O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Certified Information Security Manager (CISM)

Video Description

IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM is one of the most valued credentials in the marketplace. This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. This course trains students for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

Table of Contents

  1. Module 1: Information Security Governance
    1. CISM Introduction 00:01:14
    2. Information Security 00:01:03
    3. Business Goals Objectives And Functions 00:01:09
    4. Business Goals And Information Security 00:01:06
    5. Information Security Threats 00:01:10
    6. Information Security Management 00:01:22
    7. Identity Management 00:01:27
    8. Data Protection 00:01:49
    9. Network Security 00:00:44
    10. Personnel Security 00:01:54
    11. Facilty Security 00:01:33
    12. Security Complianceand Standards 00:02:33
    13. Information Security Strategy 00:01:16
    14. Inputs And Outputs Of The Informtion Security Strategy 00:03:17
    15. Processes In An Information Security Strategy 00:05:27
    16. People In An Information Security Strategy 00:03:02
    17. Technologies In An Information Security Strategy 00:05:33
    18. Logical And Physical Information Security Strategy Architectures 00:03:31
    19. Information Security And Business Functions 00:00:45
    20. Information Security Policies And Enterprise Objectives 00:02:35
    21. International Standards For The Security Management 00:01:51
    22. ISO- I E C27000 Standards 00:00:41
    23. International Info Government Standards 00:03:34
    24. Information Security Government Standards In The United States 00:02:34
    25. Methods Of Coordinating Information Security Activities 00:01:41
    26. How To Develop An Information Security Strategy 00:05:54
    27. Information Security Governance 00:01:06
    28. Role Of The Security In Governance 00:04:02
    29. Scope Of Information Security Governance 00:01:52
    30. Charter Of Information Security Governance 00:02:09
    31. Information Security Governance And Enterprise Governance 00:01:01
    32. How To Align Information Security Strategy With Corporate Governance 00:03:01
    33. Regulatory Requirements And Information Security 00:01:43
    34. Business Impact Of Regulatory Requirements 00:02:15
    35. Liability Management 00:03:58
    36. Liability Management Strategies 00:02:45
    37. How To Identify Legal And Regulatory Requirements 00:02:05
    38. Business Case Development 00:03:01
    39. Budgetary Reporting Methods 00:01:11
    40. Budgetary Planning Strategy 00:01:48
    41. How To Justify Investment In InfoSecurity 00:03:44
    42. Organizational Drivers 00:04:31
    43. Impact Of Drivers On InfoSecurity 00:01:07
    44. Third Party Relationships 00:02:13
    45. How To Identify Drivers Affecting The Organization 00:02:24
    46. Purpose Of Obtaining Commitment To InfoSecurity 00:01:06
    47. Methods For Obtaining Commitment 00:03:55
    48. I S S G 00:01:03
    49. I S S G Roles And Responsibilities 00:01:05
    50. I S S G Operation 00:01:50
    51. How To Obtain Senior Managements Commitment To InfoSecurity 00:04:54
    52. InfoSecurity Management Roles And Responsibilities 00:01:52
    53. How To Define Roles And Responsibilities For InfoSecurity 00:04:42
    54. The Need For Reporting And Communicating 00:01:33
    55. Methods For Reporting In An Organization 00:02:04
    56. Methods Of Communication In An Organization 00:04:04
    57. How To Establish Reporting And Communicating Channels 00:02:42
  2. Module 2: Risk Management
    1. Risk 00:03:44
    2. Risk Assessment 00:01:46
    3. Info Threat Types 00:01:45
    4. Info Vulnerabilities 00:03:20
    5. Common Points Of Exposure 00:02:25
    6. InfoSecurity Controls 00:01:03
    7. Types Of InfoSecurity Controls 00:03:20
    8. Common InfoSecurity Countermeasures 00:06:13
    9. Overview Of The Risk Assessment Process 00:01:20
    10. Factors Used In Risk Assessment And Analysis 00:01:45
    11. Risk Assessment Methodologies 00:01:14
    12. Quantitative Risk Assessment- Part1 00:01:56
    13. Quantitative Risk Assessment- Part2 00:00:37
    14. Qualitative Risk Assessment 00:01:48
    15. Hybrid Risk Assessment 00:02:05
    16. Best Practices For InfoSecurity Management 00:01:26
    17. Gap Analysis 00:00:57
    18. How To Implement An Info Risk Assessment Process 00:04:40
    19. Info Classification Schemas 00:03:46
    20. Components Of Info Classification Schemas 00:02:02
    21. Info Ownership Schemas 00:01:08
    22. Components Of Info Ownership Schemas 00:02:30
    23. Info Resource Valuation 00:01:51
    24. Valuation Methodologies 00:02:22
    25. How To Determine Info Asset Classification And Ownership 00:02:25
    26. Baseline Modeling 00:01:17
    27. Control Requirements 00:00:57
    28. Baseline Modeling And Risk Based Assessment Of Control Requirements 00:01:18
    29. How To Conduct Ongoing Threat And Vulnerability Evaluations 00:05:47
    30. B I As 00:02:59
    31. B I A Methods 00:00:39
    32. Factors For Determining Info Resource Sensitivity And Critically 00:02:36
    33. Impact Of Adverse Events 00:01:25
    34. How To Conduct Periodic B I As 00:03:33
    35. Methods For Measuring Effectiveness Of Controls And Countermeasures 00:02:19
    36. Risk Mitigation 00:00:46
    37. Risk Mitigation Strategies 00:01:50
    38. Effect Of Implementing Risk Mitigation Strategies 00:02:07
    39. Acceptable Levels Of Risk 00:00:49
    40. Cost Benefit Analysis 00:01:28
    41. How To Identify And Evaluate Risk Mitigation Strategies 00:05:19
    42. Life Cycle Processes 00:00:33
    43. Life Cycle- Based Risk Management 00:00:53
    44. Risk Management Life Cycle 00:01:04
    45. Business Life Cycle Processes Affected By Risk Management 00:02:07
    46. Life Cycled- Based Risk Management Principles And Practices 00:01:10
    47. How To Integrate Risk Management Into Business Life Cycle Processes 00:02:43
    48. Significant Changes 00:02:02
    49. Risk Management Process 00:00:50
    50. Risk Reporting Methods 00:00:59
    51. Components Of Risk Reports 00:02:17
    52. How To Report Changes In Info Risk 00:03:10
  3. Module 3: Information Security Program Development
    1. InfoSecurity Strategies 00:01:23
    2. Common InfoSecurity Strategies 00:02:42
    3. InfoSecurity Implementation Plans 00:01:35
    4. Conversation Of Strategies Into Implementation Plans 00:03:58
    5. InfoSecurity Programs 00:00:44
    6. InfoSecurity Program Maintenance 00:03:20
    7. Methods For Maintaining An InfoSecurity Program 00:02:00
    8. Succession Planning 00:02:55
    9. Allocation Of Jobs 00:02:32
    10. Program Documentation 00:01:46
    11. How To Develop Plans To Implement An InfoSecurity Strategy 00:03:36
    12. Security Technologies And Controls 00:01:09
    13. Cryptographic Techniques 00:02:38
    14. Symmetric Cryptography 00:05:04
    15. Public Key Cryptography 00:05:19
    16. Hashes 00:02:59
    17. Access Control 00:00:51
    18. Access Control Categories 00:02:31
    19. Physical Access Controls 00:03:21
    20. Technical Access Controls 00:03:53
    21. Administrative Access Controls 00:02:59
    22. Monitoring Tools 00:00:51
    23. I D Ss 00:00:45
    24. Anti- Virus Systems 00:01:14
    25. Policy- Compliance Systems 00:00:20
    26. Common Activities Required In InfOSecurity Programs 00:08:22
    27. Prerequisites For Implementing The Program 00:01:56
    28. Implementation Plan Management 00:02:09
    29. Types Of Security Controls 00:02:43
    30. InfOSecurity Controls Development 00:00:58
    31. How To Specify InfoSecurity Program Activities 00:01:45
    32. Business Assurance Function 00:01:15
    33. Common Business Assurance Functions 00:03:31
    34. Methods For Aligning InfOSecurity Program With Business Assurance Functions 00:03:06
    35. How To Coordinate InfOSecurity Programs With Business Assurance Functions 00:01:35
    36. S L As 00:01:17
    37. Internal Resources 00:05:01
    38. External Resources 00:02:43
    39. Services Provided By External Resources- Part1 00:07:34
    40. Services Provided By External Resources- Part2 00:02:34
    41. Skills Commonly Required For InfOSecurity Program Implementation 00:03:08
    42. Identification Of Resources And Skills Required For A Particular Implementation 00:01:54
    43. Resource Acquisition Methods 00:01:46
    44. Skills Acquisition Methods 00:02:14
    45. How To Identify Resources Needed For InfOSecurity Program Implementation 00:00:53
    46. InfoSecurity Architectures 00:01:14
    47. The S A B S A Model For Security Architecture 00:00:57
    48. Deployment Considerations 00:01:42
    49. Deployment Of InfOSecurity Architectures 00:02:59
    50. How To Develop InfOSecurity Architectures 00:03:42
    51. InfOSecurity Policies 00:01:12
    52. Components Of InfOSecurity Policies 00:02:31
    53. InfoSecurity Policies And The InfoSecurity Strategy 00:00:59
    54. InfoSecurity Policies And Enterprise Business Objectives 00:00:44
    55. InfoSecurity Policy Development Factors 00:02:44
    56. Methods For Communicating InfoSecurity Policies 00:01:24
    57. InfoSecurity Policy Maintenance 00:01:42
    58. How To Develop InfoSecurity Policies 00:03:07
    59. InfoSecurity Awareness Program Training Programs And Education Programs 00:03:50
    60. Security Awareness Training And Education Gap Analysis 00:01:23
    61. Methods For Closing The Security Awareness Training And Education Gaps 00:01:06
    62. Security- Based Cultures And Behaviors 00:01:20
    63. Methods For Establishing And Maintaining A Security- Based Culture In The Enterprise 00:01:28
    64. How To Develop InfOSecurity Awareness Training And Education Programs 00:04:32
    65. Supporting Documentation For InfOSecurity Policies 00:01:42
    66. Standards Procedures Guidelines And Baselines 00:03:53
    67. Codes Of Conduct 00:01:17
    68. N D As 00:01:31
    69. Methods For Developing Supporting Documentation 00:01:02
    70. Methods For Implementing Supporting Documentation And For Communicating Supporting Documentation 00:01:48
    71. Methods For Maintaining Supporting Documentation 00:02:01
    72. C And A 00:03:18
    73. C And A Programs 00:02:02
    74. How To Develop Supporting Documentation For InfOSecurity Policies 00:01:28
  4. Module 4: Information Security Program Implementation
    1. Enterprise Business Objectives 00:01:37
    2. Integrating Enterprise Business Objectives And InfOSecurity Policies 00:03:22
    3. Organizational Processes 00:01:24
    4. Change Control 00:03:39
    5. Merges And Acquisitions 00:02:39
    6. Organizational Processes And InfOSecurity Policies 00:04:45
    7. Methods For Integrating InfOSecurity Policies And Organizational Processes 00:02:40
    8. Life Cycle Methodologies 00:02:24
    9. Types Of Life Cycle Methodologies 00:05:10
    10. How To Integrate InfOSecurity Requirements Into Organizational Processes 00:01:23
    11. Types Of Contracts Affected By InfOSecurity Programs 00:01:50
    12. Joint Ventures 00:01:41
    13. Outsourced Provides And InfoSecurity 00:02:33
    14. Business Partners And InfoSecurity 00:00:37
    15. Customers And InfoSecurity 00:00:50
    16. Third Party And InfoSecurity 00:00:36
    17. Risk Management 00:02:23
    18. Risk Management Methods And Techniques For Third Parties 00:02:18
    19. S L As And InfoSecurity 00:00:48
    20. Contracts And InfoSecurity 00:02:41
    21. Due Diligence And InfOSecurity 00:01:48
    22. Suppliers And InfOSecurity 00:02:01
    23. Subcontractors And InfoSecurity 00:01:08
    24. How To Integrate InfOSecurity Controls Into Contracts 00:02:09
    25. InfoSecurity Metrics 00:00:55
    26. Types Of Metrics Commonly Used For InfOSecurity 00:01:20
    27. Metric Design Development And Implementation 00:02:13
    28. Goals Of Evaluating InfOSecurity Controls 00:03:37
    29. Methods Of Evaluating InfOSecurity Controls 00:01:17
    30. Vulnerability Testing 00:01:04
    31. Types Of Vulnerability Testing 00:02:04
    32. Effects Of Vulnerability Assessment And Testing 00:03:33
    33. Vulnerability Correction 00:02:12
    34. Commercial Assessment Tools 00:01:35
    35. Goals Of Tracking InfOSecurity Awareness Training And Education Programs 00:02:18
    36. Methods For Tracking InfOSecurity Awareness Training And Education Programs 00:00:48
    37. Evaluation Of Training Effectiveness Relevance 00:02:20
    38. How To Create InfOSecurity Program Evaluation Metrics 00:02:25
  5. Module 5: Information Security Program Management
    1. Management Metrics 00:01:08
    2. Types Of Management Metrics 00:01:07
    3. Data Collection 00:02:41
    4. Periodic Reviews 00:01:13
    5. Monitoring Approaches 00:03:33
    6. KPIs 00:01:08
    7. Types Of Measurements 00:05:31
    8. Other Measurements 00:03:26
    9. InfoSecurity Reviews 00:02:07
    10. The Role Of Assurance Providers 00:02:47
    11. Comparing Internal And External Assurance Providers 00:05:00
    12. Line Management Technique 00:00:44
    13. Budgeting 00:02:47
    14. Staff Management 00:03:19
    15. Facilities 00:02:48
    16. How To Manage InfOSecurity Program Resources 00:01:45
    17. Security Policies 00:03:55
    18. Security Policy Components 00:05:17
    19. Implementation Of InfOSecurity Policies 00:01:20
    20. Administrative Processes And Procedures 00:03:53
    21. Access Control Types 00:01:11
    22. A C M 00:01:11
    23. Access Security Policy Principles 00:03:39
    24. Identity Management And Compliance 00:00:49
    25. Authentication Factors 00:03:00
    26. Remote Access 00:03:22
    27. User Registration 00:01:29
    28. Procurement 00:01:10
    29. How To Enforce Policy And Standards Compliance 00:02:09
    30. Types Of Third Party Relationships 00:00:50
    31. Methods For Managing InfOSecurity Regarding Third Parties 00:01:03
    32. Security Service Providers 00:01:14
    33. Third Party Contract Provisions 00:02:28
    34. Methods To Define Security Requirements In S L As Security Provisions 00:05:41
    35. How To Enforce Contractual InfOSecurity Controls 00:01:44
    36. S D L C 00:02:04
    37. Code Development 00:01:57
    38. Common Techniques For Security Enforcement 00:03:03
    39. How To Enforce InfOSecurity During Systems Development 00:02:32
    40. Maintenance 00:02:20
    41. Methods Of Monitoring Security Activities 00:02:45
    42. Impact Of Change And Configuration Management Activities 00:02:04
    43. How To Maintain InfOSecurity Within An Organization 00:02:12
    44. Due Diligence Activities 00:01:29
    45. Types Of Due Diligence Activities 00:01:51
    46. Reviews Of Info Access 00:00:47
    47. Standards Of Managing And Controlling Info Access 00:01:03
    48. How To Provide InfOSecurity Advice And Guidance 00:02:11
    49. InfoSecurity Awareness 00:01:05
    50. Types Of InfoSecurity Stakeholders 00:01:42
    51. Methods Of Stakeholder Education 00:01:26
    52. Security Stakeholder Education Process 00:01:30
    53. How To Provide InfOSecurity Awareness And Training 00:04:41
    54. Methods Of Testing The Effectiveness Of InfOSecurity Control 00:02:19
    55. The Penetration Testing Process 00:03:04
    56. Types Of Penetration Testing 00:03:28
    57. Password Cracking 00:05:57
    58. Social Engineering Attacks 00:01:36
    59. Social Engineering Types 00:05:45
    60. External Vulnerability Reporting Sources 00:01:34
    61. Regulatory Reporting Requirements 00:01:54
    62. Internal Reporting Requirements 00:01:49
    63. How To Analyze The Effectiveness Of InfOSecurity Controls 00:01:20
    64. Noncompliance Issues 00:01:14
    65. Security Baselines 00:00:52
    66. Events Affecting The Security Baseline 00:02:34
    67. InfoSecurity Problem Management Process 00:01:24
    68. How To Resolve Noncompliance Issues 00:03:58
  6. Module 6: Incident Management and Response
    1. Incident Response Capability 00:00:55
    2. Components Of Incident Response 00:02:21
    3. B C P 00:00:39
    4. B I A Phase 00:01:46
    5. Coop 00:00:47
    6. D R P 00:01:42
    7. Alternate Sites 00:04:39
    8. Develop A B C P 00:02:56
    9. Develop A D R P 00:01:13
    10. M T D 00:00:32
    11. R P O 00:00:26
    12. R T O 00:01:51
    13. Data Backup Strategies 00:01:18
    14. Data Backup Types 00:04:03
    15. Data Restoration Strategies 00:01:42
    16. Info Incident Management Practices 00:00:35
    17. I R P 00:00:59
    18. Trigger Events And Types Of Trigger Events 00:03:57
    19. Methods Of Containing Damage 00:02:14
    20. How To Develop An I R P 00:02:32
    21. Escalation Process 00:01:29
    22. Notification Process 00:01:35
    23. I R T 00:01:26
    24. Crisis Communication 00:04:06
    25. How To Establish An Escalation Process 00:02:43
    26. Internal Reporting Requirements 00:01:10
    27. External Reporting Requirements 00:01:07
    28. Communication Process 00:01:22
    29. How To Develop A Communication Process 00:02:10
    30. I R P And D R P 00:01:00
    31. I R P And B C P 00:01:05
    32. Methods Of Identifying Business Resources Essential To Recovery 00:01:35
    33. How To Integrate An I R P 00:03:38
    34. Role Of Primary I R T Members And Role Of Additional I R T Members 00:03:03
    35. Response Team Tools And Equipment 00:02:47
    36. How To Develop I R Ts 00:01:21
    37. B C P Testing 00:04:42
    38. Disaster Recovery Testing 00:00:37
    39. Schedule Disaster Recovery Testing 00:01:48
    40. Refine I R P 00:01:06
    41. How To Test An I R P 00:02:34
    42. Damage Assessment 00:01:19
    43. Business Impacts Caused By Security Incidents 00:00:39
    44. How To Manage Responses To InfOSecurity Incidents 00:01:23
    45. Computer And Digital Forensics 00:02:14
    46. Forensic Requirements For Responding To InfOSecurity Incidents 00:02:18
    47. Evidence Life Cycle 00:00:44
    48. Evidence Collection 00:00:35
    49. Evidence Types 00:05:30
    50. Five Common Rules Of Evidence 00:01:55
    51. Chain Of Custody 00:00:49
    52. How To Investigate An InfoSecurity Incident 00:03:24
    53. P I R Methods 00:00:33
    54. Security Incident Review Process 00:00:59
    55. Investigate Cause Of A Security Incident 00:00:56
    56. Identify Corrective Actions 00:01:17
    57. Reassess Security Risks After A Security Incident 00:00:56
    58. How To Conduct A Post- Incident Review 00:03:01
    59. Pre Test- Test Strategy 00:07:50
    60. Post Test 00:03:43