CISM Essentials Exam Guide & Test Questions

Course Description Overview

Course Number:
035001
Course Length:
3 days
Course Description Overview:

This course is designed to help candidates prepare for sitting the ISACA CISM certification examination. By taking this course and obtaining CISM certification, your experience and skills in supporting the information security needs of your organization will be validated. Securing the organization’s information is a critical business objective in today’s business environment. The information that an organization depends on to be successful can be at risk from numerous sources. By effectively managing information security, you can address these risks and ensure the organization remains healthy and competitive in the marketplace.

Course Objectives:
-
Target Student:

The intended audience for this course is information security and IT professionals, particularly IT managers who are interested in earning the CISM certification. The course is also applicable to individuals who are interested in learning in-depth information about information security management or who are looking for career advancement in IT security.

Prerequisites:

To ensure your success, you should have at least five years of professional experience in information security, as well as at least three years of experience in information security management. You are also required to prove this level of experience to ISACA in order to obtain certification. Major areas of information security management include:

  • Information security governance
  • Information risk management
  • Information security program development
  • Information security program management
  • Incident management and response
Course-specific Technical Requirements Software:
-
Course-specific Technical Requirements Hardware:
-
Certification reference (where applicable)
-
Course Content:

Section 1: The Basics

 Chapter 1: Security Concepts

 Chapter 2: Governance, Goals, Strategies, Policies, Standards, and Procedures

 Chapter 3: Strategy

 Chapter 4: Risk Appetite, Tolerance, and Capacity

 Chapter 5: Analysis of Risk

 Chapter 6: Controlling Threats and Risk

 Chapter 7: Controls and Countermeasures

 Chapter 8: ALE, RTO, RPO, SDO, MTO, MTD, and AIW

 Chapter 9: BCP, DRP, and BIA

 Chapter 10: Business Continuity and Disaster Recovery

 Chapter 11: Testing Incident Response, Business Continuity Plans, and Disaster Recovery Plans

 Chapter 12: Roles, Responsibilities, RACI, and Skills

 Chapter 13: Due Diligence and Due Care

 Chapter 14: Security Principles

 Chapter 15: KGIs, KPIs, KRIs, and CSFs

 Chapter 16: Technologies

 Chapter 17: Standards and Frameworks

 Chapter 18: Culture

 Chapter 19: Metrics

 Chapter 20: Current State, Desired State, and the Gap in Between

 Chapter 21: Information Security Infrastructure and Architecture

 Chapter 22: Cloud Computing

 Chapter 23: Metrics Development

 Chapter 24: Business Model for Information Security (BMIS)

 

Section 2: The Four Domains

 Chapter 25: Information Security Governance — Overview

 Chapter 26: Information Security Governance — The Goal

 Chapter 27: Information Security Governance — The Strategy

 Chapter 28: Information Security Governance — Who Does What

 Chapter 29: Information Security Governance — Resources That Help

 Chapter 30: Information Security Governance — Constraints That Hurt

 Chapter 31: Information Security Governance — The Action Plan

 Chapter 32: Information Security Governance — Metrics and Monitoring

 Chapter 33: Information Security Governance —What Success Looks Like

 Chapter 34: Information Risk Management — Overview

 Chapter 35: Information Risk Management — The Goal

 Chapter 36: Information Risk Management — The Strategy

 Chapter 37: Information Risk Management — Who Does What

 Chapter 38: Information Risk Management — Resources That Help

 Chapter 39: Information Risk Management — Constraints That Hurt

 Chapter 40: Information Risk Management — The Action Plan

 Chapter 41: Information Risk Management — Metrics, Monitoring, and Reporting

 Chapter 42: Information Risk Management — What Success Looks Like

 Chapter 43: Information Security Program Development and Management — Overview

 Chapter 44: Information Security Program Development and Management — The Goal

 Chapter 45: Information Security Program Development and Management — The Strategy

 Chapter 46: Information Security Program Development and Management — Who Does What

 Chapter 47: Information Security Program Development and Management — Resources That Help

 Chapter 48: Information Security Program Development and Management — Constraints That Hurt

 Chapter 49: Information Security Program Development and Management — The Action Plan

 Chapter 50: Information Security Program Development and Management — Metrics and Monitoring

 Chapter 51: Information Security Program Development and Management — What Success Looks Like

 Chapter 52: Information Security Incident Management — Overview

 Chapter 53: Information Security Incident Management — The Goal

 Chapter 54: Information Security Incident Management — The Strategy

 Chapter 55: Information Security Incident Management — Who Does What

 Chapter 56: Information Security Incident Management — Resources That Help

 Chapter 57: Information Security Incident Management — Constraints That Hurt

 Chapter 58: Information Security Incident Management — The Action Plan

 Chapter 59: Information Security Incident Management — Metrics and Monitoring

 Chapter 60: Information Security Incident Management — What Success Looks Like

Registration
Register Now