Certified Information Security Manager (CISM)
3.8 (32 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
489 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Certified Information Security Manager (CISM) to your Wishlist.

Add to Wishlist

Certified Information Security Manager (CISM)

Become a Certified Information Security Manager
3.8 (32 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
489 students enrolled
Last updated 7/2017
English
Current price: $10 Original price: $200 Discount: 95% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 13 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Student will understand the ability to promote international security practices.
  • Student will manage designs, and oversee and assess an enterprise's information security.
View Curriculum
Requirements
  • No prerequisites, recommended CISSP
  • ITis recommended to have taken or knowledge of CISSP
Description
The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security. The Process of Auditing Information Systems;Governance and Management of IT;Information Systems Acquisition, Development and Implementation;Protection of Information Assets.  CISM is an advanced certification that provides validation for individuals who have demonstrated they possess the knowledge and experience required to develop and manage an enterprise information security program. The certification intended for information security managers, aspiring managers or IT consultants who support information security program management.
Who is the target audience?
  • Science & Technology Professionals
  • Anyone who wants to improve Business security program management.
  • Anyone who wants to learn more about security and risk management
Students Who Viewed This Course Also Viewed
Curriculum For This Course
348 Lectures
13:05:20
+
Domain 1: Information Security Governance
57 Lectures 02:15:06

Information Security
01:02

Business Goals, Objectives, and Functions
01:08

Business Goals and Information Security
01:06

Information Security Threats
01:10

Information Security Management
01:22

Identity Management
01:27

Data Protection
01:49

Network Security
00:44

Personnel Security
01:54

Facilty Security
01:33

Sercurity Compliance and Standards
02:32

nformation Security Strategy
01:16

Inputs and Outputs of the Informtion Security Strategy
03:16

Processes in an Information Security Strategy
05:26

People in an Information Security Strategy
03:01

Technologies in an Indormation Security Strategy
05:33

Logical and Physical Information Security Strategy Architectures
03:31


Information Security Policies and Enterprise Objectives
02:34

International Standards for the Security Management
01:51

ISO/IEC 27000 Standards
00:40

International Info Government Standards
03:33

Information Security Government Standards in the United States
02:34

Methods of Coordinating Information Security Activites
01:40

How to Develop an Information Security Strategy
05:53

Information Security Governance
01:06

Role of the Security in Governance
04:01

Scope of Information Security Governance
01:52

Charter of Information Security Governance
02:08

Information Security Governance and Enterprise Governance
01:00

How to Align Information Security Strategy with Corporate Governance
03:00

Regulatory Requirements and Information Security
01:42

Business Impact of Regulatory Requirements
02:15

Liability Management
03:57

Liability Management Strategies
02:44

How to Identify Legal and Regulatory Requirements
02:05

Business Case Development
03:01

Budgetory Reporting Methods
01:11

Budgetary Planning Strategy
01:48

How to Justify Investment in Info Security
03:44

Organizational Drivers
04:31


Third Party Relationships
02:12

How to Identify Drivers Affecting the Organization
02:24

Purpose of Obtaining Commitment to Info Security
01:05

Methods for Obtaining Commitment
03:55

ISSG
01:02

ISSG Roles and Responsibilities
01:05

ISSG Operation
01:49

How to Obtain Senior Management's Commitment to Info Security
04:54

Info Security Management Roles and Responsibilities
01:52

How to Define Roles and Responsibilities for Info Security
04:41

The Need for Reporting and Communicating
01:32

Methods for Reporting in an Organization
02:04

Methods of Communication in an Organization
04:03

How to Establish Reporting and Communicating Channels
02:42
+
Domain 2: Risk Management
52 Lectures 01:49:53
Risk
03:44

Risk Assessment
01:46

Info Threat Types
01:44

Info Vulnerabilities
03:19

Common Points of Exposure
02:24

Info Security Controls
01:02

Types of Info Security Controls
03:20

Common Info Security Countermeasures
06:12

Overview of the Risk Assessment Process
01:19


Risk Assessment Methodologies
01:13

Quantitative Risk Assessment Pt 1
01:55

Quantitative Risk Assessment Pt 2
00:36

Quantitative Risk Assessment
01:48

Hybrid Risk Assessment
02:04

Best Practices for Info Security Management
01:25

Gap Analysis
00:57

How to Implement an Info Risk Assessment Process
04:39

Info Classification Schemas
03:45

Components of Info Classification Schemas
02:02

Info Ownership Schemas
01:07

Components of Info Ownership Schemas
02:29

Info Resource Valuation
01:51

Valuation Methodologies
02:21

How to Determine Info Asset Classification and Ownership
02:24

Baseline Modeling
01:16

Control Requirements
00:57

Baseline Modeling and Risk Based Assessment of Control Requirements
01:17

How to Conduct Ongoing Threat and Vulnerability Evaluations
05:47

BIA's
02:59

BIA Methods
00:39

Factors for Determining Info Resource Sensitivity and Critically
02:35

Impact of Adverse Events
01:24

How to Conduct Periodic BIA's
03:33

Methods for Measuring Effectiveness of Controls and Countermeasures
02:19


Risk Mitigation Strategies
01:49

Effect of Implementing Risk Mitigation Strategies
02:06

Acceptable Levels of Risk
00:48

Cost Benefit Analysis
01:27

How to Identify and Evaluate Risk Mitigation Strategies
05:18

Life Cycle Processes
00:32

Life Cycle-Based Risk Management
00:53

Risk Management Life Cycle
01:04

Business Life Cycle Processes Affected by Risk Management
02:07

Life Cycled-Based Risk Management Principles and Practices
01:09

How to Integrate Risk Management Into Business Life Cycle Processes
02:42

Significant Changes
02:01

Risk Management Process
00:50

Risk Reporting Methods
00:59

Components of Risk Reports
02:17

How to Report Changes in Info Risk
03:10
+
Domain 3: Information Security Program
74 Lectures 02:54:47
nfo Security Strategies
01:23

Common Info Security Strategies
02:42

Info Security Implementation Plans
01:35

Conversation of Strategies Into Implementation Plans
03:57

Info Security Programs
00:43

Info Security Program Maintenance
03:20


Succession Planning
02:54

Allocation of Jobs
02:31

Program Documentation
01:45

How to Develop Plans to Implement an Info Security Strategy
03:35

Security Technologies and Controls
01:08

Cryptographic Techniques
02:37

Symmetric Cryptography
05:04

Public Key Cryptography
05:18

Hashes
02:59

Access Control
00:50

Access Control Categories
02:30

Physical Access Controls
03:20

Technical Access Controls
03:52

Administrative Access Controls
02:58

Monitoring Tools
00:51

IDS's
00:45

Anti-Virus Systems
01:14

Policy-Compliance Systems
00:19

Common Activities Required in Info Security Programs
08:22

Prerequisites for Implementing the Program
01:55

Implementation Plan Management
02:08

Types of Security Controls
02:42

nfo Security Controls Development
00:58

How to Specify info Security Program Activities
01:44

Business Assurance Function
01:15

Common Business Assurance Functions
03:30

Methods for Aligning info Security Programs with Business Assurance Functions
03:05

How to Coordinate Info Security Programs with Business Assurance Functions
01:34

SLA's
01:17

Internal Resources
05:01


Services Provided by External Resources Pt 1
07:33

Services Provided by External Resources Pt 2
02:33

Skills Commonly Required for Info Security Program Implementation
03:08

Dentification of Resources and Skills Required for a Particular Implementation
01:53

Resource Acquisition Methods
01:46

Skills Acquisition Methods
02:13

How to Identify Resources Needed for Info Security Program Implementation
00:52

Info Security Architectures
01:13

The SABSA Model for Security Architecture
00:56

Deployment Considerations
01:41

Deployment of Info Security Architectures
02:59

How to Develop Info Security Architecture
03:42

Info Security Policies
01:11

Components of Info Security Policies
02:31

Info Security Policies and the Info Security Strategy
00:58

Info Security Policies and Enterprise Business Objectives
00:44

Info Security Policy Development Factors
02:44

Methods for Communicating Info Security Policies
01:23

Info Security Policy Maintenance
01:42

How to Develop Info Security Policies
03:07

Info Security Awareness Program, Training Programs, and Education Programs
03:50

Security Awareness, Training, and Education Gap Analysis
01:23

Methods for Closing the Security Awareness, Training, and Education Gaps
01:06


Methods for Establishing and Maintaining a Security-Based Culture in the Enterp
01:27

How to Develop Info Security Awareness, Training, and Education Programs
04:32

Supporting Documentation for Info Security Policies
01:41

Standards Procedures Guidelines and Baselines
03:52

Codes of Conduct
01:16

NDA's
01:31

Methods for Developing Supporting Documentation
01:02

Methods for Implementing Supporting Documentation and for Communicating Supporti
01:48

Methods for Maintaining Supporting Documentation
02:01

C and A
03:18

C and A Programs
02:01

How to Develop Supporting Documentation for Info Security Policies
01:28
+
Domain 4: Information Security Program Implementation
38 Lectures 01:19:45
Enterprise Business Objectives
01:36

Integrating Enterprise Business Objectives & Info Security Policies
03:22

Organizational Processes
01:23

Change Control
03:39

Merges & Acquisitions
02:38


Methods for Integrating Info Security Policies & Organizational Processes
02:39

Life Cycle Methodologies
02:24

Types of Life Cycle Methodologies
05:10

How to Integrate Info Security Requirements Into Organizational Processes
01:23

Types of Contracts Affected by Info Security Programs
01:49

Joint Ventures
01:41

Outsourced Provides & Info Security
02:32

Business Partners & Info Security
00:36

Customers & Info Security
00:50

Third Party & Info Security
00:35

Risk Management
02:22

Risk Management Methods & Techniques for Third Parties
02:17

SLA's & Info Security
00:47

Contracts & Info Security
02:41

Due Diligence & Info Security
01:48

Suppliers & Info Security
02:01

Subcontractors & Info Security
01:08

How to Integrate Info Security Controls Into Contracts
02:08

Info Security Metrics
00:54

Types of Metrics Commonly Used for Info Security
01:19

Metric Design, Development & Implementation
02:12

Goals of Evaluating Info Security Controls
03:37

Methods of Evaluating Info Security Controls
01:17


Types of Vulnerability Testing
02:03

Effects of Vulnerability Assessment & Testing
03:33

Vulnerability Correction
02:12

Commercial Assessment Tools
01:34

Goals of Tracking Info Security Awareness, Training, & Education Programs
02:17

Methods for Tracking Info Security Awareness, Training, & Education Programs
00:47

Evaluation of Training Effectiveness & Relevance
02:19

How to Create Info Security Program Evaluation Metrics
02:25
+
Domain 5: Information Security Program Management
69 Lectures 02:49:03
Management Metrics
01:07

Types of Management Metrics
01:07

Data Collection
02:40

Periodic Reviews
01:13

Monitoring Approaches
03:32

KPI's
01:08

Types of Measurements
05:31

Other Measurements
03:25

Info Security Reviews
02:07

The Role of Assurance Providers
02:47

Comparing Internal and External Assurance Providers
05:00

Line Management Technique
00:44

Budgeting
02:46

Staff Management
03:18

Facilities
02:47

How to Manage Info Security Program Resources
01:44

Security Policies
03:55

Security Policy Components
05:16

Implementation of Info Security Policies
01:19

Administrative Processes and Procedures
03:53

Access Control Types
01:10

ACM
01:10

Access Security Policy Principles
03:39

Identity Management and Compliance
00:49

Authentication Factors
03:00

Remote Access
03:21

User Registration
01:28

Procurement
01:09


Types of Third Party Relationships
00:50

Methods for Managing Info Security Regarding Third Parties
01:02

Security Service Providers
01:14

Third Party Contract Provisions
02:28

Methods to Define Security Requirements in SLA's, Security Provisions and SLA's,
05:40

How to Enforce Contractual Info Security Controls
01:43

SDLC
02:03

Code Development
01:56

Common Techniques for Security Enforcement
03:03

How to Enforce Info Security During Systems Development
02:31

Maintenance
02:20

Methods of Monitoring Security Activities
02:45

Impact of Change and Configuration Management Activities
02:03

How to Maintain Info Security Within an Organization
01:29

Due Diligence Activities
01:29

Types of Due Diligence Activities
01:42

Reviews of Info Access
03:07

Standards of Managing and Controlling Info Access
03:50

How to Provide Info Security Advice and Guidance
03:07

Info Security Awareness
03:50

Types of Info Security Stakeholders
01:23

Methods of Stakeholder Education
01:06

Security Stakeholder Education Process
01:19

How to Provide Info Security Awareness and Training
04:40

Methods of Testing the Effectiveness of Info Security Control
03:03

he Penetration Testing Process
03:27

Types of Penetration Testing
05:56

Password Cracking
01:36

Social Engineering Attacks
05:44

Social Engineering Types
01:33


Regulatory Reporting Requirements
01:54

Internal Reporting Requirements
01:49

How to Analyze the Effectiveness of Info Security Controls
01:20

Noncompliance Issues
01:14

Security Baselines
00:51

Events Affecting the Security Baseline
02:33

Info Security Problem Management Process
01:24

How to Resolve Noncompliance Issues
03:57

Incident Response Capability
00:54
+
Domain 6: Incident Management and Response
58 Lectures 01:56:46
Components of Incident Response
02:20

BCP
00:38

BIA Phase
01:45


DRP
01:41

Alternate Sites
04:39

Develop a BCP
02:56

Develop a DRP
01:12

MTD
00:32

RPO
00:26


Data Backup Strategies
01:18

Data Backup Types
04:03

Data Restoration Strategies
01:41

Info Incident Management Practices
00:35

IRP
00:58

Trigger Events and Types of Trigger Events
03:57

Methods of Containing Damage
02:14

How to Develop an IRP
02:32

Escalation ProcessNotification Process
01:34

IRT
01:26

Crisis Communication
04:05

How to Establish an Escalation Process
02:43

Internal Reporting Requirements
01:10

External Reporting Requirements
01:06

Communication Process
01:22

How to Develop a Communication Process
02:09

IRP and DRP
01:04

IRP and BCP
01:04

Methods of Identifying Business Resources Essential to Recovery
01:34

How to Integrate an IRP
03:37


Response Team Tools and Equipment
02:46

How to Develop IRT's
01:20

BCP testing
04:41

Disaster Recovery Testing
00:37

Schedule Disaster Recovery Testing
01:48

Refine IRP
01:05

How to Test an IRP
02:33

Damage Assessment
01:18

Business Impacts Cause by Security Incidents
00:38

How to Manage Responses to Info Security Incidents
01:23

Computer and Digital Forensics
02:13

Forensic Requirements for Responding to Info Security Incidents
02:18

Evidence Life Cycle
00:44

Evidence Collection
00:34

Evidence Types
05:30

Five Common Rules of Evidence
01:54

Chain of Custody
00:49

How to Investigate an Info Security Incident
03:24

PIR Methods
00:33

Security Incident Review Process
00:59

Investigate Cause of a Security Incident
00:56

Identify Corrective Actions
01:17

Reassess Security Risks After a Security Incident
00:55

How to Conduct a Post-Incident Review
03:00


Outro 2-Post Test
03:43
About the Instructor
iCollege Certifications
4.1 Average rating
1,617 Reviews
11,012 Students
100 Courses
Certification Leader

iCollege is a leading international provider of E-Learning courses, learning technologies and development services.

Utilizing state of the art technologies, highly experienced consultants and innovative methodologies, we provide, cutting-edge education products, services and solutions for individuals, corporate organizations, governmental institutions and education providers.

Our collective knowledge and experience in education and training sets the standard for service delivery in learning solutions.