CISM: Information Security Program Development and Management (Part 4)


Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description
Information security programs typically have numerous operational responsibilities and provide a variety of security services. While programs vary from organization to organization, there are operations and services that are typically found in all well conceived security programs. This course examines the activities and responsibilities of an information security manager related to operations and services within an organization. The course will examine different organizational units such as IT, HR, and Legal that are affected by security programs, and how their needs are integrated into the program. This course also examines how audits and compliance enforcement are performed. Finally, this course examines how technology - both legacy and new technologies such as cloud computing - are managed in modern security programs. This course prepares you for the Certified Information Security Manager (CISM) exam and follows the 2015 ISACA Candidate Information Guide.

Target Audience
Experienced IT security professionals seeking to pass the Certified Information Security Manager (CISM) exam, or otherwise gain knowledge in managing, designing, and overseeing an enterprise's information security

Expected Duration (hours)
2.0

Lesson Objectives

CISM: Information Security Program Development and Management (Part 4)

  • match information organizational roles to their corresponding responsibilities
  • determine the responsibilities of individuals within an organization related to standard security program components
  • sequence the steps of a security review, given a scenario
  • identify key points regarding audits that an information security manager should remember during program implementation
  • identify preventive measures that minimize security risk
  • identify the responsibilities of an information security manager with relation to compliance monitoring and enforcement
  • recognize the results of commonly used risk analysis methods
  • recognize the responsibilities of an information security manager related to monitoring and compliance
  • identify activities that allow an information security manager to integrate a security program within an organization
  • recognize strategies for managing risk of outsourcing when using third-party service providers
  • recognize examples of cloud computing models
  • recognize the responsibilities of an information security manager related to process integration and outsourcing
  • Course Number:
    sp_ciso_a09_it_enus

    Expertise Level
    Beginner