Information Security Management: Managing security to reduce risk and protect the organization

While information has become more easily accessible and readily available, the associated risks and security threats have not only increased in number, but also complexity. As a result, the importance of ensuring that an enterprise’s information is protected has also increased. It is now more important than ever for executives to ensure that their IT security managers have the expertise needed to reduce risk and protect the enterprise.
Designed specifically for information security professionals who are preparing to sit for the CISM exam, the course focuses on the four content areas of the Certified Information Security Manager (CISM) job practice: information security governance, risk management and compliance, information security program development and management, information security incident management. Sample exam items will be used throughout the course to reinforce content and familiarize attendees with the CISM exam question format.

Course Curriculum

Day 1 – Information Security Governance
1.1 Establish and maintain an information security strategy and align the strategy with corporate governance 00:00:00
1.2 Establish and maintain an information security strategy and align the strategy with corporate governance 00:00:00
1.3 Establish and maintain information security policies 00:00:00
1.4 Develop a business case 00:00:00
1.5 Identify internal and external influences to the organization 00:00:00
1.6 Obtain management commitment 00:00:00
1.7 Define roles and responsibilities 00:00:00
1.8 Establish, monitor, evaluate and report metrics 00:00:00
Day 2 – Information Risk Management and Compliance
2.1 Establish a process for information asset classification and ownership 00:00:00
2.2 Identify legal, regulatory, organizational and other applicable requirements 00:00:00
2.3 Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically. 00:00:00
2.4 Determine appropriate risk treatment options. 00:00:00
2.5 Evaluate information security controls 00:00:00
2.6 Identify the gap between current and desired risk levels 00:00:00
2.7 Integrate information risk management into business and IT processes 00:00:00
2.8 Monitor existing risk. 00:00:00
2.9 Report noncompliance and other changes in information risk 00:00:00
Day 3 – Information Security Program Development and Management
3.1 Establish and maintain the information security program 00:00:00
3.2 Ensure alignment between the information security program and other business functions 00:00:00
3.3 Identify, acquire, manage and define requirements for internal and external resources 00:00:00
3.4 Establish and maintain information security architectures 00:00:00
3.5 Establish, communicate and maintain organizational information security standards, procedures, guidelines 00:00:00
3.6 Establish and maintain a program for information security awareness and training 00:00:00
3.7 Integrate information security requirements into organizational processes 00:00:00
3.8 Integrate information security requirements into contracts and activities of third parties 00:00:00
3.9 Establish, monitor and periodically report program management and operational metrics 00:00:00
Day 4 – Information Security Incident Management
4.1 Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents 00:00:00
4.2 Establish and maintain an incident response plan 00:00:00
4.3 Develop and implement processes to ensure the timely identification of information security incidents 00:00:00
4.4 Establish and maintain processes to investigate and document information security incidents 00:00:00
4.5 Establish and maintain incident escalation and notification processes 00:00:00
4.6 Organize, train and equip teams to effectively respond to information security incidents 00:00:00
4.7 Test and review the incident response plan periodically 00:00:00
4.8 Establish and maintain communication plans and processes 00:00:00
4.9 Conduct post-incident reviews 00:00:00
4.10 Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan 00:00:00

Course Reviews


  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© IAA Energy Resources Limited 2021.Designed by Acaso