CISM: Information Risk Management and Compliance (Part 1)

Target Audience
Expected Duration
Lesson Objectives
Course Number
Expertise Level

Information risk management and compliance is a pivotal part of the role of an information security manager. This course will provide an overview of information risk management and compliance, as well as examine the elements that come into play when creating an information risk management plan and the frameworks and methodologies that are used. This course also examines risk assessment, with special attention to methods of risk identification, risk analysis, compliance, and the calculations used for risk impact analysis. This course prepares you for the Certified Information Security Manager (CISM) exam and follows the 2015 ISACA Candidate Information Guide.

Target Audience
Experienced IT security professionals seeking to pass the Certified Information Security Manager (CISM) exam or otherwise gain knowledge in managing, designing, and overseeing an enterprise's information security

Expected Duration (hours)

Lesson Objectives

CISM: Information Risk Management and Compliance (Part 1)

  • identify the tasks within the information risk management job practice area
  • identify the outcomes of risk management
  • sequence the steps in planning a risk management program
  • recognize the qualities of a good risk management plan
  • match roles in risk management program development with their corresponding responsibilities
  • recognize the steps of the risk management process
  • distinguish between the concepts of risk management, risk analysis, and risk assessment
  • recognizing activities of the risk management program planning process
  • associate steps in the risk management process with specific outcomes of an effective risk management program
  • label examples as either threats or vulnerabilities
  • recognize examples of risk categories
  • recognize the process for conducting a semiquantitative risk analysis
  • match quantitative risk analysis methods with their corresponding descriptions
  • match common risk assessment methodologies with corresponding descriptions
  • recognize risk assessment concepts
  • perform quantitative risk analysis, given a scenario
  • Course Number:

    Expertise Level