Course description
This course covers how to plan, design, and implement an Information Security policy and to coordinate a set of activities, project and initiatives to implement the Information Security strategy. This course is part of a series covering the ISACA Certified Information Security Manager (CISM).
Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.
Prerequisites
This is part 3 of the series
Meet the expert
Kenneth Mayer
As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.
Video Runtime
245 Minutes
Time to complete
305 Minutes
Course Outline
Info Sec Development and Management
Develop Information Security Program (17:25)
- Introduction (00:31)
- The Importance of Security Programs (00:52)
- Security Program Development Outcomes (01:48)
- Effective Security Program Development (04:59)
- Cross-Organizational Responsibilities (01:55)
- Information Security Program Objectives (00:11)
- Program Objectives (02:22)
- Program Objectives Continued (01:18)
- Defining Objectives (02:10)
- Defining Objectives Continued (01:07)
- Summary (00:08)
Technology Resources (11:23)
- Introduction (01:27)
- Technology Resources (05:39)
- Techology Resources Continued (02:44)
- Information Security Manager (01:24)
- Summary (00:08)
Info Sec Management Scope and Charter (22:33)
- Introduction (00:31)
- Assurance Function Integration (01:36)
- Program Development Challenges (01:54)
- Other Pitfalls (02:48)
- Implementation of Strategy (02:07)
- Program Goals (02:52)
- The Steps of the Security Program (01:46)
- Defining the Roadmap (01:38)
- Defining the Roadman Continued (00:58)
- Elements of the Roadmap (01:53)
- Elements of the Roadmap Continued (01:57)
- General Controls (01:36)
- Gap Analysis (00:44)
- Summary (00:08)
Info Sec Management Framework (16:19)
- Introduction (00:31)
- Info Sec Management Framework (00:15)
- Security Management Framework (04:55)
- COBIT 5 (05:59)
- ISO/IEC 27001 (04:29)
- Summary (00:08)
Framework Concepts (12:27)
- Introduction (00:31)
- Info Sec Framework Components (00:13)
- Operational Components (01:56)
- Operational Components Continued (03:11)
- Management Components (01:30)
- Administrative Components (03:29)
- Educational and Informational Components (01:25)
- Summary (00:08)
Program Resources
Program Resources Part 1 (33:41)
- Introduction (01:34)
- Resource Examples (03:27)
- Documentation (00:55)
- Enterprise Architecture (04:29)
- Enterprise Architecture Continued (03:05)
- Controls (06:02)
- Common Control Practices (06:55)
- Common Control Practices Continued (01:41)
- Countermeasures (00:37)
- Technology Constraints (03:06)
- Technologies Continued (01:38)
- Summary (00:08)
Program Resources Part 2 (32:13)
- Introduction (01:32)
- Content Filtering (05:38)
- Personnel Roles and Responsibilities (02:00)
- Personnel Skills (02:56)
- Security Awareness (01:28)
- Awareness Training (05:17)
- Formal Audits (01:17)
- Compliance Enforcement (01:02)
- Project Risk Analysis (03:09)
- Verifying Compliance (02:58)
- Other Sources of Information (01:22)
- Program Budgeting (01:03)
- Program Budgeting Continued (02:17)
- Summary (00:08)
Info Sec Architecture, Metrics, and Activities
Implementing an Info Sec Program (27:06)
- Introduction (00:14)
- Policy Compliance (02:38)
- Standards (02:45)
- Training and Education (01:42)
- ISACA Control Objectives (03:51)
- Third-Party Service Providers (01:10)
- Third-Party Security (04:22)
- Integrating Security into the Lifecyle Process (02:14)
- Monitoring and Communication (03:33)
- Documentation (01:32)
- The Plan of Action (02:52)
- Summary (00:08)
Info Sec Architecture (13:48)
- Introduction (00:54)
- Managing Complexity (04:42)
- Managing Complexity Continued (01:45)
- Objectives of Information Security Architecture (02:45)
- Physical Security (03:32)
- Summary (00:08)
Info Sec Program Metrics (11:51)
- Introduction (00:54)
- Info Sec Program Deployment Metrics (02:27)
- Metrics Considerations (02:03)
- Strategic Alignment (02:34)
- Value Delivery (00:35)
- Resource Management (01:22)
- Assurance Process Integration (00:26)
- Performance Measurement (00:41)
- Security Baseline (00:37)
- Summary (00:08)
Info Sec Activities (46:29)
- Introduction (02:10)
- Security Activities Overview (00:48)
- IS Liason Responsibilities (10:16)
- IS Liason Responsibilities Continued (02:28)
- Cross-Organizational Responsibilities (01:33)
- Security Reviews and Audits (05:06)
- Management of Security Technology (01:25)
- Due Diligence (05:47)
- Compliance Monitoring and Enforcement (03:48)
- Assessment of Risk and Impact (03:44)
- Outsourcing and Service Providers (02:33)
- Cloud Computing (01:36)
- Cloud Computing Continued (04:18)
- Integration with IT Processes (00:41)
- Summary (00:08)