O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Certified Information Security Manager (CISM)

Video Description

The Certified Information Security Manager (CISM) course helps the candidates to achieve the CISM certification. The certification is offered by the Information Systems Audit and Control Association (ISACA) to validate the expertise and knowledge of the candidates regarding the relationship between an information security program and the broader business targets. The certification also validates that the candidate has the hands-on knowledge of developing, managing and implementing an information security program for an organization. CISM certification is a certification by ISACA for experienced Information security management professionals with work experience in developing and managing information security programs. The CISM course covers the four domains of the CISM certification exam. The course is an ideal preparatory course for the students seeking to gain CISM certification as well as the IT security and information security professionals looking to build on their practical experience.

Table of Contents

  1. Course Introduction
    1. Course Introduction 00:01:02
    2. Instructor Introduction 00:01:21
    3. Introduction 00:00:10
  2. Information Security Governance
    1. Lesson 1: Information Security Governance Overview 00:00:53
    2. Information Security Governance Overview Part1 00:01:13
    3. Information Security Governance Overview Part2 00:02:01
    4. Information Security Governance Overview Part3 00:01:23
    5. Information Security Governance Overview Part4 00:01:32
    6. Information Security Governance Overview Part5 00:00:30
    7. Importance of Information Security Governance Part1 00:01:19
    8. Importance of Information Security Governance Part2 00:06:21
    9. Outcomes of Information Security Governance Part1 00:00:33
    10. Outcomes of Information Security Governance Part2 00:01:27
    11. Outcomes of Information Security Governance Part3 00:02:45
    12. Outcomes of Information Security Governance Part4 00:01:27
    13. Outcomes of Information Security Governance Part5 00:01:54
    14. Outcomes of Information Security Governance Part6 00:01:28
    15. Lesson 2: Effective Information Security Governance 00:00:31
    16. Business Goals and Objectives Part1 00:01:32
    17. Business Goals and Objectives Part2 00:02:00
    18. Roles and Responsibilities of Senior Management Part1 00:01:03
    19. Roles and Responsibilities of Senior Management Part2 00:00:44
    20. Domain Tasks Part1 00:01:22
    21. Domain Tasks Part2 00:03:17
    22. Business Model for Information Security Part1 00:00:45
    23. Business Model for Information Security Part2 00:01:10
    24. Business Model for Information Security Part3 00:03:17
    25. Business Model for Information Security Part4 00:01:37
    26. Dynamic Interconnections Part1 00:00:34
    27. Dynamic Interconnections Part2 00:02:55
    28. Dynamic Interconnections Part3 00:01:55
    29. Dynamic Interconnections Part4 00:00:51
    30. Lesson 3: Information Security Concepts and Technologies 00:03:27
    31. Information Security Concepts and Technologies Part1 00:02:58
    32. Information Security Concepts and Technologies Part2 00:03:26
    33. Information Security Concepts and Technologies Part3 00:01:51
    34. Technologies Part1 00:01:41
    35. Technologies Part2 00:06:12
    36. Lesson 4: Information Security Manager 00:00:34
    37. Responsibilities 00:01:49
    38. Senior Management Commitment Part1 00:00:49
    39. Senior Management Commitment Part2 00:02:28
    40. Obtaining Senior Management Commitment Part1 00:00:25
    41. Obtaining Senior Management Commitment Part2 00:00:53
    42. Establishing Reporting and Communication Channels Part1 00:01:13
    43. Establishing Reporting and Communication Channels Part2 00:01:08
    44. Lesson 5: Scope and Charter of Information Security Governance 00:01:55
    45. Assurance Process Integration and Convergence 00:02:24
    46. Convergence 00:02:33
    47. Governance and Third-Party Relationships 00:02:38
    48. Lesson 6: Information Security Governance Metrics 00:00:56
    49. Metrics 00:01:39
    50. Effective Security Metrics Part1 00:01:47
    51. Effective Security Metrics Part2 00:01:01
    52. Effective Security Metrics Part3 00:01:52
    53. Effective Security Metrics Part4 00:00:40
    54. Security Implementation Metrics 00:01:17
    55. Strategic Alignment Part1 00:02:56
    56. Strategic Alignment Part2 00:01:11
    57. Risk Management 00:01:14
    58. Value Delivery 00:01:02
    59. Resource Management Part1 00:00:47
    60. Resource Management Part2 00:00:41
    61. Performance Measurement 00:03:06
    62. Assurance Process Integration/Convergence 00:02:54
    63. Lesson 7: Information Security Strategy Overview 00:00:54
    64. Another View of Strategy 00:00:41
    65. Lesson 8: Creating Information Security Strategy 00:00:16
    66. Information Security Strategy 00:01:22
    67. Common Pitfalls Part1 00:04:38
    68. Common Pitfalls Part2 00:02:19
    69. Objectives of the Information Security Strategy 00:01:33
    70. What is the Goal? 00:01:41
    71. Defining Objectives 00:01:23
    72. Business Linkages 00:01:49
    73. Business Case Development Part1 00:01:44
    74. Business Case Development Part2 00:02:36
    75. Business Case Development Part3 00:00:46
    76. Business Case Objectives 00:00:57
    77. The Desired State 00:01:49
    78. COBIT 00:01:08
    79. COBIT Controls 00:01:09
    80. COBIT Framework 00:00:49
    81. Capability Maturity Model 00:01:39
    82. Balanced Scorecard 00:01:22
    83. Architectural Approaches 00:01:03
    84. ISO/IEC 27001 and 27002 00:01:00
    85. Risk Objectives Part1 00:01:39
    86. Risk Objectives Part2 00:03:12
    87. Lesson 9: Determining Current State Of Security 00:00:46
    88. Current Risk Part1 00:02:38
    89. Current Risk Part2 00:01:11
    90. BIA 00:01:12
    91. Lesson 10: Information Security Strategy Development 00:01:52
    92. The Roadmap 00:01:01
    93. Elements of a Strategy 00:03:28
    94. Strategy Resources and Constraints 00:02:46
    95. Lesson 11: Strategy Resources 00:00:33
    96. Policies and Standards 00:01:01
    97. Definitions 00:05:49
    98. Enterprise Information Security Architectures 00:01:30
    99. Controls 00:03:00
    100. Countermeasures 00:00:55
    101. Technologies 00:01:51
    102. Personnel 00:01:54
    103. Organizational Structure 00:03:48
    104. Employee Roles and Responsibilities 00:00:29
    105. Skills 00:01:17
    106. Audits 00:01:42
    107. Compliance Enforcement 00:02:24
    108. Threat Assessment 00:01:41
    109. Vulnerability Assessment 00:02:21
    110. Risk Assessment 00:02:19
    111. Insurance 00:02:05
    112. Business Impact Assessment 00:02:32
    113. Outsourced Security Providers 00:02:57
    114. Lesson 12: Strategy Constraints 00:00:23
    115. Legal and Regulatory Requirements 00:01:43
    116. Physical Constraints 00:02:56
    117. The Security Strategy 00:01:36
    118. Lesson 13: Action Plan to Implement Strategy 00:01:14
    119. Gap Analysis Part1 00:01:35
    120. Gap Analysis Part2 00:00:52
    121. Gap Analysis Part3 00:03:01
    122. Policy Development Part1 00:01:42
    123. Policy Development Part2 00:01:01
    124. Standards Development 00:02:45
    125. Training and Awareness 00:00:36
    126. Action Plan Metrics 00:01:23
    127. General Metric Considerations Part1 00:00:24
    128. General Metric Considerations Part2 00:00:36
    129. General Metric Considerations Part3 00:00:43
    130. General Metric Considerations Part4 00:00:23
    131. CMM4 Statements 00:02:01
    132. Objectives for CMM4 00:00:48
    133. Chapter 1 Review 00:00:44
  3. Information Risk Management
    1. Lesson 1: Risk Management Overview 00:01:00
    2. Risk Management Overview 00:01:52
    3. Types of Risk Analysis 00:07:08
    4. The Importance of Risk Management 00:02:15
    5. Risk Management Outcomes 00:01:35
    6. Risk Management Strategy 00:01:49
    7. Lesson 2: Good Information Security Risk Management 00:04:15
    8. Context and Purpose 00:03:08
    9. Scope and Charter 00:00:39
    10. Assets 00:02:31
    11. Other Risk Management Goals 00:02:02
    12. Roles and Responsibilities 00:02:52
    13. Lesson 3: Information Security Risk Management Concepts 00:06:06
    14. Technologies 00:06:39
    15. Lesson 4: Implementing Risk Management 00:02:08
    16. The Risk Management Framework 00:02:01
    17. The External Environment 00:01:48
    18. The Internal Environment 00:02:07
    19. The Risk Management Context 00:00:48
    20. Gap Analysis 00:02:21
    21. Other Organizational Support 00:04:10
    22. Risk Analysis 00:01:22
    23. Lesson 5: Risk Assessment 00:01:19
    24. NIST Risk Assessment Methodology 00:03:50
    25. Aggregated or Cascading Risk 00:02:55
    26. Other Risk Assessment Approaches 00:01:19
    27. Identification of Risks 00:01:49
    28. Threats 00:01:09
    29. Vulnerabilities Part1 00:02:11
    30. Vulnerabilities Part2 00:04:10
    31. Risks 00:01:36
    32. Analysis of Relevant Risks 00:01:49
    33. Risk Analysis 00:02:30
    34. Semi-Quantitative Analysis 00:01:52
    35. Quantitative Analysis Example 00:04:15
    36. Evaluation of Risks 00:00:46
    37. Risk Treatment Options 00:04:40
    38. Impact 00:02:59
    39. Lesson 6: Controls Countermeasures 00:00:25
    40. Controls 00:04:43
    41. Residual Risk 00:03:38
    42. Information Resource Valuation 00:01:33
    43. Methods of Valuing Assets 00:01:37
    44. Information Asset Classification 00:03:32
    45. Determining Classification 00:02:05
    46. Impact Part1 00:03:53
    47. Impact Part2 00:01:03
    48. Lesson 7: Recovery Time Objectives 00:00:50
    49. Recovery Point Objectives 00:04:18
    50. Service Delivery Objectives 00:01:58
    51. Third-Party Service Providers 00:01:44
    52. Working with Lifecycle Processes 00:02:08
    53. IT System Development 00:02:12
    54. Project Management Part1 00:00:47
    55. Project Management Part2 00:02:11
    56. Lesson 8: Risk Monitoring and Communication 00:01:18
    57. Risk Monitoring and Communication 00:00:38
    58. Other Communications 00:01:25
    59. Chapter 2 Review 00:01:02
  4. Information Security Program Development
    1. Introduction 00:00:31
    2. Lesson 1: Development of Information Security Program 00:02:51
    3. Importance of the Program 00:00:53
    4. Outcomes of Security Program Development 00:01:47
    5. Effective Information Security Program Development 00:04:59
    6. Lesson 2: Information Security Program Objectives 00:00:11
    7. Cross Organizational Responsibilities 00:01:55
    8. Program Objectives Part1 00:02:23
    9. Program Objectives Part2 00:01:18
    10. Defining Objectives Part1 00:02:11
    11. Defining Objectives Part2 00:01:08
    12. Lesson 3: Information Security Program Development Concepts Part1 00:04:02
    13. Information Security Program Development Concepts Part2 00:05:39
    14. Technology Resources 00:02:44
    15. Information Security Manager 00:01:25
    16. Lesson 4: Scope and Charter of Information Security Program Development 00:00:30
    17. Assurance Function Integration 00:01:36
    18. Challenges in Developing Information Security Program 00:01:55
    19. Pitfalls 00:02:49
    20. Objectives of the Security Program 00:02:07
    21. Program Goals 00:02:53
    22. The Steps of the Security Program 00:01:46
    23. Defining the Roadmap Part1 00:01:38
    24. Defining the Roadmap Part2 00:00:59
    25. Elements of the Roadmap Part1 00:01:19
    26. Elements of the Roadmap Part2 00:00:35
    27. Elements of the Roadmap Part3 00:01:57
    28. Elements of the Roadmap Part4 00:01:18
    29. Elements of the Roadmap Part5 00:00:19
    30. Gap Analysis 00:00:44
    31. Lesson 5: Information Security Management Framework 00:00:15
    32. Security Management Framework 00:04:55
    33. COBIT 5 00:05:59
    34. ISO/IEC 27001 00:04:30
    35. Lesson 6: Information Security Framework Components 00:00:14
    36. Operational Components Part1 00:01:56
    37. Operational Components Part2 00:03:11
    38. Management Components 00:01:31
    39. Administrative Components 00:03:30
    40. Educational and Informational Components 00:01:26
    41. Lesson 7: Information Security Program Resources 00:01:32
    42. Resources 00:03:28
    43. Documentation 00:00:55
    44. Enterprise Architecture Part1 00:04:29
    45. Enterprise Architecture Part2 00:01:54
    46. Enterprise Architecture Part3 00:01:11
    47. Controls as Strategy Implementation Resources Part1 00:03:42
    48. Controls as Strategy Implementation Resources Part2 00:02:20
    49. Controls as Strategy Implementation Resources Part3 00:04:36
    50. Controls as Strategy Implementation Resources Part4 00:02:20
    51. Common Control Practices 00:01:42
    52. Countermeasures 00:00:37
    53. Technologies Part1 00:01:14
    54. Technologies Part2 00:01:53
    55. Technologies Part3 00:01:39
    56. Technologies Part4 00:05:38
    57. Personnel Part1 00:02:00
    58. Personnel Part2 00:02:56
    59. Security Awareness 00:01:29
    60. Awareness Topics 00:05:18
    61. Formal Audits 00:01:16
    62. Compliance Enforcement 00:01:03
    63. Project Risk Analysis 00:03:10
    64. Other Actions 00:02:59
    65. Other Organizational Support 00:01:21
    66. Program Budgeting Part1 00:01:04
    67. Program Budgeting Part2 00:02:19
    68. Lesson 8: Implementing an Information Security Program 00:00:14
    69. Policy Compliance 00:02:38
    70. Standards Compliance 00:02:45
    71. Training and Education 00:01:43
    72. ISACA Control Objectives 00:03:52
    73. Third-party Service Providers Part1 00:01:09
    74. Third-party Service Providers Part2 00:04:23
    75. Integration into Lifecycle Processes 00:02:15
    76. Monitoring and Communication 00:03:34
    77. Documentation 00:01:33
    78. The Plan of Action Part1 00:01:17
    79. The Plan of Action Part2 00:01:36
    80. Lesson 9: Information Infrastructure and Architecture 00:00:53
    81. Managing Complexity Part1 00:04:42
    82. Managing Complexity Part2 00:01:46
    83. Objectives of Information Security Architectures Part1 00:01:30
    84. Objectives of Information Security Architectures Part2 00:01:15
    85. Physical and Environmental Controls 00:03:33
    86. Lesson 10: Information Security Program 00:03:03
    87. Information Security Program Deployment Metrics 00:02:27
    88. Metrics 00:02:03
    89. Strategic Alignment 00:00:53
    90. Risk Management 00:01:41
    91. Value Delivery 00:00:36
    92. Resource Management 00:01:23
    93. Assurance Process Integration 00:00:27
    94. Performance Measurement 00:00:41
    95. Security Baselines 00:00:38
    96. Lesson 11: Security Program Services and Operational Activities 00:00:48
    97. IS Liaison Responsibilities Part1 00:10:17
    98. IS Liaison Responsibilities Part2 00:02:28
    99. Cross-Organizational Responsibilities 00:01:34
    100. Security Reviews and Audits Part1 00:03:28
    101. Security Reviews and Audits Part2 00:01:38
    102. Management of Security Technology 00:01:25
    103. Due Diligence Part1 00:04:11
    104. Due Diligence Part2 00:01:36
    105. Compliance Monitoring and Enforcement Part1 00:02:02
    106. Compliance Monitoring and Enforcement Part2 00:01:47
    107. Assessment of Risk and Impact Part1 00:02:17
    108. Assessment of Risk and Impact Part2 00:01:28
    109. Outsourcing and Service Providers 00:02:34
    110. Cloud Computing Part1 00:01:37
    111. Cloud Computing Part2 00:01:55
    112. Cloud Computing Part3 00:02:23
    113. Integration with IT Processes 00:00:42
    114. Chapter 3 Review 00:01:14
  5. Information Security Incident Management
    1. Lesson 1: Incident Management Overview Part1 00:00:47
    2. Incident Management Overview Part2 00:03:09
    3. Incident Management Overview Part3 00:03:45
    4. Types of Events Part1 00:02:44
    5. Types of Events Part2 00:03:21
    6. Goals of Incident Management Part1 00:04:45
    7. Goals of Incident Management Part2 00:06:32
    8. Goals of Incident Management Part3 00:03:27
    9. Lesson 2: Incident Response Procedures Part1 00:00:23
    10. Incident Response Procedures Part2 00:03:40
    11. Importance of Incident Management 00:08:01
    12. Outcomes of Incident Management 00:03:51
    13. Incident Management 00:01:35
    14. Concepts Part1 00:03:44
    15. Concepts Part2 00:01:35
    16. Concepts Part3 00:01:34
    17. Incident Management Systems Part1 00:04:02
    18. Incident Management Systems Part2 00:00:53
    19. Lesson 3: Incident Management Organization 00:02:31
    20. Responsibilities Part1 00:03:45
    21. Responsibilities Part2 00:02:58
    22. Responsibilities Part3 00:05:11
    23. Senior Management Commitment 00:01:02
    24. Lesson 4: Incident Management Resources 00:00:25
    25. Policies and Standards 00:00:37
    26. Incident Response Technology Concepts 00:11:12
    27. Personnel 00:03:11
    28. Roles and Responsibilities (eNotes) 00:08:24
    29. Skills 00:08:10
    30. Awareness and Education 00:01:21
    31. Audits 00:02:50
    32. Lesson 5: Incident Management Objectives 00:00:18
    33. Defining Objectives 00:00:48
    34. The Desired State 00:03:29
    35. Strategic Alignment 00:06:43
    36. Other Concerns 00:02:33
    37. Lesson 6: Incident Management Metrics and Indicators 00:05:14
    38. Implementation of the Security Program Management 00:03:01
    39. Management Metrics and Monitoring Part1 00:01:36
    40. Management Metrics and Monitoring Part2 00:02:48
    41. Other Security Monitoring Efforts 00:04:24
    42. Lesson 7: Current State of Incident Response Capability 00:00:12
    43. Threats 00:04:39
    44. Vulnerabilities 00:06:16
    45. Lesson 8: Developing an Incident Response Plan 00:00:44
    46. Elements of an Incident Response Plan 00:08:19
    47. Gap Analysis 00:03:05
    48. BIA Part1 00:05:05
    49. BIA Part2 00:02:48
    50. Escalation Process for Effective IM 00:02:46
    51. Help Desk Processes for Identifying Security Incidents 00:01:28
    52. Incident Management and Response Teams 00:02:11
    53. Organizing, Training, and Equipping the Response Staff 00:01:55
    54. Incident Notification Process 00:00:55
    55. Challenges in making an Incident Management Plan 00:02:19
    56. Lesson 9: BCP/DRP 00:07:49
    57. Goals of Recovery Operations Part1 00:02:03
    58. Goals of Recovery Operations Part2 00:01:58
    59. Choosing a Site Selection Part1 00:05:38
    60. Choosing a Site Selection Part2 00:01:18
    61. Implementing the Strategy 00:03:59
    62. Incident Management Response Teams 00:02:10
    63. Network Service High-availability 00:04:17
    64. Storage High-availability 00:04:02
    65. Risk Transference 00:01:27
    66. Other Response Recovery Plan Options 00:01:30
    67. Lesson 10: Testing Response and Recovery Plans 00:02:18
    68. Periodic Testing 00:01:17
    69. Analyzing Test Results Part1 00:02:07
    70. Analyzing Test Results Part2 00:03:39
    71. Measuring the Test Results 00:00:58
    72. Lesson 11: Executing the Plan 00:01:57
    73. Updating the Plan 00:01:16
    74. Intrusion Detection Policies 00:01:39
    75. Who to Notify about an Incident 00:01:53
    76. Recovery Operations 00:01:53
    77. Other Recovery Operations 00:01:57
    78. Forensic Investigation 00:03:05
    79. Hacker / Penetration Methodology 00:11:50
    80. Chapter 4 Review 00:01:15
    81. Course Closure 00:00:35