Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

LinkedIn Learning

CISM Cert Prep: 3 Information Security Program Development and Management

via LinkedIn Learning


Get the detailed information you need to tackle the Information Security Program Development and Management domain on the Certified Information Security Manager (CISM) exam.

Prepare to pass the Certified Information Security Manager (CISM) exam. In this course, Mike Chapple details how to best set up, define, and manage an information security program in an organization—concepts that can help you ace the questions in the Information Security Program Development and Management exam domain. Mike helps you grasp the role of a manager in an information security program and goes over a wide variety of technical, physical, and administrative controls used to safeguard information and systems. Learn how to build your security team and maintain security in the hiring process; approach cloud storage security; secure mobile devices; work with firewalls, VPNs, and VPN concentrators; maintain employee safety; and much more.


  • Information security program development and management
  • What you need to know
  • Study resources
1. Information Security Program Development
  • Scope and charter
  • Alignment of security and business objectives
  • Building a security team
  • Conducting a gap analysis
2. Personnel Security
  • Improving personnel security
  • Security in the hiring process
  • Employee termination process
  • Employee privacy
  • Social networking
3. Data Security Controls
  • File permissions
  • Data encryption
4. Cloud Computing and Virtualization
  • Virtualization
  • Cloud computing models
  • Public cloud tiers
  • Cloud storage security
5. Host Security
  • Operating system security
  • Malware prevention
  • Application management
  • Host-based network security controls
  • Hardware security
6. Mobile Security
  • Mobile device security
  • Mobile device management
  • Mobile device tracking
  • Mobile application security
  • Bring your own device (BYOD) policy
7. Cryptography
  • Understanding encryption
  • Symmetric and asymmetric cryptography
  • Goals of cryptography
  • Choosing encryption algorithms
  • The cryptographic life cycle
  • Key exchange
  • Diffie–Hellman
  • Key escrow
  • Key stretching
  • Trust models
  • PKI and digital certificates
  • Hash functions
  • Digital signatures
  • TLS and SSL
  • IPsec
  • Securing common protocols
8. Physical Security
  • Physical security control types
  • Physical access control
  • Visitor management
9. Network Security
  • Routers and switches
  • Firewalls
  • VPNs and VPN concentrators
  • Network intrusion detection and prevention
  • Unified threat management
  • VLANs and network segmentation
  • Network access control
  • Remote network access
10. Identity and Access Management
  • Identity and access management
  • Identification, authentication, and authorization
  • Usernames and access cards
  • Authentication factors
  • Biometrics
  • Multifactor authentication
  • Something you have
11. Asset Management
  • Physical asset management
  • Change and configuration management
12. Personnel Safety
  • Employee safety
  • Emergency management
13. Software Security
  • Application security
  • Development methodologies
  • Maturity models
  • Operation, maintenance, and change management
  • Risk analysis and mitigation
  • Software testing
  • Acquired software
  • What's next?

Taught by

Mike Chapple

Related Courses


Start your review of CISM Cert Prep: 3 Information Security Program Development and Management

Never Stop Learning!

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free