Attention !

Program Introduction

ISACA Student Membership

ISACA Exam Voucher

CISM Notes

Benefits of CISM Certification

Building Customer Confidence and International Credibility

Chief Audit Executives, Audit Partners, and Directors

Chief Privacy Officers and Data Protection Officers

Competency and Conduct Guidelines

Competency and Stakeholder Education Requirements

Compliance Executives and Management

Disclosure of Work Results

Due Diligence and Professional Care Requirements

Expanding Knowledge, Skills, and Confidence

Governance and Risk Management Standards

Increasing Marketability and Career Options

Introduction to CISM Certification

ISACA Code of Professional Ethics

ISACA_ Code of Ethics and Standards

IT Management Executives (CIOs, CTOs, Directors, Managers)

Meeting Employment Requirements

Privacy and Confidentiality Obligations

Privacy and Confidentiality Standards

Professional Conduct Guidelines

Security and Audit Consultants

Stakeholder Service Standards

Standards for Governance, Risk, and Security Management

Support for Professional Education and Development

Understanding CISM Certification (1)

Applying for the CISM Exam

Benefits of CISM Certification

Expanding Knowledge, Skills, and Confidence

Increasing Marketability and Career Options

Introduction to CISM Certification

ISACA_ Code of Ethics and Standards

Maintaining Your Certification

Meeting Employment Requirements

The Certification Process Overview

Understanding CISM Certification

Building Customer Confidence and International Credibility

Chief Audit Executives, Audit Partners, and Directors

Chief Privacy Officers and Data Protection Officers

Competency and Conduct Guidelines

Competency and Stakeholder Education Requirements

Compliance Executives and Management

Disclosure of Work Results

Due Diligence and Professional Care Requirements

Governance and Risk Management Standards

ISACA Code of Professional Ethics

IT Management Executives (CIOs, CTOs, Directors, Managers)

Privacy and Confidentiality Obligations

Privacy and Confidentiality Standards

Professional Conduct Guidelines

Requirements for Becoming a CISM Professional

Security and Audit Consultants

Stakeholder Service Standards

Standards for Governance, Risk, and Security Management

Support for Professional Education and

Business alignment

Business issue perspective and lack of commitment at board levels

Dependence on information systems

Establishment of effective organization structure and roles and responsibilities

Event identification

Executive commitment and security culture development

Incident response and compliance

Information Security Governance

Information security metrics

Information security strategy development

Introduction to Information Security Governance

Monitoring and improvement processes

Objectives, strategy, policy, priorities, standards, processes, controls

Obstacles to strategy development and execution

Process improvement

Reason for Security Governance

Resources needed to develop and execute a security strategy

Risk factors and safeguarding measures

Risk management

Security governance activities

Security Governance Fundamentals

Security strategy development

Access control and management, configuration, function definition, and process ownership

Adherence to policies, security awareness, and incident reporting

Aligning security metrics with business goals and objectives

BMIS Elements and Dynamic Interconnections

Business Alignment

Business continuity and disaster recovery planning

Business Model for Information Security (BMIS)

Business Process and Business Asset Owners

Competitive edge through proper security alignment

Consideration of culture, asset value, risk tolerance, and legal obligations

Culture, governing, architecture, emergence, enabling, support, and human factors

Custodial Responsibilities

Daily tasks, incident monitoring, and control of security systems

Defining roles, responsibilities, rank, and associated tasks in the organization

Delegation of asset control to IT personnel while maintaining oversight by business owners

Developing Metrics and the Security Balanced Scorecard

Efficient use of resources and long-term cost reduction strategies

Firewall, IDPS, anti-malware, and DLP metrics for technical and strategic insights

General Staff and Monitoring Responsibilities

Information Security Governance Metrics

Metrics and resource management

Multi-layered metrics development for audience-specific reporting

Network and Systems Management

Network architecture, engineering, and systems oversight

Operations and Security Operations

People, process, technology, and organization elements in a dynamic model

Providing frontline user support and IT technical assistance

QA and audit roles for evaluating IT system effectiveness and compliance

Quality Assurance and Security Audit

RACI charts for responsibilities and decision-making process guidance

Resource Management and Value Delivery

Risk Management and Performance Metrics

Risk tolerance, security incident management, and vulnerability response

Risk treatment, coordination of IT and security projects, and review of incidents and laws

Roles and Responsibilities

Roles in application and data design, maintenance, and testing

Security Steering Committee

Service Desk and Technical Support

Software Development and Data Management

Strategic Alignment and Balanced Scorecard

Understanding mission, goals, objectives, and strategies

reporting

Advanced Persistent Threats

Asset Classification

Asset Identification and Valuation

Asset Valuation

Benefits and outcomes from an information risk management perspective

Cloud-Based Information Assets

Components of a risk assessment_ asset value, vulnerabilities, threats, probability, and impact of occurrence

Developing a risk management strategy

External Environments

External Support

External Threats

Facilities Classification

Factor Analysis of Information Risk

Framework Components

GAP Analyses

Hardware Assets

Implementing a Risk Management Program

Importance of Risk Management

Information Assets

Information Classification

Information Risk Management

Integrating risk management into an organization’s practices and culture

Integration into the Environment

Internal Environments

Internal Threats

Monitoring and reporting risk

NIST Standards (NIST SP 800-39, NIST SP 800-30)

Outcomes of Risk Management

Risk assessment and risk management frameworks

Risk Awareness

Risk Communication

Risk Consulting

Risk Management Concepts

Risk Management Context

Risk Management Frameworks

Risk Management Life Cycle

Risk Management Methodologies

Risk Management Process

Risk Management Strategy

Risk Management Technologies

Risk treatment options_ mitigate, accept, transfer, avoid

Subsystem and Software Assets

System Classification

The risk management life-cycle process

The risk register

Threat Identification

Virtual Assets

IEC 27005

Business Continuity Plan

Continuity Plan

Continuity Testing

Disaster Recovery Plans

Recovery Strategies

Information Asset Security and Control

Information Asset Security Policies, Frameworks, Standards, and Guidelines

Information Asset Security Policies, Procedures, and Guidelines

Policy Development Process

Purpose and Benefits

COBIT

Information Security Frameworks and Standards