Certified Information Security Manager CISM (Part 3 of 4): Security Program Development

This Course covers how to plan, design, and implement an Information Security policy and to coordinate a set of activities, project and initiatives to implement the Information Security strategy. This course contains the following lessons:

Lesson 1:

• The Importance of Security Programs
• Security Program Development Outcomes
• Effective Security Program Development
• Cross-Organizational Responsibilities
• Information Security Program Objectives
• Program Objectives
• Program Objectives Continued
• Defining Objectives
• Defining Objectives Continued.

Lesson 2:

• Technology Resources
• Technology Resources Continued
• Information Security Manager.

Lesson 3:

• Assurance Function Integration
• Program Development Challenges
• Other Pitfalls
• Implementation of Strategy
• Program Goals
• The Steps of the Security Program
• Defining the Roadmap
• Defining the Roadman Continued
• Elements of the Roadmap
• Elements of the Roadmap Continued
• General Controls
• Gap Analysis.

Lesson 4:

• Info Sec Management Framework
• Security Management Framework
• COBIT 5
• ISO/IEC 27001.

Lesson 5:

• Info Sec Framework Components
• Operational Components
• Operational Components Continued
• Management Components
• Administrative Components
• Educational and Informational Components.

Lesson 6:

• Resource Examples
• Documentation
• Enterprise Architecture
• Enterprise Architecture Continued
• Controls
• Common Control Practices
• Common Control Practices Continued
• Countermeasures
• Technology Constraints
• Technologies Continued.

Lesson 7:

• Content Filtering
• Personnel Roles and Responsibilities
• Personnel Skills
• Security Awareness
• Awareness Training
• Formal Audits
• Compliance Enforcement
• Project Risk Analysis
• Verifying Compliance
• Other Sources of Information
• Program Budgeting
• Program Budgeting Continued.

Lesson 8:

• Policy Compliance
• Standards
• Training and Education
• ISACA Control Objectives
• Third-Party Service Providers
• Third-Party Security
• Integrating Security into the Lifecyle Process
• Monitoring and Communication
• Documentation
• The Plan of Action. Lesson 9:
• Managing Complexity
• Managing Complexity Continued
• Objectives of Information Security Architecture
• Physical Security.

Lesson 10:

• Info Sec Program Deployment Metrics
• Metrics Considerations
• Strategic Alignment
• Value Delivery
• Resource Management
• Assurance Process Integration
• Performance Measurement
• Security Baseline.

Lesson 11:

• Security Activities Overview
• IS Liaison Responsibilities
• IS Liaison Responsibilities Continued
• Cross-Organizational Responsibilities
• Security Reviews and Audits
• Management of Security Technology
• Due Diligence
• Compliance Monitoring and Enforcement
• Assessment of Risk and Impact
• Outsourcing and Service Providers
• Cloud Computing
• Cloud Computing Continued
• Integration with IT Processes.