Course Details
Course Code: CISM; Instructor-led
Audience
The CISM designation is for Information Security professionals who have 3-5 years of front-line experience with the security of information. This credential is geared towards Information Security managers and those who have information security management responsibilities
Prerequisites
Who Should Earn the CISM Designation?
CISM is more than an entry-level certification. It is specifically developed for the information security professional who has acquired experience working on the front lines of information security. Individuals with three years or more of experience managing the information security function of an enterprise or performing such duties will find CISM tailored to their knowledge and skills.
The Exam is held twice per year in June and December and exam registrations close around 2 months prior. Refer to www.isaca.org for exam dates and exam registration.
Methodology
This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.
Course Objectives
Upon completion of this course, the student should be able to:
- Describe Oracle Database architecture
- Describe Oracle Database Cloud Service (DBCS) architecture and features
- Create and manage DBCS database deployments
- Configure the database to support your applications
- Manage database security and implement auditing
- Implement basic backup and recovery procedures
- Move data between databases and files
- Employ basic monitoring procedures and manage performance
Outlines
Module 1: Information Security Governance and Strategy
Lesson
- Effective Information Security Governance
- Key Information Security Concepts and Issues
- The IS Manager
- Scope and Charter of Information Security Governance
- IS Governance Metrics
- Developing an IS Strategy – Common Pitfalls
- IS Strategy Objectives
- Determining Current State of Security
- Strategy Resources
- Strategy Constraints
- Action Plan Immediate Goals
- Action Plan Intermediate Goals
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
Module 2: Information Security Risk Management and Compliance
- Effective Information Security Risk Management
- Integration into Life Cycle Processes
- Implementing Risk Management
- Risk Identification and Analysis Methods
- Mitigation Strategies and Prioritisation
- Reporting Changes to Management
Practice Questions; Review of Practice Questions; Reference Materials and Glossary
Module 3: Information Security Program Development and Management
Lesson
- Planning
- Security Baselines
- Business Processes
- Infrastructure
- Malicious Code (Malware)
- Life Cycles
- Impact on end Users
- Accountabililty
- Security Metrics
- Managing Internal and External Resources
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
Module 4: Information Security Incident Management
Lesson
- Implementing Effective Information Security Management
- Security Controls and Policies
- Standards and Procedures
- Trading Partners and Service Providers
- Security Metrics and Monitoring
- The Change Management Process
- Vulnerability Assessments
- Due Diligence
- Resolution of Non-Compliance Issues
- Culture, Behavior and Security Awareness
