CISM Cert Prep: 1 Information Security Governance

Prepare for the first domain of the Certified Information Security Manager (CISM) certification exam: Information Security Governance.

Introduction

• Information security program
• What you need to know
• Study resources

1. Information Security Strategy

• The goals of information security
• Designing an information security strategy
• Aligning security with the business
• Strategic Influences
• Organizational processes
• Security roles and responsibilities

2. Industry Standards

• Control frameworks
• Developing security baselines
• Leveraging industry standards
• Customizing security standards

3. Security Budgeting

• Developing a security budget
• Capital vs. operational expenses
• Budget monitoring and reporting

4. Security Governance

• Information security governance
• Security governance frameworks

5. Security Policies

• Security policy framework
• Security policies

6. Data Security

• Understanding data security
• Data security policies
• Data security roles
• Data privacy
• Limiting data collection
• Privileged access management

7. Navigating the Organization

• Organizational structure
• Obtaining leadership support

8. Assessing Security Programs

• Collecting security process data
• Management review and approval
• Security metrics
• Audits and assessments
• Control management

9. Security Principles

• Need to know and least privilege
• Separation of duties and responsibilities

Conclusion

• Continuing your studies