CISSM: Information Systems Security Manager

Home > Course Catalog > Choose By Topics > Cybersecurity > CISSM: Information Systems Security Manager

$2,995

Contact for Group Training

Course Overview

About this Cybersecurity Training Course

The Certified Information Systems Security Manager certification Cybersecurity Training Course is designed to teach towards and certify a information systems professionals high standard of excellence in following areas:

Information Security Governance
Information Risk Management and Compliance
Information Security Program Development and Management
Information Security Incident Management

While we provide thorough training in these 4 critical areas of information systems security management, most who take the CISSM have professional experience in all four of these areas. A gap of experience in some of these fields can be bridged by achieving our CISSO: Certified Information Systems Security Officer Certification.

Schedule

Start Date	Delivery Format	Days	Time	Status	Price	Enroll
Coming Soon	Live Virtual Led	4	10:00 am	Enrolling Now	$2,995	CISSM: Information Systems Security Manager quantity
Coming Soon	Live Virtual Led	4	10:00 am	Enrolling Now	$2,995	CISSM: Information Systems Security Manager quantity
Coming Soon	Live Virtual Led	4	10:00 am	Enrolling Now	$2,995	CISSM: Information Systems Security Manager quantity
Coming Soon	Live Virtual Led	4	10:00 am	Enrolling Now	$2,995	CISSM: Information Systems Security Manager quantity
Coming Soon	Live Virtual Led	4	10:00 am	Enrolling Now	$2,995	CISSM: Information Systems Security Manager quantity
Coming Soon	Live Virtual Led	5	10:00 am	Enrolling Now	$2,995	CISSM: Information Systems Security Manager quantity

Looking for Corporate/Group Training?

Leave us a message

Who Should Attend

The CISSM was created to train & certify managers of information systems who have experience with Information Security Risk, Security, Compliance, & Incident Management of systems. If you are lacking experience in one or two of these areas we recommend taking our CISSO: Certified Information Systems Security Officer Certification. This is specialized Cybersecurity Training Course, and as such we expect our students to be familiar with these subjects before coming to the Cybersecurity Training Course.

Prerequisites

CISSO Information Systems Security Officer
Or equivalent experience

Objectives

Upon completion, students will:

Have an in-depth knowledge of Information Security Risk, Security, Compliance, & Incident Management
Have knowledge to manage todays most difficult information systems security challenges
Be ready to sit for the CISSM exam.

Course Outline

Module 1 Introduction

Welcome
Agenda
CISM
CISM Exam Review Cybersecurity Training Course Overview
CISM Qualifications
The Learning Environment
Daily Format
Domain Structure
Cybersecurity Training Course Structure
Logistics

Module 2 Information Security Governance

Cybersecurity Training Course Agenda
Examination Content
Chapter 1 Learning Objectives
The First Question
Information Security Governance Overview
Selling the Importance of Information Security
The First Priority for the CISM
Business Goals and Objectives
Outcomes of Information Security Governance
Benefits of Information Security Governance
Performance and Governance
Information Security Strategy
Developing Information Security Strategy
Elements of a Strategy
Objectives of Security Strategy
The Goal of Information Security
Defining Security Objectives
Business Linkages
Business Case Development
The Information Security Program
Security Program Priorities
Security versus Business
Security Program Objectives
What is Security?
Security Integration
Security Program
Architecture
Information Security Frameworks
Using an Information Security Framework
The Desired State of Security
The Desired State cont.
The Maturity of the Security Program Using CMM
Using the Balanced Scorecard
The ISO27001:2013 Framework
Examples of Other Security Frameworks
Examples of Other Security Frameworks
Constraints and Considerations for a Security Program
Constraints and Considerations for a Security Program cont.
Elements of Risk and Security
Risk Management
Information Security Concepts
Information Security Concepts cont.
Security Program Elements
Security Program Elements cont.
Third Party Agreements
Roles and Responsibilities of Senior Management
Senior Management Commitment
Steering Committee
CISO Chief Information Security Officer Responsibilities
Business Manager Responsibilities
IT Staff Responsibilities
Centralized versus Decentralized Security
Evaluating the Security Program
Audit and Assurance of Security
Evaluating the Security Program
Effective Security Metrics
Effective Security Metrics cont.
Key Performance Indicators (KPIs)
End to End Security
Correlation Tools
Reporting and Compliance
Regulations and Standards
Effect of Regulations
Reporting and Analysis
Ethics
Ethical Standards
Ethical Responsibility
Practice Question
Practice Question
Practice Question
Practice Question

Module 3 Information Risk Management and Compliance

Exam Relevance
Information Asset Classification
Roles and Responsibilities
Roles and Responsibilities
Information Classification Considerations
Regulations and Legislation
Asset Valuation
Valuation Process
Information Protection
Information Asset Protection
Definition of Risk
Why is Risk Important
Risk Management Definition
Risk Management Objective
Risk Management Overview
Risk Management Overview
Defining the Risk Environment
Threats to Information and Information Systems
Threat Analysis
Aggregate Risk
Cascading Risk
Identification of Vulnerabilities
The Effect of Risk
Impact
Impact cont.
Risk Management Process
Risk Assessment Methodology
Annualized Loss Expectancy (ALE)
Qualitative Risk Assessment
Data Gathering Techniques
Results of Risk Assessment
Alignment of Risk Assessment and BIA
Risk Treatment
Risk Treatment
Risk Mitigation and Controls
Control Recommendations
Cost Benefit Analysis of Controls
Cost Benefit Analysis of Controls cont.
Risk Mitigation Schematic
Control Types and Categories
Control Types and Categories cont.
Security Control Baselines
Ongoing Risk Assessment
Measuring Control Effectiveness
Building Risk Management In (Agenda)
Risk Related to Change Control
Controlling Risk in Change Control
Risk Management During SDLC
Ongoing Risk Management Monitoring and Analysis
Audit and Risk Management
Audit and Risk Management cont.
Risk in Business Process Re-Engineering
Risk in Project Management
Risk During Employment Process
New Employee Initiation
Risk During Employment
Risk at Termination of Employment
Risks During Procurement
Risk During Procurement cont.
Reporting to Management
Documentation
Training and Awareness
Training and Awareness
Training for End Users
Practice Question
Practice Question 2

Module 4 Information Security Program Development and Management

Cybersecurity Training Course Agenda
Exam Relevance
Learning Objectives cont.
Definition
Security Strategy and Program Relationship
Information Security Management
Importance of Security Management
Definition
Effective Security Management
Reasons for Security Program Failure
Program Objectives
Security Program Development
Security Program Development cont.
Outcomes of Information Security Program Development
Governance of the Security Program
Role of the Information Security Manager (Agenda)
Strategy
Policy
Creating Effective Policy
Awareness
Implementation
Monitoring
Compliance
Developing an Information Security Road Map
Defining Security Program Objectives
Inventory of Information Systems
Challenges in Developing an Information Security Program
Challenges in Developing an Information Security Program cont.
Elements of a Security Program Road Map
Security Programs and Projects
Security Program and Project Development
Security Project Planning
Selection of Controls
Common Control Practices
Security Program Elements (Agenda)
Policies
Acceptable Use Policy
Acceptable Use Policy cont.
Standards
Procedures
Guidelines
Technology
Personnel Security
Training and Skills Matrix
Organizational Structure
Outsourced Security Providers
Third-party Service Providers
Facilities
Facilities Security
Environmental Security
Information Security Concepts (Agenda)
Information Security Concepts (Agenda)
Access Control
Identification
Authentication
Authorization
Accounting / Auditability
Criticality
Sensitivity
Trust Models
Technology-based Security
Technologies
Security in Technical Components
Operations Security
Technologies Access Control Lists
Filtering and Content Management
Technologies – SPAM
Technologies Databases and DBMS
Encryption
Technologies – Cryptography
Technologies Cryptography cont.
Technologies Encryption cont.
Technologies Hashing Algorithms
Technology Communications OSI Model
Technology Communications TCP/IP
Technologies Operating Systems
Technology – Firewalls
Emerging Technologies
Intrusion Detection Policies and Processes
Intrusion Detection Systems
IDS / IPS
Password Cracking
Vulnerability Assessments
Penetration Testing
Penetration Testing cont.
Third Party Security Reviews
Integration into Life Cycle Processes
Security in External Agreements
Security in External Agreements
Security Program Implementation
Phased Approach
Challenges During Implementation
Evaluating the Security Program
Evaluating Security Program cont.
Evaluating the Security Program cont.
Measuring Information Security Risk and Loss
Measuring Effectiveness of Technical Security Program
Measuring Effectiveness of Security Management
Security Project Management
Review of Security Compliance
Practice Question
Practice Question
Practice Question
Practice Question

Module 5 – Information Security Incident Management

Learning Objectives
Definition
Goals of Incident Management and Response
Goals of Incident Response cont.
What is an Incident – Intentional
What is an Incident – Unintentional
History of Incidents
Developing Response and Recovery Plans
Incident Management and Response
Incident Management and Response cont.
Incident Management and Response cont.
Importance of Incident Management and Response
Incident Response Functions
Incident Response Manager Responsibilities
Incident Response Manager Responsibilities
Requirements for Incident Response Managers
Senior Management Involvement
The Desired State
Strategic Alignment of Incident Response
Detailed Plan of Action for Incident Management
Detailed Plan of Action for Incident Management – Prepare
Detailed Plan of Action for Incident Management Prepare cont.
Detailed Plan of Action for Incident Management – Protect
Detailed Plan of Action for Incident Management – Detect
Detailed Plan of Action for Incident Management – Triage
Detailed Plan of Action for Incident Management – Response
Elements of an Incident Response Plan
Crisis Communications
Challenges in Developing an Incident Management Plan
Personnel
Personnel cont.
Personnel cont.
Team Member Skills
Skills cont.
Skills cont.
Security Concepts and Technologies
Organizing, Training and Equipping the Response Staff
Value Delivery
Performance Measurement
Reviewing the Current State of Incident Response Capability
Audits
Gap Analysis Basis for
an Incident Response Plan
When an Incident Occurs
During an Incident
During an Incident cont.
Containment Strategies
The Battle Box
Evidence Identification and Preservation
Post Event Reviews
Disaster Recovery Planning (DRP) and Business Recovery Processes
Development of BCP and DRP
Plan Development
Plan Development cont.
Recovery Strategies
Recovery Strategies
Basis for Recovery Strategy Selections
Disaster Recovery Sites
Disaster Recovery Sites cont.
Recovery of Communications
Notification Requirements
Notification Requirements cont.
Response Teams
Insurance
Testing Response and Recovery Plans
Types of Tests
Test Results
Test Results cont.
Plan Maintenance Activities
BCP and DRP Training
Practice Question
Practice Question
Practice Question
Practice Question
Practice Question

Click here to view course outline Close