Knowledge Transfer Microsoft Certified Training Partner CTEC
Knowledge Transfer is a Microsoft Certified Gold Partner
Microsoft Certified Gold Training Partner
Search for a Course Topic:
Public Courses
Corporate Services & Training
 

 

 



 Course Search
Keyword
Course #
State

 Training Delivery
 
Training Delivery
Custom Curriculum
Course List
 
 Main Menu
 
Home
View Courses
Site Index
 
 


CISM Exam Boot Camp Overview



  • I. About CISM

    • Requirements for certification

      • Experience

      • Passing the exam

      • The ISACA Code of Ethics

      • Maintaining certification





  • II. Information Security Governance

    • Overview

      • Information is a valuable resource in all of its formats

      • Not just IT related

      • We need to converge information security into the business



    • Effective information security governance

      • Business drivers

      • Business support

      • Provide assurance to management



    • Risk objectives

      • Operational risk management

      • We must be able to meet our desired state



    • Build an information security strategy

      • Business model for information security (BMIS)

      • Strategy



    • Controls

      • Types of controls

      • IT controls

      • Non-IT controls

      • Countermeasures

      • Example defense in depth



    • Provide assurance to management

      • ISO 27001

      • Security Metrics



    • Extend security knowledge to everyone

      • Awareness

      • Training

      • Education



    • Action plan to implement strategy

      • Projects

      • Gap analysis

      • Critical success factors





  • III. Information Risk Management & Compliance

    • Overview

    • Information classification

      • Why should information be classified

      • Developing the program

      • Ownership

      • Responsibilities



    • Methods to evaluate impact of adverse events

      • Business impact analysis



    • Legal and regulatory requirements

    • Emerging threats and vulnerabilities

      • Sources of information



    • Risk management

      • Elements of risk

      • Risk assessment

      • Prioritizing risk

      • Reporting risk

      • Monitoring Risk

      • Risk handling

      • Control baseline modeling

      • Controls

      • Gap analysis

      • Integrate risk management into business and IT processes

      • Compliance



    • Re-assessing risk and changing security program elements

      • Risk management is a cyclic process

      • Triggers to re-assess





  • IV. Information Security Program Development & Management

    • Overview

    • Align information security program to business function

    • Resource requirements definition

      • Internal

      • External

      • Identify, acquire and manage



    • Emerging trends in information security

      • Cloud computing

      • Mobile computing



    • Security control design

    • Security architectures

      • BSIM



    • Methods to develop

      • Standards

      • Procedures

      • Guidelines



    • Methods to implement and communicate

      • Policies

      • Standards

      • Procedures

      • Guidelines



    • Security awareness and training

      • Methods to establish

      • Methods to maintain



    • Methods to integrate security requirements into organizational processes

    • Methods to incorporate security requirements

      • Contracts

      • 3rd party management processes



    • Security metrics

      • Design

      • Implement

      • Report



    • Testing security controls

      • Effectiveness

      • Applicability





  • V. Information Security Incident Management

    • Overview

    • Definition

      • Distinction between IR, BCP and DRP

      • Senior management commitment

      • Policy

      • Personnel



    • Objectives

      • Intended outcomes

      • Incident management

      • Incident handling

      • Incident response

      • Incident systems and tools



    • What technologies must an IRT know?

      • Vulnerabilities/Weaknesses

      • Networking

      • Operating systems

      • Malicious software

      • Programming languages



    • Defining incident management procedures

      • Plan for management



    • Current state of incident response plan

      • Gap analysis



    • Develop a plan

      • Plan elements

      • Notification process

      • Escalation process

      • Help desk process for identifying incidents

      • Response teams



    • Challenges in developing a plan

    • BCP/DRP

      • Recovery operations

      • Recovery strategies

      • Recovery sites

      • Basis for recovery site selection

      • Notification requirements

      • Supplies

      • Communication structure

      • Testing the plan

      • Recovery test metrics

      • Test results

      • Post-incident activities and investigations






 

View Printer Friendly Page

Course Schedule
  Start Date  City  Price  
 9/11/2017
 $1895
Enroll
 9/11/2017
 $1895
Enroll
 10/16/2017
 $1895
Enroll

To Inquire About Future Classes

Request a class date

if one is not scheduled.