Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
M2-CISSM
Certified Information Systems Security Manager
Description
The 4 day instructor-led Certified Information Systems Security Manager certification course was designed to teach towards and certify a information systems professional`s high standard of excellence in following areas:
- Information Security Governance
- Information Risk Management and Compliance
- Information Security Program Development and Management
- Information Security Incident Management
While we provide thorough training in these 4 critical areas of information systems security management, most who take the C)ISSM have professional experience in all four of these areas. A gap of experience in some of these fields can be bridged by achieving our C)ISSO: Certified Information Systems Security Officer Certification.
Upon Completion
Students will:
- Have an in-depth knowledge of Information Security Risk, Security, Compliance, & Incident Management
- Have knowledge to manage today`s most difficult information systems security challenges
- Be ready to sit for the C)ISSM exam.
Outline
Module 1: Introduction
- Welcome
- Agenda
- CISM
- CISM Exam Review Course Overview
- CISM Qualifications
- The Learning Environment
- Daily Format
- Domain Structure
- Course Structure
- Logistics
Module 2: Information Security Governance
- Course Agenda
- Examination Content
- Chapter 1 Learning Objectives
- The First Question
- Information Security Governance Overview
- Selling the Importance of Information Security
- The First Priority for the CISM
- Business Goals and Objectives
- Outcomes of Information Security Governance
- Benefits of Information Security Governance
- Performance and Governance
- Information Security Strategy
- Developing Information Security Strategy
- Elements of a Strategy
- Objectives of Security Strategy
- The Goal of Information Security
- Defining Security Objectives
- Business Linkages
- Business Case Development
- The Information Security Program
- Security Program Priorities
- Security versus Business
- Security Program Objectives
- What is Security?
- Security Integration
- Security Program
- Architecture
- Information Security Frameworks
- Using an Information Security Framework
- The Desired State of Security
- The Maturity of the Security Program Using CMM
- Using the Balanced Scorecard
- The ISO27001:2013 Framework
- Examples of Other Security Frameworks
- Examples of Other Security Frameworks
- Constraints and Considerations for a Security
- Program
- Elements of Risk and Security
- Risk Management
- Information Security Concepts
- Security Program Elements
- Third Party Agreements
- Roles and Responsibilities of Senior Management
- Senior Management Commitment
- Steering Committee
- CISO Chief Information Security Officer
- Responsibilities
- Business Manager Responsibilities
- IT Staff Responsibilities
- Centralized versus Decentralized Security
- Evaluating the Security Program
- Audit and Assurance of Security
- Evaluating the Security Program
- Effective Security Metrics
- Key Performance Indicators (KPIs)
- End to End Security
- Correlation Tools
- Reporting and Compliance
- Regulations and Standards
- Effect of Regulations
- Reporting and Analysis
- Ethics
- Ethical Standards
- Ethical Responsibility
- Practice Question
Module 3: Information Risk Management and Compliance
- Exam Relevance
- Information Asset Classification
- Roles and Responsibilities
- Roles and Responsibilities
- Information Classification Considerations
- Regulations and Legislation
- Asset Valuation
- Valuation Process
- Information Protection
- Information Asset Protection
- Definition of Risk
- Why is Risk Important
- Risk Management Definition
- Risk Management Objective
- Risk Management Overview
- Defining the Risk Environment
- Threats to Information and Information Systems
- Threat Analysis
- Aggregate Risk
- Cascading Risk
- Identification of Vulnerabilities
- The Effect of Risk
- Impact
- Risk Management Process
- Risk Assessment Methodology
- Annualized Loss Expectancy (ALE)
- Qualitative Risk Assessment
- Data Gathering Techniques
- Results of Risk Assessment
- Alignment of Risk Assessment and BIA
- Risk Treatment
- Risk Mitigation and Controls
- Control Recommendations
- Cost Benefit Analysis of Controls
- Risk Mitigation Schematic
- Control Types and Categories
- Security Control Baselines
- On-going Risk Assessment
- Measuring Control Effectiveness
- Building Risk Management In (Agenda)
- Risk Related to Change Control
- Controlling Risk in Change Control
- Risk Management During SDLC
- On-going Risk Management Monitoring and Analysis
- Audit and Risk Management
- Risk in Business Process Re-Engineering
- Risk in Project Management
- Risk During Employment Process
- New Employee Initiation
- Risk During Employment
- Risk at Termination of Employment
- Risks During Procurement
- Reporting to Management
- Documentation
- Training and Awareness
- Training and Awareness
- Training for End Users
- Practice Question
- Practice Question 2
Module 4: Information Security Program Development and Management
- Course Agenda
- Exam Relevance
- Definition
- Security Strategy and Program Relationship
- Information Security Management
- Importance of Security Management
- Definition
- Effective Security Management
- Reasons for Security Program Failure
- Program Objectives
- Security Program Development
- Outcomes of Information Security Program
- Development
- Governance of the Security Program
- Role of the Information Security Manager (Agenda)
- Strategy
- Policy
- Creating Effective Policy
- Awareness
- Implementation
- Monitoring
- Compliance
- Developing an Information Security Road Map
- Defining Security Program Objectives
- Inventory of Information Systems
- Challenges in Developing an Information Security
- Program
- Elements of a Security Program Road Map
- Security Programs and Projects
- Security Program and Project Development
- Security Project Planning
- Selection of Controls
- Common Control Practices
- Security Program Elements (Agenda)
- Policies
- Acceptable Use Policy
- Standards
- Procedures
- Guidelines
- Technology
- Personnel Security
- Training and Skills Matrix
- Organizational Structure
- Outsourced Security Providers
- Third-party Service Providers
- Facilities
- Facilities Security
- Environmental Security
- Information Security Concepts (Agenda)
- Access Control
- Identification
- Authentication
- Authorization
- Accounting / Auditability
- Criticality
- Sensitivity
- Trust Models
- Technology-based Security
- Technologies
- Security in Technical Components
- Operations Security
- Technologies – Access Control Lists
- Filtering and Content Management
- Technologies - SPAM
- Technologies – Databases and DBMS
- Encryption
- Technologies - Cryptography
- Technologies – Encryption cont.
- Technologies – Hashing Algorithms
- Technology – Communications OSI Model
- Technology – Communications TCP/IP
- Technologies – Operating Systems
- Technology - Firewalls
- Emerging Technologies
- Intrusion Detection Policies and Processes
- Intrusion Detection Systems
- IDS / IPS
- Password Cracking
- Vulnerability Assessments
- Penetration Testing
- Third Party Security Reviews
- Integration into Life Cycle Processes
- Security in External Agreements
- Security Program Implementation
- Phased Approach
- Challenges During Implementation
- Evaluating the Security Program
- Measuring Information Security Risk and Loss
- Measuring Effectiveness of Technical Security
- Program
- Measuring Effectiveness of Security Management
- Security Project Management
- Review of Security Compliance
- Practice Question
Module 5: Information Security Incident
- Management
- Learning Objectives
- Definition
- Goals of Incident Management and Response
- What is an Incident - Intentional
- What is an Incident - Unintentional
- History of Incidents
- Developing Response and Recovery Plans
- Incident Management and Response
- Importance of Incident Management and Response
- Incident Response Functions
- Incident Response Manager Responsibilities
- Requirements for Incident Response Managers
- Senior Management Involvement
- The Desired State
- Strategic Alignment of Incident Response
- Detailed Plan of Action for Incident Management
- Prepare
- Protect
- Detect
- Triage
- Response
- Elements of an Incident Response Plan
- Crisis Communications
- Challenges in Developing an Incident Management
- Plan
- Personnel
- Team Member Skills
- Security Concepts and Technologies
- Organizing, Training and Equipping the Response
- Staff
- Value Delivery
- Performance Measurement
- Reviewing the Current State of Incident Response
- Capability
- Audits
- Gap Analysis – Basis for
- an Incident Response Plan
- When an Incident Occurs
- During an Incident
- Containment Strategies
- The Battle Box
- Evidence Identification and Preservation
- Post Event Reviews
- Disaster Recovery Planning (DRP) and Business
- Recovery Processes
- Development of BCP and DRP
- Plan Development
- Recovery Strategies
- Recovery Strategies
- Basis for Recovery Strategy Selections
- Disaster Recovery Sites
- Recovery of Communications
- Notification Requirements
- Response Teams
- Insurance
- Testing Response and Recovery Plans
- Types of Tests
- Test Results
- Plan Maintenance Activities
- BCP and DRP Training
- Practice Questions
PreRequisites
- C)ISSO Information Systems Security Officer
- Or equivalent experienc
Audience
The C)ISSM was created to train & certify managers of information systems who have experience with Information Security Risk, Security, Compliance, & Incident Management of systems. If you are lacking experience in one or two of these areas we recommend taking our C)ISSO: Certified Information Systems Security Officer Certification. This is specialized course, and as such we expect our students to be familiar with these subjects before coming to the course.
|
$2500.00
|
4 Days Course |
