CISM: Information Risk Management and Compliance (Part 2)

Target Audience
Expected Duration
Lesson Objectives
Course Number
Expertise Level

Analysis, mitigation, and monitoring play an extremely important role in information risk management and compliance. This course examines how to properly classify and valuate information assets, perform a business impact analysis, and the principles of disaster recovery. You will learn about the options available to deal with risk, effective controls, and ways to ensure your risk management program is integrated into your organization's other life-cycle processes. You will also examine the many responsibilities of an Information Security Manager related to risk monitoring and reporting. This course prepares you for the Certified Information Security Manager (CISM) exam and follows the 2015 ISACA Candidate Information Guide.

Target Audience
Experienced IT security professionals seeking to pass the Certified Information Security Manager (CISM) exam or otherwise gain knowledge in managing, designing, and overseeing an enterprise's information security.

Expected Duration (hours)

Lesson Objectives

CISM: Information Risk Management and Compliance (Part 2)

  • identify examples of information assets that should be valuated
  • match valuation methods with corresponding examples
  • recognize how to classify information assets
  • match disaster recovery terms with their corresponding definitions
  • recognize considerations related to outsourcing security services to a third-party provider
  • determine information asset valuation methodologies used by a given information security manager
  • perform information asset classification
  • distinguish between examples of RTOs and RPOs
  • match risk treatment options with corresponding examples of their use
  • classify examples of controls
  • identify types of controls
  • recognize considerations when planning controls and countermeasures
  • identify the key responsibilities of an information security manager related to risk monitoring and communication
  • recognize methods of integrating risk management processes with other life-cycle processes within an organization
  • determine appropriate actions to effectively manage a given risk
  • Course Number:

    Expertise Level