Prepare for the first domain of the Certified Information Security Manager (CISM) certification exam: Information Security Governance.
Overview
Syllabus
Introduction
- Information security governance
- What you need to know
- The goals of information security
- Designing an information security strategy
- Aligning security with the business
- Strategic influences
- Organizational processes
- Security roles and responsibilities
- Control frameworks
- Developing security baselines
- Leveraging industry standards
- Customizing security standards
- Developing a security budget
- Capital vs. operational expenses
- Budget monitoring and reporting
- Information security governance
- Security governance frameworks
- Security policy framework
- Security policies
- Understanding data security
- Data security policies
- Data security roles
- Data privacy
- Limiting data collection
- Privileged account management
- Organizational structure
- Obtaining leadership support
- Collecting security process data
- Management review and approval
- Security metrics
- Audits and assessments
- Control management
- Need to know and least privilege
- Separation of duties and responsibilities
- What's next?
Taught by
Mike Chapple
