CISM: Information Security Program Development and Management (Part 5)

Target Audience
Expected Duration
Lesson Objectives
Course Number

Security programs require strong controls and countermeasures to ensure that security activities are carried out and measures exist to deal with issues that may arise while a security program is being implemented. This course examines control categories, control design considerations, and the control methods and recommendations that a security manager should implement. This course will also discuss the metrics and monitoring practices that should be used put in place as part of a security program. Finally, this course will examine common information security program challenges. This course prepares you for the Certified Information Security Manager (CISM) exam and follows the 2015 ISACA Candidate Information Guide.

Target Audience
Experienced IT security professionals seeking to pass the Certified Information Security Manager (CISM) exam, or otherwise gain knowledge in managing, designing, and overseeing an enterprise's information security

Expected Duration (hours)

Lesson Objectives

CISM: Information Security Program Development and Management (Part 5)

  • distinguish between two types of information security controls
  • recognize principles of effective security control
  • recognize examples of physical, environmental, and technical controls
  • distinguish between examples of controls and countermeasures
  • identify factors to consider when recommending improvements to information security controls
  • describe types of controls and how they are used in information security management
  • explain the use of controls and countermeasures to manage risk
  • categorize examples of information security metrics
  • determine whether a given metric would be effective
  • recognize examples of measures used to assess the effectiveness of an information security program
  • recognize examples of monitoring activities
  • recognize the relationship between information security metrics, measurement, and monitoring
  • recognize effective approaches to measuring and monitoring an information security program
  • recognize strategies for overcoming common challenges to information security management
  • Course Number: