Certified Information Security Manager CISM (Part 3 of 4): Security Program Development
Interactive

Certified Information Security Manager CISM (Part 3 of 4): Security Program Development

Biz Library
Updated Jan 21, 2020

This Course covers how to plan, design, and implement an Information Security policy and to coordinate a set of activities, project and initiatives to implement the Information Security strategy. This course contains the following lessons:

Lesson 1:

  • The Importance of Security Programs
  • Security Program Development Outcomes
  • Effective Security Program Development
  • Cross-Organizational Responsibilities
  • Information Security Program Objectives
  • Program Objectives
  • Program Objectives Continued
  • Defining Objectives
  • Defining Objectives Continued.

Lesson 2:

  • Technology Resources
  • Technology Resources Continued
  • Information Security Manager.

Lesson 3:

  • Assurance Function Integration
  • Program Development Challenges
  • Other Pitfalls
  • Implementation of Strategy
  • Program Goals
  • The Steps of the Security Program
  • Defining the Roadmap
  • Defining the Roadman Continued
  • Elements of the Roadmap
  • Elements of the Roadmap Continued
  • General Controls
  • Gap Analysis.

Lesson 4:

  • Info Sec Management Framework
  • Security Management Framework
  • COBIT 5
  • ISO/IEC 27001.

Lesson 5:

  • Info Sec Framework Components
  • Operational Components
  • Operational Components Continued
  • Management Components
  • Administrative Components
  • Educational and Informational Components.

Lesson 6:

  • Resource Examples
  • Documentation
  • Enterprise Architecture
  • Enterprise Architecture Continued
  • Controls
  • Common Control Practices
  • Common Control Practices Continued
  • Countermeasures
  • Technology Constraints
  • Technologies Continued.

Lesson 7:

  • Content Filtering
  • Personnel Roles and Responsibilities
  • Personnel Skills
  • Security Awareness
  • Awareness Training
  • Formal Audits
  • Compliance Enforcement
  • Project Risk Analysis
  • Verifying Compliance
  • Other Sources of Information
  • Program Budgeting
  • Program Budgeting Continued.

Lesson 8:

  • Policy Compliance
  • Standards
  • Training and Education
  • ISACA Control Objectives
  • Third-Party Service Providers
  • Third-Party Security
  • Integrating Security into the Lifecyle Process
  • Monitoring and Communication
  • Documentation
  • The Plan of Action. Lesson 9:
  • Managing Complexity
  • Managing Complexity Continued
  • Objectives of Information Security Architecture
  • Physical Security.

Lesson 10:

  • Info Sec Program Deployment Metrics
  • Metrics Considerations
  • Strategic Alignment
  • Value Delivery
  • Resource Management
  • Assurance Process Integration
  • Performance Measurement
  • Security Baseline.

Lesson 11:

  • Security Activities Overview
  • IS Liaison Responsibilities
  • IS Liaison Responsibilities Continued
  • Cross-Organizational Responsibilities
  • Security Reviews and Audits
  • Management of Security Technology
  • Due Diligence
  • Compliance Monitoring and Enforcement
  • Assessment of Risk and Impact
  • Outsourcing and Service Providers
  • Cloud Computing
  • Cloud Computing Continued
  • Integration with IT Processes.