Certified Information Security Manager CISM (Part 1 of 4): Governance
Interactive

Certified Information Security Manager CISM (Part 1 of 4): Governance

Biz Library
Updated Jan 21, 2020

The goal of this domain is to give an overview of what it takes in planning, development, implementation and management to meet objectives in alignment with business goals. Topics covered include: Information Security Concepts, Metrics, Resources, Constraints and a plan to implement them. This course contains the following lessons:

Lesson 1:

  • Overview
  • Security Governance Overview
  • Top down Support
  • Importance of Security Governance
  • Benefits of Good Management
  • Strategic Alignment
  • Risk Management
  • Value Delivery
  • Outcomes of Governance
  • Security Integration.

Lesson 2:

  • Information Security Governance
  • Goals and Objectives Continued
  • Roles of Senior Management
  • Business Model for Info Sec
  • Business Model for Info Sec Continued
  • Dynamic Interconnections
  • Dynamic Interconnections Continued.

Lesson 3:

  • Information Security Concepts
  • More Concepts
  • Concepts and Tech Continued
  • Variety of Technologies.

Lesson 4:

  • Information Security Manager
  • Senior Management Commitment
  • Management Alignment
  • Establish Reporting and Communication.

Lesson 5:

  • Scope of Governance
  • Assurance Process Integration
  • Governance and Third Parties.

Lesson 6:

  • Governance Metrics
  • Metrics
  • Effective Security Metrics
  • Effective Metrics Continued
  • Security Implementation Metrics
  • Risk Management
  • Performance Management.

Lesson 7:

  • Information Security Strategy
  • Common Pitfalls
  • Objectives of Info Sec Strategy
  • What Is the Goal
  • Business Case Development
  • Business Case Objectives
  • Capability Maturity Model
  • Architectural Approaches
  • Risk Objectives.

Lesson 8:

  • State of Security
  • Business Impact Analysis. Lesson 9:
  • Information Security Development
  • The Roadmap
  • Strategy Resources and Constraints.

Lesson 10:

  • Strategy Resources
  • Enterprise Information Security Architecture
  • Personnel
  • Audits
  • Threat Assessment
  • Risk Assessment
  • Insurance.

Lesson 11:

  • Strategy Constraints
  • The Security Strategy.

Lesson 12:

  • Plan to Implement
  • Policy Development
  • Action Plan Metrics
  • General Metrics
  • Objectives for CMM4.