Certified Information Security Manager (CISM)
4.4 (485 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,745 students enrolled

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM)
4.4 (485 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,745 students enrolled
Last updated 9/2018
English
English [Auto-generated]
Current price: $139.99 Original price: $199.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 14.5 hours on-demand video
  • 5 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Govern information security policies
  • Manage risks and ensure compliance to the information security policies
  • Develop, manage and implement information security program in an organization
  • Manage incidents related to information security
Requirements
  • As the case with the CISM certification exam, the candidates are required to have a minimum of five years of experience in information security management.
  • Experience in the fields of information security governance, risk management, compliance, and incident management is also preferable.
Description

The Certified Information Security Manager (CISM) course helps the candidates to achieve the CISM certification. The certification is offered by the Information Systems Audit and Control Association (ISACA) to validate the expertise and knowledge of the candidates regarding the relationship between an information security program and the broader business targets. The certification also validates that the candidate has the hands-on knowledge of developing, managing and implementing an information security program for an organization.

CISM certification is a certification by ISACA for experienced Information security management professionals with work experience in developing and managing information security programs. The CISM course covers the four domains of the CISM certification exam. The course is an ideal preparatory course for the students seeking to gain CISM certification as well as the IT security and information security professionals looking to build on their practical experience.


Who this course is for:
  • The ideal candidates for the course must be:
  • Experienced information security managers and officers
  • IT consultants and managers
  • IT auditors
  • IT security policy makers
  • Privacy officers
  • Network administrators
  • Network security engineers
  • Candidates seeking CISM certification
Course content
Expand all 389 lectures 14:35:38
+ Domain 01 - Information Security Governance
133 lectures 03:47:43
Importance of Information Security Governance Part1
06:20
Outcomes of Information Security Governance Part1
00:33
Outcomes of Information Security Governance Part2
01:26
Outcomes of Information Security Governance Part3
02:45
Outcomes of Information Security Governance Part4
01:27
Outcomes of Information Security Governance Part5
01:54
Outcomes of Information Security Governance Part6
01:28
Lesson 2: Effective Information Security Governance
00:31
Business Goals and Objectives Part1
01:31
Business Goals and Objectives Part2
02:00
Roles and Responsibilities of Senior Management Part1
01:02
Roles and Responsibilities of Senior Management Part2
00:43
Domain Tasks Part1
01:21
Domain Tasks Part2
03:16
Business Model for Information Security Part1
00:45
Business Model for Information Security Part2
01:09
Business Model for Information Security Part3
03:16
Business Model for Information Security Part4
01:37
Dynamic Interconnections Part1
00:34
Dynamic Interconnections Part2
02:55
Dynamic Interconnections Part3
01:55
Dynamic Interconnections Part4
00:51
Lesson 3: Information Security Concepts and Technologies
03:26
Information Security Concepts and Technologies Part1
02:58
Information Security Concepts and Technologies Part2
03:25
Information Security Concepts and Technologies Part3
01:50
Technologies Part1
01:41
Technologies Part2
06:12
Lesson 4: Information Security Manager
00:33
Responsibilities
01:48
Senior Management Commitment Part1
00:48
Senior Management Commitment Part2
02:27
Obtaining Senior Management Commitment Part1
00:24
Obtaining Senior Management Commitment Part2
00:53
Establishing Reporting and Communication Channels Part1
01:13
Establishing Reporting and Communication Channels Part2
01:07
Lesson 5: Scope and Charter of Information Security Governance
01:55
Assurance Process Integration and Convergence
02:24
Convergence
02:32
Governance and Third-Party Relationships
02:38
Lesson 6: Information Security Governance Metrics
00:56
Metrics
01:38
Effective Security Metrics Part1
01:46
Effective Security Metrics Part2
01:01
Effective Security Metrics Part3
01:51
Effective Security Metrics Part4
00:39
Security Implementation Metrics
01:17
Strategic Alignment Part1
02:56
Strategic Alignment Part2
01:10
Risk Management
01:14
Value Delivery
01:02
Resource Management Part1
00:47
Resource Management Part2
00:41
Performance Measurement
03:06
Assurance Process Integration/Convergence
02:54
Lesson 7: Information Security Strategy Overview
00:53
Another View of Strategy
00:41
Lesson 8: Creating Information Security Strategy
00:16
Information Security Strategy
01:22
Common Pitfalls Part1
04:38
Common Pitfalls Part2
02:19
Objectives of the Information Security Strategy
01:33
What is the Goal?
01:40
Defining Objectives
01:23
Business Linkages
01:48
Business Case Development Part1
01:44
Business Case Development Part2
02:36
Business Case Development Part3
00:45
Business Case Objectives
00:57
The Desired State
01:48
COBIT
01:08
COBIT Controls
01:09
COBIT Framework
00:48
Capability Maturity Model
01:38
Balanced Scorecard
01:22
Architectural Approaches
01:03
ISO/IEC 27001 and 27002
01:00
Risk Objectives Part1
01:39
Risk Objectives Part2
03:11
Lesson 9: Determining Current State Of Security
00:45
Current Risk Part1
02:37
Current Risk Part2
01:11
BIA
01:11
Lesson 10: Information Security Strategy Development
01:52
The Roadmap
01:01
Elements of a Strategy
03:27
Strategy Resources and Constraints
02:45
Lesson 11: Strategy Resources
00:32
Policies and Standards
01:00
Definitions
05:48
Enterprise Information Security Architectures
01:30
Controls
03:00
Countermeasures
00:55
Technologies
01:50
Personnel
01:54
Organizational Structure
03:47
Employee Roles and Responsibilities
00:28
Skills
01:16
Audits
01:41
Compliance Enforcement
02:24
Threat Assessment
01:41
Vulnerability Assessment
02:21
Risk Assessment
02:19
Insurance
02:04
Business Impact Assessment
02:32
Outsourced Security Providers
02:57
Lesson 12: Strategy Constraints
00:22
Legal and Regulatory Requirements
01:43
Physical Constraints
02:56
The Security Strategy
01:36
Lesson 13: Action Plan to Implement Strategy
01:13
Gap Analysis Part1
01:35
Gap Analysis Part2
00:52
Gap Analysis Part3
03:01
Policy Development Part1
01:41
Policy Development Part2
01:00
Standards Development
02:44
Training and Awareness
00:35
Action Plan Metrics
01:23
General Metric Considerations Part1
00:23
General Metric Considerations Part2
00:35
General Metric Considerations Part3
00:43
General Metric Considerations Part4
00:23
CMM4 Statements
02:00
Objectives for CMM4
00:47
Domain 01 Review
00:44
Domain 01 - Quiz
7 questions
+ Domain 02 - Information Risk Management
59 lectures 02:22:21
Lesson 1: Risk Management Overview
00:59
Risk Management Overview
01:51
Types of Risk Analysis
07:08
The Importance of Risk Management
02:14
Risk Management Outcomes
01:35
Risk Management Strategy
01:49
Lesson 2: Good Information Security Risk Management
04:14
Context and Purpose
03:08
Scope and Charter
00:39
Assets
02:31
Other Risk Management Goals
02:02
Roles and Responsibilities
02:51
Lesson 3: Information Security Risk Management Concepts
06:06
Technologies
06:39
Lesson 4: Implementing Risk Management
02:08
The Risk Management Framework
02:00
The External Environment
01:48
The Internal Environment
02:06
The Risk Management Context
00:47
Gap Analysis
02:21
Other Organizational Support
04:09
Risk Analysis
01:22
Lesson 5: Risk Assessment
01:19
NIST Risk Assessment Methodology
03:49
Aggregated or Cascading Risk
02:54
Other Risk Assessment Approaches
01:18
Identification of Risks
01:49
Threats
01:08
Vulnerabilities Part1
02:11
Vulnerabilities Part2
04:10
Risks
01:36
Analysis of Relevant Risks
01:48
Risk Analysis
02:29
Semi -Quantitative Analysis
01:52
Quantitative Analysis Example
04:14
Evaluation of Risks
00:46
Risk Treatment Options
04:39
Impact
02:59
Lesson 6: Controls Countermeasures
00:25
Controls
04:43
Residual Risk
03:38
Information Resource Valuation
01:33
Methods of Valuing Assets
01:36
Information Asset Classification
03:32
Determining Classification
02:05
Impact Part1
03:53
Impact Part2
01:03
Lesson 7: Recovery Time Objectives
00:49
Recovery Point Objectives
04:18
Service Delivery Objectives
01:58
Third-Party Service Providers
01:44
Working with Lifecycle Processes
02:08
IT System Development
02:11
Project Management Part1
00:46
Project Management Part2
02:10
Lesson 8: Risk Monitoring and Communication
01:17
Risk Monitoring and Communication
00:38
Other Communications
01:25
Domain 02 Review
01:01
Domain 02 - Quiz
7 questions
+ Domain 03 - Information Security Program Development
114 lectures 04:07:00
Introduction
00:30
Lesson 1: Development of Information Security Program
02:50
Importance of the Program
00:52
Outcomes of Security Program Development
01:47
Effective Information Security Program Development
04:59
Lesson 2: Information Security Program Objectives
00:10
Cross Organizational Responsibilities
01:55
Program Objectives Part1
02:23
Program Objectives Part2
01:18
Defining Objectives Part1
02:11
Defining Objectives Part2
01:08
Lesson 3: Information Security Program Development Concepts Part1
04:02
Information Security Program Development Concepts Part2
05:39
Technology Resources
02:44
Information Security Manager
01:25
Lesson 4: Scope and Charter of Information Security Program Development
00:30
Assurance Function Integration
01:35
Challenges in Developing Information Security Program
01:54
Pitfalls
02:48
Objectives of the Security Program
02:06
Program Goals
02:52
The Steps of the Security Program
01:46
Defining the Roadmap Part1
01:38
Defining the Roadmap Part2
00:58
Elements of the Roadmap Part1
01:18
Elements of the Roadmap Part2
00:34
Elements of the Roadmap Part3
01:57
Elements of the Roadmap Part4
01:17
Elements of the Roadmap Part5
00:18
Gap Analysis
00:44
Lesson 5: Information Security Management Framework
00:15
Security Management Framework
04:55
COBIT 5
05:59
ISO/IEC 27001
04:30
Lesson 6: Information Security Framework Components
00:13
Operational Components Part1
01:56
Operational Components Part2
03:11
Management Components
01:31
Administrative Components
03:29
Educational and Informational Components
01:25
Lesson 7: Information Security Program Resources
01:32
Resources
03:27
Documentation
00:54
Enterprise Architecture Part1
04:29
Enterprise Architecture Part2
01:54
Enterprise Architecture Part3
01:11
Controls as Strategy Implementation Resources Part1
03:42
Controls as Strategy Implementation Resources Part2
02:19
Controls as Strategy Implementation Resources Part3
04:35
Controls as Strategy Implementation Resources Part4
02:19
Common Control Practices
01:41
Countermeasures
00:37
Technologies Part1
01:13
Technologies Part2
01:52
Technologies Part3
01:39
Technologies Part4
05:38
Personnel Part1
02:00
Personnel Part2
02:56
Security Awareness
01:28
Awareness Topics
05:18
Formal Audits
01:16
Compliance Enforcement
01:03
Project Risk Analysis
03:09
Other Actions
02:58
Other Organizational Support
01:21
Program Budgeting Part1
01:03
Program Budgeting Part2
02:19
Lesson 8: Implementing an Information Security Program
00:13
Policy Compliance
02:38
Standards Compliance
02:44
Training and Education
01:43
ISACA Control Objectives
03:52
Third-party Service Providers Part1
01:08
Third-party Service Providers Part2
04:22
Integration into Lifecycle Processes
02:14
Monitoring and Communication
03:33
Documentation
01:33
The Plan of Action Part1
01:17
The Plan of Action Part2
01:36
Lesson 9: Information Infrastructure and Architecture
00:53
Managing Complexity Part1
04:42
Managing Complexity Part2
01:45
Objectives of Information Security Architectures Part1
01:30
Objectives of Information Security Architectures Part2
01:15
Physical and Environmental Controls
03:32
Lesson 10: Information Security Program
03:03
Information Security Program Deployment Metrics
02:27
Metrics
02:02
Strategic Alignment
00:53
Risk Management
01:41
Value Delivery
00:35
Resource Management
01:22
Assurance Process Integration
00:27
Performance Measurement
00:41
Security Baselines
00:38
Lesson 11: Security Program Services and Operational Activities
00:48
IS Liaison Responsibilities Part1
10:17
IS Liaison Responsibilities Part2
02:28
Cross-Organizational Responsibilities
01:34
Security Reviews and Audits Part1
03:27
Security Reviews and Audits Part2
01:38
Management of Security Technology
01:25
Due Diligence Part1
04:10
Due Diligence Part2
01:36
Compliance Monitoring and Enforcement Part1
02:02
Compliance Monitoring and Enforcement Part2
01:46
Assessment of Risk and Impact Part1
02:16
Assessment of Risk and Impact Part2
01:28
Outsourcing and Service Providers
02:33
Cloud Computing Part1
01:36
Cloud Computing Part2
01:54
Cloud Computing Part3
02:23
Integration with IT Processes
00:42
Domain 03 Review
01:13
Domain 03 -Quiz
11 questions
+ Domain 04 - Information Security Incident Management
81 lectures 04:16:12
Lesson 1: Incident Management Overview Part1
00:47
Incident Management Overview Part2
03:08
Incident Management Overview Part3
03:45
Types of Events Part1
02:43
Types of Events Part2
03:20
Goals of Incident Management Part1
04:45
Goals of Incident Management Part2
06:31
Goals of Incident Management Part3
03:26
Lesson 2: Incident Response Procedures Part1
00:23
Incident Response Procedures Part2
03:40
Importance of Incident Management
08:01
Outcomes of Incident Management
03:50
Incident Management
01:34
Concepts Part1
03:44
Concepts Part2
01:35
Concepts Part3
01:34
Incident Management Systems Part1
04:02
Incident Management Systems Part2
00:53
Lesson 3: Incident Management Organization
02:30
Responsibilities Part1
03:44
Responsibilities Part2
02:58
Responsibilities Part3
05:10
Senior Management Commitment
01:02
Lesson 4: Incident Management Resources
00:25
Policies and Standards
00:36
Incident Response Technology Concepts
11:11
Personnel
03:11
Roles and Responsibilities (eNotes)
08:24
Skills
08:09
Awareness and Education
01:20
Audits
02:49
Lesson 5: Incident Management Objectives
00:17
Defining Objectives
00:48
The Desired State
03:29
Strategic Alignment
06:42
Other Concerns
02:32
Lesson 6: Incident Management Metrics and Indicators
05:14
Implementation of the Security Program Management
03:01
Management Metrics and Monitoring Part1
01:35
Management Metrics and Monitoring Part2
02:48
Other Security Monitoring Efforts
04:24
Lesson 7: Current State of Incident Response Capability
00:11
Threats
04:39
Vulnerabilities
06:15
Lesson 8: Developing an Incident Response Plan
00:44
Elements of an Incident Response Plan
08:19
Gap Analysis
03:05
BIA Part1
05:05
BIA Part2
02:48
Escalation Process for Effective IM
02:45
Help Desk Processes for Identifying Security Incidents
01:27
Incident Management and Response Teams
02:10
Organizing, Training, and Equipping the Response Staff
01:55
Incident Notification Process
00:55
Challenges in making an Incident Management Plan
02:18
Lesson 9: BCP/DRP
07:49
Goals of Recovery Operations Part1
02:02
Goals of Recovery Operations Part2
01:57
Choosing a Site Selection Part1
05:37
Choosing a Site Selection Part2
01:18
Implementing the Strategy
03:58
Incident Management Response Teams
02:10
Network Service High-availability
04:17
Storage High-availability
04:01
Risk Transference
01:27
Other Response Recovery Plan Options
01:29
Lesson 10: Testing Response and Recovery Plans
02:17
Periodic Testing
01:17
Analyzing Test Results Part1
02:06
Analyzing Test Results Part2
03:39
Measuring the Test Results
00:57
Lesson 11: Executing the Plan
01:56
Updating the Plan
01:15
Intrusion Detection Policies
01:38
Who to Notify about an Incident
01:52
Recovery Operations
01:53
Other Recovery Operations
01:57
Forensic Investigation
03:05
Hacker / Penetration Methodology
11:50
Domain 04 Review
01:15
Course Closure
00:34
Domain 04 - Quiz
12 questions