CISM COURSE CONTENT
1. Information Security Governance
2. An information security steering group function
3. Legal and regulatory issues associated with Internet businesses, global transmissions and transborder data flows
4. Common insurance policies and imposed conditions
5. Information security process improvement
6. Recovery time objectives (RTO) for information resources
7. Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
8. Security metrics design, development and implementation.
9. Information security management due diligence activities and reviews of the infrastructure.
10. Events affecting security baselines that may require risk reassessments
11. Changes to information security requirements in security plans, test plans and reperformance
12. Disaster recovery testing for infrastructure and critical business applications.
13. The requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence.
14. Acquisition and contract management processes
15. External vulnerability reporting sources
16. The key components of cost benefit analysis and enterprise migration plans
17. Privacy and tax laws and tariffs, data import/export restrictions, restrictions on cryptography, warranties, patents, copyrights, trade secrets, national security
18. CISM information classification methods
19. Life-cycle-based risk management principles and practices.
20. Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels.
21. Security baselines and configuration management in the design and management of business applications and the infrastructure.
22. Acquisition management methods and techniques
23. Evaluation of vendor service level agreements, preparation of contracts)
24. CISM question and answer review