Course curriculum

  • 2

    Domain 1 : Information Security Governance

    • Domain 1 Introduction

    • The purpose of governance

    • Security Governance

    • Leaders and Managers

    • Roles and Responsibilities

    • Talking strategy

    • The information security strategy

    • Governance Relationships

    • Efficiency and Effectiveness

    • The Gap Analysis

    • Security architecture

    • Man Made Disasters

    • Strategic Barriers

    • Security Strategy Constraints

    • The Security Strategy

    • The Feasibility Study

    • The Business Case

    • Security Programme Outputs

    • Security Programme Constraints

    • Understanding policies

    • Understanding procedures and guidelines

    • Standards

    • Security baselines

    • Security and risk

    • Assets

    • Shadow IT

    • Asset Valuation

    • Asset Register

    • The Security Programme

    • Stakeholders

    • Gaining Management Approval

    • Communicating Value

    • Security Project Management

    • Governance Metrics

    • Presenting the Strategy

    • End of Domain

    • Mind Map Introduction

    • Domain 1 Mind Map

  • 3

    Domain 2: Information Security Risk Management

    • Domain 2 Introduction

    • Risk Managment Overview

    • The Risk Management Process

    • Risk Context

    • Risk Concepts

    • The Risk Management Program

    • The Risk Process

    • Risk Methodologies

    • Risk Identification

    • Risk Scenarios

    • Business Impact Analysis

    • Threats

    • Insider Threats

    • External Threats

    • Advanced Persistent Threats

    • Vulnerabilities

    • Bring Your Own Device

    • Exposure

    • Risk Categorisation

    • The Risk Register

    • Risk ownership

    • Risk analysis

    • Specialised risk techniques

    • Risk Evaluation

    • Risk Integration

    • Risk Volatility

    • Key Risk Indicators

    • Risk and Continuity

    • Operational Risk Management

    • Risk Reporting

    • Domain 2 recap

    • Domain 2 Mind Map

  • 4

    Domain 3: Information Security Programme Development & Management

    • Domain 3 Introduction

    • Security Resources

    • Security and IT

    • Audit

    • Cross Functional Co-ordination

    • Security Concepts

    • Identity and Access Management

    • Continuous Improvement

    • Documentation

    • The Human Factor

    • Security Technology Concepts

    • Security Framework Components

    • Security Program Evaluation

    • Building Security into Processes and Practices

    • Fail States

    • Vendors

    • Security Integration

    • Cloud Security

    • Domain 3 recap

    • Domain 3 Mind Map

  • 5

    Domain 4: Information Security Incident Management

    • Domain 4 Introduction

    • Escalation Terminology

    • Incident Management

    • Planning and Integration

    • Incident Classification

    • The Incident Response Plan

    • The Incident Response Team

    • Incident Response Concepts

    • Forensics

    • Incident Response Communications

    • Incident Response and Business Continuity

    • Response Plan Integration

    • Readiness and Assessment

    • Incident Response Training

    • Test Types

    • Test Progression

    • Test Evaluation

    • Response Procedures

    • Incident Management Systems

    • Incident Notification

    • Escalating Incidents

    • Incident Investigation

    • Triage

    • Incident Documentation

    • Post Incident Review

    • Root Cause Analysis

    • Domain 4 recap

    • Domain 4 Mind Map

  • 6

    Bonus Section: Preparing for the CISM exam

    • Bonus Section: Preparing for the exam