TOIT Training
(909) 252-7584
support@toittraining.com
Search
Search
Courses
Close Courses
Open Courses
IT Courses
AI
Aruba
Automation
AWS
CheckPoint
Cisco
Citrix
CompTIA
Containerization
CyberSecurity
Linux
F5
Fortinet
Google
Isaca
Juniper
Project Management
Microsoft
ISC2
Open Stack
PaloAlto
Python
SonicWall
VMware
See All
User Courses
30 Minutes (MS Office)
Accounting
Business Skills
Security Awareness
Communication Skills
Data Analysis
HIPPA
Meeting Managment
Microsoft Office 2016
Microsoft Office 2019
Microsoft Office 2021
Manager Training
Workplace Safety
Office 365
Google Workspace
End-User Training
Mini Courses
Sales and Marketing
See All
Developer Courses
.NET Courses
AI Coding Courses
Dart Courses
Databases Courses
Deno Courses
Development Principles Courses
DevOps
Firebase Courses
Golang Courses
Imba Courses
Interviewing Courses
Qwik Courses
React Courses
Javascript
MERN Courses
Netlify Courses
Next.Js Courses
Node.Js Courses
Nuxt.Js Courses
PHP Courses
Python Courses
Sapper Courses
Strapi Courses
TypeScript Courses
Ui UX Courses
Vue js Courses
See All
Plan and Pricing
About us
Features
Contact Sales
Roadmap
Log in
Home
Courses
IT Courses
Cybersecurity
Certified Information Security Manager (CISM)
Curriculum
4 Sections
38 Lessons
19 Hours
Expand all sections
Collapse all sections
01. Domain 1: Information Security Governance
9
1.1
Define, communicate and monitor information security responsibilities.
1.2
Gain ongoing commitment from senior leadership and other stakeholders.
1.3
Develop business cases to support investments in information security.
1.4
Establish internal and external reporting and communication channels.
1.5
Identify internal and external influences to the organization.
1.6
Develop and maintain information security policies.
1.7
Integrate information security governance into corporate governance.
1.8
Establish and maintain an information security governance framework.
1.9
Develop an information security strategy, aligned with business goals and directives.
02. Domain 2: Information Risk Management
9
2.1
Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.
2.2
Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
2.3
Monitor for internal and external factors (e.g., threat landscape, cybersecurity, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
2.4
Facilitate the integration of information risk management into business and IT processes to enable a consistent and comprehensive information risk management program across the organization.
2.5
Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
2.6
Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
2.7
Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, and at appropriate times, to identify and assess risk to the organization’s information.
2.8
Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
2.9
Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
03. Domain 3: Information Security Program Development & Management
10
3.1
Compile reports to key stakeholders on overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.
3.2
Integrate information security requirements into contracts and activities of third parties.
3.3
Develop procedures (metrics) to evaluate the effectiveness and efficiency of the IS program.
3.4
Integrate information security requirements into organizational processes.
3.5
Develop a program for information security awareness and training.
3.6
Develop documentation that ensures compliance with policies.
3.7
Establish and maintain IS architectures to execute the IS program.
3.8
Establish and maintain requirements for all resources to execute the IS program.
3.9
Ensure alignment between the information security program and other business functions.
3.10
Develop a security program, aligned with information security strategy.
04. Domain 4: Information Security Incident Management
10
4.1
Align incident response plan with DRP and BCP.
4.2
Determine the root cause of IS incidents.
4.3
Establish communication plans and processes.
4.4
Test and review the incident response plan.
4.5
Establish teams that effectively respond to information security incidents.
4.6
Develop incident escalation and communication processes.
4.7
Develop processes to investigate and document information security incidents.
4.8
Develop processes for timely identification of information security incidents.
4.9
Establish an incident response plan.
4.10
Define (types of) information security incidents.
This content is protected, please
login
and
enroll
in the course to view this content!