UOP-CMGT559 - Certified Information Security Manager (CISM)

Risk and Security vs. Opportunity

Information Security Governance

• Security Strategy
• Information Security Governance framework 
• Integrating security governance into corporate governance
• Security Policies: standards, procedures, and guidelines 
• Business cases to support investments 
• Internal and external influences on information security strategy 
• Management and other stakeholder commitment 
• Roles and Responsibilities 
• Measuring the effectiveness of the information security strategy 

Information Risk Management and Compliance 

• Information asset classification 
• Risk management, assessments, vulnerability assessments and threat analyses 
• Risk treatment options 
• Manage risk of noncompliance
• Information security controls
• Current and desired risk levels: Gap analysis
• Monitoring risk

Information Security Program Development and Management

• Alignment of IS program with information security strategy
• Information security manager's role and responsibilities in alignment
• Information security frameworks
• Information security architectures
• Evaluating the effectiveness and efficiency of the IS program
• Integrating the IS program with IT processes
• Integrating the IS program into contracts and activities of third parties
• Controls and countermeasures
• Security Program Metrics and Monitoring

Information Security Incident Management

• Organizational definition and severity hierarchy for security incidents
• Incident response plan
• Processes for timely identification
• Testing and review
• Investigating and documenting information security incidents
• Integration of incident response plan, disaster recovery plan and business continuity plan

Managing Risks in Complex Organizations

• Business Case, Budgetary Reporting Methods And Planning Strategy
• Baseline And BIAs