vulnerability Testing
Types of Vulnerability Testing
Effects of Vulnerability Assessment & Testing
Vulnerability Correction
Commercial Assessment Tools
Goals of Tracking Info Security Awareness, Training, & Education Programs
Methods for Tracking Info Security Awareness, Training, & Education Programs
Evaluation of Training Effectiveness & Relevance
How to Create Info Security Program Evaluation Metrics

Domain 5: Information Security Program Management

Management Metrics
Types of Management Metrics
Data Collection
Periodic Reviews
Monitoring Approaches
KPI's
Types of Measurements
Other Measurements
Info Security Reviews

Domain 6: Incident Management and Response

Management Metrics
Types of Management Metrics
Data Collection
Periodic Reviews
Monitoring Approaches
KPI's
Types of Measurements
Other Measurements
Info Security Reviews
The Role of Assurance Providers
Comparing Internal and External Assurance Providers
Line Management Technique
Budgeting
Staff Management
Facilities
How to Manage Info Security Program Resources
Security Policies
Security Policy Components
Implementation of Info Security Policies
Administrative Processes and Procedures
Access Control Types
ACM
Access Security Policy Principles
Identity Management and Compliance
Authentication Factors
Remote Access
User Registration
Procurement
How to Enforce Policy and Standards Compliance
Types of Third Party Relationships
Methods for Managing Info Security Regarding Third Parties
Security Service Providers
Third Party Contract Provisions
Methods to Define Security Requirements in SLA's, Security Provisions and SLA's, and Methods to Monitor Security
How to Enforce Contractual Info Security Controls
SDLC
Code Development
Common Techniques for Security Enforcement
How to Enforce Info Security During Systems Development
Maintenance
Methods of Monitoring Security Activities
Impact of Change and Configuration Management Activities
How to Maintain Info Security Within an Organization
Due Diligence Activities
Types of Due Diligence Activities
Reviews of Info Access
Standards of Managing and Controlling Info Access
How to Provide Info Security Advice and Guidance
Info Security Awareness
Types of Info Security Stakeholders
Methods of Stakeholder Education
Security Stakeholder Education Process
How to Provide Info Security Awareness and Training
Methods of Testing the Effectiveness of Info Security Control
The Penetration Testing Process
Types of Penetration Testing
Password Cracking
Social Engineering Attacks
Social Engineering Types
External Vulnerability Reporting Sources
Regulatory Reporting Requirements
Internal Reporting Requirements
How to Analyze the Effectiveness of Info Security Controls
Noncompliance Issues
Security Baselines
Events Affecting the Security Baseline
Info Security Problem Management Process
How to Resolve Noncompliance Issues

	12 Hours 38 Minutes
	349 Course Videos
	58 Prep Questions

Instructor led lectures

All ITU Courses replicate a live class experience with an instructor on screen delivering the course's theories and concepts.

These lectures are pre-recorded and available to the user 24/7. They can be repeated, rewound, fast forwarded.

	Visual Demonstrations, Educational Games & Flashcards
	ITU recognizes that all students do not learn alike and different delivery mediums are needed in order to achieve success for a large student base. With that in mind, we delivery our content in a variety of different ways to ensure that students stay engaged and productive throughout their courses.

	Mobile Optimization & Progress Tracking
	Our courses are optimized for all mobile devices allowing students to learn on the go whenever they have free time. Students can access their courses from anywhere and their progress is completely tracked and recorded.

	Practice Quizzes and Exams
	ITU Online's custom practice exams prepare you for your exams differently and more effectively than the traditional exam preps on the market. Students will have practice quizzes after each module to ensure you are confident on the topic you are learning.

	World Class Learning Management System
	ITU provides the next generation learning management system (LMS). An experience that combines the feature set of traditional Learning Management Systems with advanced functionality designed to make learning management easy and online learning engaging from the user’s perspective.