Paths

CISM® (Certified Information Security Manager®)

Authors: Kevin Henry, Bobby Rogers

This series provides the foundational knowledge needed to effectively assess, develop and lead enterprise-level information security. This series can be used to prepare for the... Read more

CISM® (Certified Information Security Manager®)

This series provides the foundational knowledge needed to effectively assess, develop and lead enterprise-level information security. This series can be used to prepare for the ISACA® CISM (Certified Information Security Manager) examination, with coverage of the 2017 CISM Job Practice Areas.

Preparing for an ISACA® Certification Examination

by Kevin Henry

Mar 31, 2018 / 16m

16m

Start Course
Description

Preparing for an ISACA® examination can be difficult and stressful. In this course, Preparing for an ISACA® Certification Examination, you will learn how to set yourself up for success, prior to taking the exam. First, you will delve into the test taking process. Next, you will discover some helpful tips and tricks to pass the exam. Last, you will learn how to develop a study plan. When you're finished with this course, you will have the skills and knowledge needed to be prepared for an ISACA® exam.

Table of contents
  1. Course Overview1m
  2. The ISACA® Exam Format9m
  3. Preparing for an ISACA® Examination5m

Information Security Manager: Information Security Governance

by Bobby Rogers

Jul 31, 2017 / 4h 30m

4h 30m

Start Course
Description

While protecting information assets is the primary goal of an information security program, governance sets the requirements for how the program must function within the compliance context. Organizations must operate their security programs in compliance with laws, regulations, policies, and standards. In this course, Information Security Manager: Information Security Governance, you'll gain solid foundational knowledge on the governance aspect of security, as well as skills you can use to effectively manage security compliance in your organization. First, you'll explore how both internal and external governance affect the organization, how information security strategy supports the mission and overall organizational strategy, and the different roles and responsibilities involved in the security program. Next, you'll learn how to write business cases to support security budgets and investments. Finally, you'll cover stakeholders and how to communicate the security strategy to them and gain their commitment to it. By the end of this course, you'll be well-versed in information security governance and how it affects an information security program.

Table of contents
  1. Course Overview1m
  2. Formulating Information Security Strategy36m
  3. Integrating Information Security Governance Concepts31m
  4. Writing Information Security Policies33m
  5. Creating Business Cases38m
  6. Influencing Security Strategy and Governance36m
  7. Gaining Stakeholder Commitment32m
  8. Information Security Management Roles and Responsibilities31m
  9. Demystifying Security Metrics28m

Information Security Manager: Information Risk Management

by Bobby Rogers

Jan 22, 2018 / 4h 20m

4h 20m

Start Course
Description

While protecting information assets is the primary goal of an information security program, risk management determines the balance between resources, compliance, and security. In this course, Information Security Manager: Information Risk Management, you'll gain a solid foundational knowledge of the risk management aspect of security, as well as skills you can use to effectively manage risk in your organization. First, you'll learn how to classify and assign value to information assets, determine legal and governance requirements for risk management, and how to quantify the elements of risk. Next, you'll explore how to conduct risk assessments and analysis to determine the amount of risk present. Finally, you'll discover risk response options, how to implement them, measure them, and report on risk. By the end of this course, you'll be well-versed in information risk management and how it affects an information security program.

Table of contents
  1. Course Overview1m
  2. Managing Organizational Information Assets 43m
  3. Determining Legal and Regulatory Risk Management Requirements 24m
  4. Elements of Risk23m
  5. Conducting Risk Assessments41m
  6. Implementing Risk Treatment and Response23m
  7. Managing Information Security Controls27m
  8. Integrating Information Risk into Business and IT 24m
  9. Monitoring Risk30m
  10. Reporting Risk 19m

Information Security Manager: Information Security Program Management

by Bobby Rogers

Dec 12, 2018 / 4h 12m

4h 12m

Start Course
Description

Protecting information assets is the primary goal of an information security program, and information security management provides the oversight for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective information security program, considering the organization’s mission, goals, infrastructure, and people. In this course, Information Security Manager: Information Security Program Management, you'll gain solid foundational knowledge on the program management aspect of security, as well as skills you can use to effectively protect assets in your organization. First, you'll learn how to develop internal governance, such as security policies, manage people and technology processes, and how to maintain an information security training program. Next, you'll explore how to audit third-party agreements and contracts. Finally, you'll discover how to monitor the performance of the information security program and report that information to the various stakeholders in the organization. By the end of this course, you'll be well-versed in information security program management and how it affects the organization’s information security assets.

Table of contents
  1. Course Overview1m
  2. Integrating Security into Organizational Functions29m
  3. Managing Security Resources33m
  4. Managing Information Security Processes44m
  5. Developing and Maintaining Internal Governance33m
  6. Implementing the Information Security Training Program23m
  7. Engaging with Third Parties18m
  8. Providing Security Metrics28m
  9. Reporting Security to Stakeholders39m

What you will learn

  • How to align information security strategy with organizational goals and objectives
  • How to develop an information security governance framework
  • How to manage IT risk to an organizationally acceptable level
  • How to develop an information security program that identifies, manages and protects an organization’s assets
  • How to develop and execute the capability to detect, investigate, remediate and recover from security incidents in a way that minimizes impact to the business

Pre-requisites

CISM candidates are required to have a minimum of five years of professional information security work experience, with at least three years spent in three or more of the job practice areas. This series assumes knowledge of fundamental information security concepts.

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.