New members: get your first 7 days of ITTutorPro Premium for free! Join for free

Certified Information Security Manager (CISM)

Course Description

12.38 Hours

298 Videos

IT Security is without question one of the hottest and most lucrative areas of Information Technology today and the CISM Certification is one of the most valued credentials in the marketplace. This course promotes international practices and provides management with assurance that those earning this designation have the necessary knowledge and experience to provide effective security management. This course trains students for a position in Risk Management, Security Auditor, Compliance Officer or an executive management position as a CSO, CTO or CIO.

Another key course offered by ITU Online that prepares you for a ISACA certification is our Certified Information Systems Auditor (CISA)

For more information on this certification, visit the ISACA Official Certification site.

Share on:

Course Syllabus

Domain 1: Information Security Governance

  1. CISM Introduction
  2. Information Security
  3. Business Goals, Objectives, and Functions
  4. Business Goals and Information Security
  5. Information Security Threats
  6. Information Security Management
  7. Identity Management
  8. Data Protection
  9. Network Security
  10. Personnel Security
  11. Facility Security
  12. Security Compliance and Standards
  13. Information Security Strategy
  14. Inputs and Outputs of the Informtion Security Strategy
  15. Processes in an Information Security Strategy
  16. People in an Information Security Strategy
  17. Technologies in an Indormation Security Strategy
  18. Logical and Physical Information Security Strategy Architectures
  19. Information Security and Business Functions
  20. Information Security Policies and Enterprise Objectives
  21. International Standards for the Security Management
  22. ISO/IEC 27000 Standards
  23. International Info Government Standards
  24. Information Security Government Standards in the United States
  25. Methods of Coordinating Information Security Activites
  26. How to Develop an Information Security Strategy
  27. Information Security Governance
  28. Role of the Security in Governance
  29. Scope of Information Security Governance
  30. Charter of Information Security Governance
  31. Information Security Governance and Enterprise Governance
  32. How to Align Information Security Strategy with Corporate Governance
  33. Regulatory Requirements and Information Security
  34. Business Impact of Regulatory Requirements
  35. Liability Management
  36. Liability Management Strategies
  37. How to Identify Legal and Regulatory Requirements
  38. Business Case Development
  39. Budgetary Reporting Methods
  40. Budgetary Planning Strategy
  41. How to Justify Investment in Info Security
  42. Organizational Drivers
  43. Impact of Drivers on Info Security
  44. Third Party Relationships
  45. How to Identify Drivers Affecting the Organization
  46. Purpose of Obtaining Commitment to Info Security
  47. Methods for Obtaining Commitment
  48. ISSG
  49. ISSG Roles and Responsibilities
  50. ISSG Operation
  51. How to Obtain Senior Management’s Commitment to Info Security
  52. Info Security Management Roles and Responsibilities
  53. How to Define Roles and Responsibilities for Info Security
  54. The Need for Reporting and Communicating
  55. Methods for Reporting in an Organization
  56. Methods of Communication in an Organization
  57. How to Establish Reporting and Communicating Channels

Domain 2: Risk Management

  1. Risk
  2. Risk Assessment
  3. Info Threat Types
  4. Info Vulnerabilities
  5. Common Points of Exposure
  6. Info Security Controls
  7. Types of Info Security Controls
  8. Common Info Security Countermeasures
  9. Overview of the Risk Assessment Process
  10. Factors Used in Risk Assessment and Analysis
  11. Risk Assessment Methodologies
  12. Quantitative Risk Assessment – Part 1
  13. Quantitative Risk Assessment – Part 2
  14. Qualitative Risk Assessment
  15. Hybrid Risk Assessment
  16. Best Practices for Info Security Management
  17. Gap Analysis
  18. How to Implement an Info Risk Assessment Process
  19. Info Classification Schemas
  20. Components of Info Classification Schemas
  21. Info Ownership Schemas
  22. Components of Info Ownership Schemas
  23. Info Resource Valuation
  24. Valuation Methodologies
  25. How to Determine Info Asset Classification and Ownership
  26. Baseline Modeling
  27. Control Requirements
  28. Baseline Modeling and Risk Based Assessment of Control Requirements
  29. How to Conduct Ongoing Threat and Vulnerability Evaluations
  30. BIA’s
  31. BIA Methods
  32. Factors for Determining Info Resource Sensitivity and Critically
  33. Impact of Adverse Events
  34. How to Conduct Periodic BIA’s
  35. Methods for Measuring Effectiveness of Controls and Countermeasures
  36. Risk Mitigation
  37. Risk Mitigation Strategies
  38. Effect of Implementing Risk Mitigation Strategies
  39. Acceptable Levels of Risk
  40. Cost Benefit Analysis
  41. How to Identify and Evaluate Risk Mitigation Strategies
  42. Life Cycle Processes
  43. Life Cycle-Based Risk Management
  44. Risk Management Life Cycle
  45. Business Life Cycle Processes Affected by Risk Management
  46. Life Cycled-Based Risk Management Principles and Practices
  47. How to Integrate Risk Management Into Business Life Cycle Processes
  48. Significant Changes
  49. Risk Management Process
  50. Risk Reporting Methods
  51. Components of Risk Reports
  52. How to Report Changes in Info Risk

Domain 3: Information Security Program

  1. Info Security Strategies
  2. Common Info Security Strategies
  3. Info Security Implementation Plans
  4. Conversation of Strategies Into Implementation Plans
  5. Info Security Programs
  6. Info Security Program Maintenance
  7. Methods for Maintaining an Info Security Program
  8. Succession Planning
  9. Allocation of Jobs
  10. Program Documentation
  11. How to Develop Plans to Implement an Info Security Strategy
  12. Security Technologies and Controls
  13. Cryptographic Techniques
  14. Symmetric Cryptography
  15. Public Key Cryptography
  16. Hashes
  17. Access Control
  18. Access Control Categories
  19. Physical Access Controls
  20. Technical Access Controls
  21. Administrative Access Controls
  22. Monitoring Tools
  23. IDS’s
  24. Anti-Virus Systems
  25. Policy-Compliance Systems
  26. Common Activities Required in Info Security Programs
  27. Prerequisites for Implementing the Program
  28. Implementation Plan Management
  29. Types of Security Controls
  30. Info Security Controls Development
  31. How to Specify info Security Program Activities
  32. Business Assurance Function
  33. Common Business Assurance Functions
  34. Methods for Aligning info Security Programs with Business Assurance Functions
  35. How to Coordinate Info Security Programs with Business Assurance Functions
  36. SLA’s
  37. Internal Resources
  38. External Resources
  39. Services Provided by External Resources – Part 1
  40. Services Provided by External Resources – Part 2
  41. Skills Commonly Required for Info Security Program Implementation
  42. Dentification of Resources and Skills Required for a Particular Implementation
  43. Resource Acquisition Methods
  44. Skills Acquisition Methods
  45. How to Identify Resources Needed for Info Security Program Implementation
  46. Info Security Architectures
  47. The SABSA Model for Security Architecture
  48. Deployment Considerations
  49. Deployment of Info Security Architectures
  50. How to Develop Info Security Architecture
  51. Info Security Policies
  52. Components of Info Security Policies
  53. Info Security Policies and the Info Security Strategy
  54. Info Security Policies and Enterprise Business Objectives
  55. Info Security Policy Development Factors
  56. Methods for Communicating Info Security Policies
  57. Info Security Policy Maintenance
  58. How to Develop Info Security Policies
  59. Info Security Awareness Program, Training Programs, and Education Programs
  60. Security Awareness, Training, and Education Gap Analysis
  61. Methods for Closing the Security Awareness, Training, and Education Gaps
  62. Security-Based Cultures and Behaviors
  63. Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise
  64. How to Develop Info Security Awareness, Training, and Education Programs
  65. Supporting Documentation for Info Security Policies
  66. Standards, Procedures, Guidelines, and Baselines
  67. Codes of Conduct
  68. NDA’s
  69. Methods for Developing Supporting Documentation
  70. Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation
  71. Methods for Maintaining Supporting Documentation
  72. C and A
  73. C and A Programs
  74. How to Develop Supporting Documentation for Info Security Policies

Domain 4: Information Security Program Implementation

  1. Enterprise Business Objectives
  2. Integrating Enterprise Business Objectives & Info Security Policies
  3. Organizational Processes
  4. Change Control
  5. Merges & Acquisitions
  6. Organizational Processes & Info Security Policies
  7. Methods for Integrating Info Security Policies & Organizational Processes
  8. Life Cycle Methodologies
  9. Types of Life Cycle Methodologies
  10. How to Integrate Info Security Requirements Into Organizational Processes
  11. Types of Contracts Affected by Info Security Programs
  12. Joint Ventures
  13. Outsourced Provides & Info Security
  14. Business Partners & Info Security
  15. Customers & Info Security
  16. Third Party & Info Security
  17. Risk Management
  18. Risk Management Methods & Techniques for Third Parties
  19. SLA’s & Info Security
  20. Contracts & Info Security
  21. Due Diligence & Info Security
  22. Suppliers & Info Security
  23. Subcontractors & Info Security
  24. How to Integrate Info Security Controls Into Contracts
  25. Info Security Metrics
  26. Types of Metrics Commonly Used for Info Security
  27. Metric Design, Development & Implementation
  28. Goals of Evaluating Info Security Controls
  29. Methods of Evaluating Info Security Controls
  30. Vulnerability Testing
  31. Types of Vulnerability Testing
  32. Effects of Vulnerability Assessment & Testing
  33. Vulnerability Correction
  34. Commercial Assessment Tools
  35. Goals of Tracking Info Security Awareness, Training, & Education Programs
  36. Methods for Tracking Info Security Awareness, Training, & Education Programs
  37. Evaluation of Training Effectiveness & Relevance
  38. How to Create Info Security Program Evaluation Metrics

Domain 5: Information Security Program Management

  1. Management Metrics
  2. Types of Management Metrics
  3. Data Collection
  4. Periodic Reviews
  5. Monitoring Approaches
  6. KPI’s
  7. Types of Measurements
  8. Other Measurements
  9. Info Security Reviews

Domain 6: Incident Management and Response

  1. Management Metrics
  2. Types of Management Metrics
  3. Data Collection
  4. Periodic Reviews
  5. Monitoring Approaches
  6. KPI’s
  7. Types of Measurements
  8. Other Measurements
  9. Info Security Reviews
  10. The Role of Assurance Providers
  11. Comparing Internal and External Assurance Providers
  12. Line Management Technique
  13. Budgeting
  14. Staff Management
  15. Facilities
  16. How to Manage Info Security Program Resources
  17. Security Policies
  18. Security Policy Components
  19. Implementation of Info Security Policies
  20. Administrative Processes and Procedures
  21. Access Control Types
  22. ACM
  23. Access Security Policy Principles
  24. Identity Management and Compliance
  25. Authentication Factors
  26. Remote Access
  27. User Registration
  28. Procurement
  29. How to Enforce Policy and Standards Compliance
  30. Types of Third Party Relationships
  31. Methods for Managing Info Security Regarding Third Parties
  32. Security Service Providers
  33. Third Party Contract Provisions
  34. Methods to Define Security Requirements in SLA’s, Security Provisions and SLA’s, and Methods to Monitor Security
  35. How to Enforce Contractual Info Security Controls
  36. SDLC
  37. Code Development
  38. Common Techniques for Security Enforcement
  39. How to Enforce Info Security During Systems Development
  40. Maintenance
  41. Methods of Monitoring Security Activities
  42. Impact of Change and Configuration Management Activities
  43. How to Maintain Info Security Within an Organization
  44. Due Diligence Activities
  45. Types of Due Diligence Activities
  46. Reviews of Info Access
  47. Standards of Managing and Controlling Info Access
  48. How to Provide Info Security Advice and Guidance
  49. Info Security Awareness
  50. Types of Info Security Stakeholders
  51. Methods of Stakeholder Education
  52. Security Stakeholder Education Process
  53. How to Provide Info Security Awareness and Training
  54. Methods of Testing the Effectiveness of Info Security Control
  55. The Penetration Testing Process
  56. Types of Penetration Testing
  57. Password Cracking
  58. Social Engineering Attacks
  59. Social Engineering Types
  60. External Vulnerability Reporting Sources
  61. Regulatory Reporting Requirements
  62. Internal Reporting Requirements
  63. How to Analyze the Effectiveness of Info Security Controls
  64. Noncompliance Issues
  65. Security Baselines
  66. Events Affecting the Security Baseline
  67. Info Security Problem Management Process
  68. How to Resolve Noncompliance Issues

From: $14.99 / month

  • Vast selection of courses and labs Access
  • Unlimited access from all devices
  • Learn from industry expert instructors
  • Assessment quizzes and monitor progress
  • Vast selection of courses and labs Access
  • Blended Learning with Virtual Classes
  • Access to new courses every quarter
  • 100% satisfaction guarantee

You Will Get Certification After Completetion This Course.

Instructor Led Lectures
All IT Tutor Pro Formerly It Nuggets Courses replicate a live class experience with an instructor on screen delivering the course’s theories and concepts.These lectures are pre-recorded and available to the user 24/7. They can be repeated, rewound, fast forwarded.
Visual Demonstrations, Educational Games & Flashcards
IT Tutor Pro Formerly It Nuggets recognizes that all students do not learn alike and different delivery mediums are needed in order to achieve success for a large student base. With that in mind, we delivery our content in a variety of different ways to ensure that students stay engaged and productive throughout their courses.
Mobile Optimization & Progress Tracking
Our courses are optimized for all mobile devices allowing students to learn on the go whenever they have free time. Students can access their courses from anywhere and their progress is completely tracked and recorded.
Practice Quizzes And Exams
IT Tutor Pro Formerly It Nuggets Online’s custom practice exams prepare you for your exams differently and more effectively than the traditional exam preps on the market. Students will have practice quizzes after each module to ensure you are confident on the topic you are learning.
World Class Learning Management System
IT Tutor Pro Formerly It Nuggets provides the next generation learning management system (LMS). An experience that combines the feature set of traditional Learning Management Systems with advanced functionality designed to make learning management easy and online learning engaging from the user’s perspective.

Frequently Asked Questions

How does online education work on a day-to-day basis?
Instructional methods, course requirements, and learning technologies can vary significantly from one online program to the next, but the vast bulk of them use a learning management system (LMS) to deliver lectures and materials, monitor student progress, assess comprehension, and accept student work. LMS providers design these platforms to accommodate a multitude of instructor needs and preferences.
Is online education as effective as face-to-face instruction?
Online education may seem relatively new, but years of research suggests it can be just as effective as traditional coursework, and often more so. According to a U.S. Department of Education analysis of more than 1,000 learning studies, online students tend to outperform classroom-based students across most disciplines and demographics. Another major review published the same year found that online students had the advantage 70 percent of the time, a gap authors projected would only widen as programs and technologies evolve.
Do employers accept online degrees?
All new learning innovations are met with some degree of scrutiny, but skepticism subsides as methods become more mainstream. Such is the case for online learning. Studies indicate employers who are familiar with online degrees tend to view them more favorably, and more employers are acquainted with them than ever before. The majority of colleges now offer online degrees, including most public, not-for-profit, and Ivy League universities. Online learning is also increasingly prevalent in the workplace as more companies invest in web-based employee training and development programs.
Is online education more conducive to cheating?
The concern that online students cheat more than traditional students is perhaps misplaced. When researchers at Marshall University conducted a study to measure the prevalence of cheating in online and classroom-based courses, they concluded, “Somewhat surprisingly, the results showed higher rates of academic dishonesty in live courses.” The authors suggest the social familiarity of students in a classroom setting may lessen their sense of moral obligation.
How do I know if online education is right for me?
Choosing the right course takes time and careful research no matter how one intends to study. Learning styles, goals, and programs always vary, but students considering online courses must consider technical skills, ability to self-motivate, and other factors specific to the medium. Online course demos and trials can also be helpful.
What technical skills do online students need?
Our platform typically designed to be as user-friendly as possible: intuitive controls, clear instructions, and tutorials guide students through new tasks. However, students still need basic computer skills to access and navigate these programs. These skills include: using a keyboard and a mouse; running computer programs; using the Internet; sending and receiving email; using word processing programs; and using forums and other collaborative tools. Most online programs publish such requirements on their websites. If not, an admissions adviser can help.