CISM 2012: Information Security Program Development and Management (Part 4)

Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number

---

Overview/Description
Information security programs typically have numerous operational responsibilities and provide a variety of security services. While programs vary from organization to organization, there are operations and services that are typically found in all well conceived security programs. This course examines the activities and responsibilities of an information security manager related to operations and services within an organization. The course will examine different organizational units such as IT, HR, and Legal that are affected by security programs, and how their needs are integrated into the program. This course also examines how audits and compliance enforcement are performed. Finally, this course examines how technology - both legacy and new technologies such as cloud computing - are managed in modern security programs. This course prepares you for the Certified Information Security Manager (CISM) exam.

Target Audience
Experienced IT security professionals seeking to pass the Certified Information Security Manager (CISM) exam, or otherwise gain knowledge in managing, designing, and overseeing an enterprise's information security

Expected Duration (hours)
2.0

Lesson Objectives

CISM 2012: Information Security Program Development and Management (Part 4)

match information organizational roles to their corresponding responsibilities

determine the responsibilities of individuals within an organization related to standard security program components

sequence the steps of a security review, given a scenario

identify key points regarding audits that an information security manager should remember during program implementation

identify preventive measures that minimize security risk

identify the responsibilities of an information security manager with relation to compliance monitoring and enforcement

recognize the results of commonly used risk analysis methods

recognize the responsibilities of an information security manager related to monitoring and compliance

identify activities that allow an information security manager to integrate a security program within an organization

recognize strategies for managing risk of outsourcing when using third-party service providers

recognize examples of cloud computing models

recognize the responsibilities of an information security manager related to process integration and outsourcing

Course Number:
sp_cisn_a09_it_enus