Scribd
Upload
101 views

CISM Course Outline & Notes 2025

The document outlines a course on Information Security Governance, Risk Management, Program, and Incident Management, detailing key topics such as governance roles, risk assessment strategies, program components, and incident response procedures. It includes specific learning objectives for each domain, emphasizing the importance of metrics, legal requirements, and effective communication. Additionally, the course features a practice exam with 80 questions to assess understanding of the material.

Uploaded by

selipar.pink
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
101 views

CISM Course Outline & Notes 2025

The document outlines a course on Information Security Governance, Risk Management, Program, and Incident Management, detailing key topics such as governance roles, risk assessment strategies, program components, and incident response procedures. It includes specific learning objectives for each domain, emphasizing the importance of metrics, legal requirements, and effective communication. Additionally, the course features a practice exam with 80 questions to assess understanding of the material.

Uploaded by

selipar.pink
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Course Outline

Introduction

 Welcome video

Domain 1 – Information Security Governance

 Describe the role of governance in creating value for the


enterprise.
 Explain the importance of information security governance
in the context of overall enterprise governance.
 Describe the influence of enterprise leadership, structure
and culture on the effectiveness of an information security
strategy.
 Identify the relevant legal, regulatory and contractual
requirements that impact the enterprise.
 Describe the effects of the information security strategy on
enterprise risk management.
 Evaluate the common frameworks and standards used to
govern an information security strategy.
 Explain why metrics are critical in developing and evaluating
the information security strategy.

Domain 2 – Information Security Risk Management

 Apply risk assessment strategies to reduce the impact of


information security risk.
 Assess the types of threats faced by the enterprise.
 Explain how security control baselines affect vulnerability
and control deficiency analysis.
 Differentiate between application of risk treatment types
from an information security perspective.
 Describe the influence of risk and control ownership on the
information security program.
 Outline the process of monitoring and reporting information
security risk.

Domain 3 – Information Security Program

 Outline the components and resources used to build an


information security program.
 Distinguish between common IS standards and frameworks
available to build an information security program.
 Explain how to align IS policies, procedures and guidelines
with the needs of the enterprise.
 Describe the process of defining an IS program road map.
 Outline key IS program metrics used to track and report
progress to senior management.
 Explain how to manage the IS program using controls.
 Create a strategy to enhance awareness and knowledge of
the information security program.
 Describe the process of integrating the security program
with IT operations and third-party providers.
 Communicate key IS program information to relevant
stakeholders.

Domain 4 – Incident Management

 Distinguish between incident management and incident


response
 Outline the requirements and procedures necessary to
develop an incident response plan.
 Identify techniques used to classify or categorize incidents.
 Outline the types of roles and responsibilities required for an
effective incident management and response team
 Distinguish between the types of incident management tools
and technologies available to an enterprise.
 Describe the processes and methods used to investigate,
evaluate and contain an incident.
 Identify the types of communications and notifications used
to inform key stakeholders of incidents and tests.
 Outline the processes and procedures used to eradicate and
recover from incidents.
 Describe the requirements and benefits of documenting
events.
 Explain the relationship between business impact, continuity
and incident response.
 Describe the processes and outcomes related to disaster
recovery.
 Explain the impact of metrics and testing when evaluating
the incident response plan.

CISM Practice Exam 80Questions

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy