CISM® (Certified Information Security Manager®)

Paths

CISM® (Certified Information Security Manager®)

Authors: Kevin Henry, Bobby Rogers

This series provides the foundational knowledge needed to effectively assess, develop and lead enterprise-level information security. This series can be used to prepare for the... Read more

What you will learn

  • How to align information security strategy with organizational goals and objectives
  • How to develop an information security governance framework
  • How to manage IT risk to an organizationally acceptable level
  • How to develop an information security program that identifies, manages and protects an organization’s assets
  • How to develop and execute the capability to detect, investigate, remediate and recover from security incidents in a way that minimizes impact to the business

Pre-requisites

CISM candidates are required to have a minimum of five years of professional information security work experience, with at least three years spent in three or more of the job practice areas. This series assumes knowledge of fundamental information security concepts.

CISM® (Certified Information Security Manager®)

This series provides the foundational knowledge needed to effectively assess, develop and lead enterprise-level information security. This series can be used to prepare for the ISACA® CISM (Certified Information Security Manager) examination, with coverage of the 2017 CISM Job Practice Areas.

Preparing for an ISACA® Certification Examination

by Kevin Henry

Mar 31, 2018 / 17m

17m

Start Course
Description

Preparing for an ISACA® examination can be difficult and stressful. In this course, Preparing for an ISACA® Certification Examination, you will learn how to set yourself up for success, prior to taking the exam. First, you will delve into the test taking process. Next, you will discover some helpful tips and tricks to pass the exam. Last, you will learn how to develop a study plan. When you're finished with this course, you will have the skills and knowledge needed to be prepared for an ISACA® exam.

Table of contents
  1. Course Overview
  2. The ISACA® Exam Format
  3. Preparing for an ISACA® Examination

Information Security Manager: Information Security Governance

by Bobby Rogers

Jul 31, 2017 / 4h 30m

4h 30m

Start Course
Description

While protecting information assets is the primary goal of an information security program, governance sets the requirements for how the program must function within the compliance context. Organizations must operate their security programs in compliance with laws, regulations, policies, and standards. In this course, Information Security Manager: Information Security Governance, you'll gain solid foundational knowledge on the governance aspect of security, as well as skills you can use to effectively manage security compliance in your organization. First, you'll explore how both internal and external governance affect the organization, how information security strategy supports the mission and overall organizational strategy, and the different roles and responsibilities involved in the security program. Next, you'll learn how to write business cases to support security budgets and investments. Finally, you'll cover stakeholders and how to communicate the security strategy to them and gain their commitment to it. By the end of this course, you'll be well-versed in information security governance and how it affects an information security program.

Table of contents
  1. Course Overview
  2. Formulating Information Security Strategy
  3. Integrating Information Security Governance Concepts
  4. Writing Information Security Policies
  5. Creating Business Cases
  6. Influencing Security Strategy and Governance
  7. Gaining Stakeholder Commitment
  8. Information Security Management Roles and Responsibilities
  9. Demystifying Security Metrics

Information Security Manager: Information Risk Management

by Bobby Rogers

Jan 22, 2018 / 4h 20m

4h 20m

Start Course
Description

While protecting information assets is the primary goal of an information security program, risk management determines the balance between resources, compliance, and security. In this course, Information Security Manager: Information Risk Management, you'll gain a solid foundational knowledge of the risk management aspect of security, as well as skills you can use to effectively manage risk in your organization. First, you'll learn how to classify and assign value to information assets, determine legal and governance requirements for risk management, and how to quantify the elements of risk. Next, you'll explore how to conduct risk assessments and analysis to determine the amount of risk present. Finally, you'll discover risk response options, how to implement them, measure them, and report on risk. By the end of this course, you'll be well-versed in information risk management and how it affects an information security program.

Table of contents
  1. Course Overview
  2. Managing Organizational Information Assets
  3. Determining Legal and Regulatory Risk Management Requirements
  4. Elements of Risk
  5. Conducting Risk Assessments
  6. Implementing Risk Treatment and Response
  7. Managing Information Security Controls
  8. Integrating Information Risk into Business and IT
  9. Monitoring Risk
  10. Reporting Risk

Information Security Manager: Information Security Program Management

by Bobby Rogers

Dec 12, 2018 / 4h 12m

4h 12m

Start Course
Description

Protecting information assets is the primary goal of an information security program, and information security management provides the oversight for the balance between resources, compliance, and security. Organizations must protect their information assets by establishing and maintaining an effective information security program, considering the organization’s mission, goals, infrastructure, and people. In this course, Information Security Manager: Information Security Program Management, you'll gain solid foundational knowledge on the program management aspect of security, as well as skills you can use to effectively protect assets in your organization. First, you'll learn how to develop internal governance, such as security policies, manage people and technology processes, and how to maintain an information security training program. Next, you'll explore how to audit third-party agreements and contracts. Finally, you'll discover how to monitor the performance of the information security program and report that information to the various stakeholders in the organization. By the end of this course, you'll be well-versed in information security program management and how it affects the organization’s information security assets.

Table of contents
  1. Course Overview
  2. Integrating Security into Organizational Functions
  3. Managing Security Resources
  4. Managing Information Security Processes
  5. Developing and Maintaining Internal Governance
  6. Implementing the Information Security Training Program
  7. Engaging with Third Parties
  8. Providing Security Metrics
  9. Reporting Security to Stakeholders

Information Security Manager: Information Security Incident Management

by Bobby Rogers

Jun 6, 2019 / 3h 55m

3h 55m

Start Course
Description

Cybersecurity incidents are a daily occurrence in any organization’s infrastructure. Some of these incidents have a serious impact on an organization, and could result in a data breach, legal liability, and loss of customer confidence. Organizations are scrambling to equip their incident response teams with the right knowledge and skills to help combat this serious issue. In this course, Information Security Manager: Information Security Incident Management, you'll gain solid foundational knowledge on managing incident response in your organization, and understand how cybersecurity incident response works. First, you'll learn how to staff and equip the incident response team, as well as ensure they have the proper training and skills they need to carry out an effective response. Next, you'll discover how to develop critical response processes, such as incident triage, notification, and escalation. Then, you’ll see how an incident response plan is developed and maintained, as well as the critical processes that support the plan, such as incident containment, forensics, and investigation. Finally, you'll explore communicating information about the incident to the right stakeholders, including incident metrics, response effectiveness, and the root causes of incidents through professional reporting. By the end of this course, you'll be well-versed in incident management and how it can help you protect your information assets from loss or damage.

Table of contents
  1. Course Overview
  2. Defining an Incident Response Strategy
  3. Establishing an Incident Response Plan
  4. Creating an Incident Response Team
  5. Communicating Incident Information
  6. Containing Incidents
  7. Investigating Incidents
  8. Testing the Incident Response Plan
  9. Learning from an Incident Response

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.