Upcoming
Sessions
Welcome!    Login | Checkout 0 Items | Checkout
ETI Performance Improvement

Technical Training

Creating Rock Stars since 1984


CISSM: Information Systems Security Manager

The Certified Information Systems Security Manager certification course is designed to teach towards and certify a information systems professional’s high standard of excellence in following areas:

  • Information Security Governance
  • Information Risk Management and Compliance
  • Information Security Program Development and Management
  • Information Security Incident Management

While we provide thorough training in these 4 critical areas of information systems security management, most who take the C)ISSM have professional experience in all four of these areas. A gap of experience in some of these fields can be bridged by achieving our C)ISSO: Certified Information Systems Security Officer Certification.

Prerequisites

  • CISSO Information Systems Security Officer
  • Or equivalent experience



More About This Session


Topics
Dates & Registration

CISSM: Information Systems Security Manager

4 Days

Your Price: $2495


Register!

Module 1 – Introduction

  • Welcome
  • Agenda
  • CISM
  • CISM Exam Review Course Overview
  • CISM Qualifications
  • The Learning Environment
  • Daily Format
  • Domain Structure
  • Course Structure
  • Logistics             

Module 2 – Information Security Governance

  • Course Agenda
  • Examination Content
  • Chapter 1 Learning Objectives
  • The First Question
  • Information Security Governance Overview
  • Selling the Importance of Information Security
  • The First Priority for the CISM
  • Business Goals and Objectives
  • Outcomes of Information Security Governance
  • Benefits of Information Security Governance
  • Performance and Governance
  • Information Security Strategy
  • Developing Information Security Strategy
  • Elements of a Strategy
  • Objectives of Security Strategy
  • The Goal of Information Security
  • Defining Security Objectives
  • Business Linkages
  • Business Case Development
  • The Information Security Program
  • Security Program Priorities
  • Security versus Business
  • Security Program Objectives
  • What is Security?
  • Security Integration
  • Security Program
  • Architecture
  • Information Security Frameworks
  • Using an Information Security Framework
  • The Desired State of Security
  • The Desired State cont.
  • The Maturity of the Security Program Using CMM
  • Using the Balanced Scorecard
  • The ISO27001:2013 Framework
  • Examples of Other Security Frameworks
  • Examples of Other Security Frameworks
  • Constraints and Considerations for a Security Program
  • Constraints and Considerations for a Security Program cont.
  • Elements of Risk and Security
  • Risk Management
  • Information Security Concepts
  • Information Security Concepts cont.
  • Security Program Elements
  • Security Program Elements cont.
  • Third Party Agreements
  • Roles and Responsibilities of Senior Management
  • Senior Management Commitment
  • Steering Committee
  • CISO Chief Information Security Officer Responsibilities
  • Business Manager Responsibilities
  • IT Staff Responsibilities
  • Centralized versus Decentralized Security
  • Evaluating the Security Program
  • Audit and Assurance of Security
  • Evaluating the Security Program
  • Effective Security Metrics
  • Effective Security Metrics cont.
  • Key Performance Indicators (KPIs)
  • End to End Security
  • Correlation Tools
  • Reporting and Compliance
  • Regulations and Standards
  • Effect of Regulations
  • Reporting and Analysis
  • Ethics
  • Ethical Standards
  • Ethical Responsibility
  • Practice Question
  • Practice Question
  • Practice Question
  • Practice Question

Module 3 – Information Risk Management and Compliance

  • Exam Relevance
  • Information Asset Classification
  • Roles and Responsibilities
  • Roles and Responsibilities
  • Information Classification Considerations
  • Regulations and Legislation
  • Asset Valuation
  • Valuation Process
  • Information Protection
  • Information Asset Protection
  • Definition of Risk
  • Why is Risk Important
  • Risk Management Definition
  • Risk Management Objective
  • Risk Management Overview
  • Risk Management Overview
  • Defining the Risk Environment
  • Threats to Information and Information Systems
  • Threat Analysis
  • Aggregate Risk
  • Cascading Risk
  • Identification of Vulnerabilities
  • The Effect of Risk
  • Impact
  • Impact cont.
  • Risk Management Process
  • Risk Assessment Methodology
  • Annualized Loss Expectancy (ALE)
  • Qualitative Risk Assessment
  • Data Gathering Techniques
  • Results of Risk Assessment
  • Alignment of Risk Assessment and BIA
  • Risk Treatment
  • Risk Treatment
  • Risk Mitigation and Controls
  • Control Recommendations
  • Cost Benefit Analysis of Controls
  • Cost Benefit Analysis of Controls cont.
  • Risk Mitigation Schematic
  • Control Types and Categories
  • Control Types and Categories cont.
  • Security Control Baselines
  • Ongoing Risk Assessment
  • Measuring Control Effectiveness
  • Building Risk Management In (Agenda)
  • Risk Related to Change Control
  • Controlling Risk in Change Control
  • Risk Management During SDLC
  • Ongoing Risk Management Monitoring and Analysis
  • Audit and Risk Management
  • Audit and Risk Management cont.
  • Risk in Business Process Re-Engineering
  • Risk in Project Management
  • Risk During Employment Process
  • New Employee Initiation
  • Risk During Employment
  • Risk at Termination of Employment
  • Risks During Procurement
  • Risk During Procurement cont.
  • Reporting to Management
  • Documentation
  • Training and Awareness
  • Training and Awareness
  • Training for End Users
  • Practice Question
  • Practice Question 2

Module 4 – Information Security Program Development and Management

  • Course Agenda
  • Exam Relevance
  • Learning Objectives cont.
  • Definition
  • Security Strategy and Program Relationship
  • Information Security Management
  • Importance of Security Management
  • Definition
  • Effective Security Management
  • Reasons for Security Program Failure
  • Program Objectives
  • Security Program Development
  • Security Program Development cont.
  • Outcomes of Information Security Program Development
  • Governance of the Security Program
  • Role of the Information Security Manager (Agenda)
  • Strategy
  • Policy
  • Creating Effective Policy
  • Awareness
  • Implementation
  • Monitoring
  • Compliance
  • Developing an Information Security Road Map
  • Defining Security Program Objectives
  • Inventory of Information Systems
  • Challenges in Developing an Information Security Program
  • Challenges in Developing an Information Security Program cont.
  • Elements of a Security Program Road Map
  • Security Programs and Projects
  • Security Program and Project Development
  • Security Project Planning
  • Selection of Controls
  • Common Control Practices
  • Security Program Elements (Agenda)
  • Policies
  • Acceptable Use Policy
  • Acceptable Use Policy cont.
  • Standards
  • Procedures
  • Guidelines
  • Technology
  • Personnel Security
  • Training and Skills Matrix
  • Organizational Structure
  • Outsourced Security Providers
  • Third-party Service Providers
  • Facilities
  • Facilities Security
  • Environmental Security
  • Information Security Concepts (Agenda)
  • Information Security Concepts (Agenda)
  • Access Control
  • Identification
  • Authentication
  • Authorization
  • Accounting / Auditability
  • Criticality
  • Sensitivity
  • Trust Models
  • Technology-based Security
  • Technologies
  • Security in Technical Components
  • Operations Security
  • Technologies – Access Control Lists
  • Filtering and Content Management
  • Technologies – SPAM
  • Technologies – Databases and DBMS
  • Encryption
  • Technologies – Cryptography
  • Technologies – Cryptography cont.
  • Technologies – Encryption cont.
  • Technologies – Hashing Algorithms
  • Technology – Communications OSI Model
  • Technology – Communications TCP/IP
  • Technologies – Operating Systems
  • Technology – Firewalls
  • Emerging Technologies
  • Intrusion Detection Policies and Processes
  • Intrusion Detection Systems
  • IDS / IPS
  • Password Cracking
  • Vulnerability Assessments
  • Penetration Testing
  • Penetration Testing cont.
  • Third Party Security Reviews
  • Integration into Life Cycle Processes
  • Security in External Agreements
  • Security in External Agreements
  • Security Program Implementation
  • Phased Approach
  • Challenges During Implementation
  • Evaluating the Security Program
  • Evaluating Security Program cont.
  • Evaluating the Security Program cont.
  • Measuring Information Security Risk and Loss
  • Measuring Effectiveness of Technical Security Program
  • Measuring Effectiveness of Security Management
  • Security Project Management
  • Review of Security Compliance
  • Practice Question
  • Practice Question
  • Practice Question
  • Practice Question

Module 5 –  Information Security Incident Management

  • Learning Objectives
  • Definition
  • Goals of Incident Management and Response
  • Goals of Incident Response cont.
  • What is an Incident – Intentional
  • What is an Incident – Unintentional
  • History of Incidents
  • Developing Response and Recovery Plans
  • Incident Management and Response
  • Incident Management and Response cont.
  • Incident Management and Response cont.
  • Importance of Incident Management and Response
  • Incident Response Functions
  • Incident Response Manager Responsibilities
  • Incident Response Manager Responsibilities
  • Requirements for Incident Response Managers
  • Senior Management Involvement
  • The Desired State
  • Strategic Alignment of Incident Response
  • Detailed Plan of Action for Incident Management
  • Detailed Plan of Action for Incident Management – Prepare
  • Detailed Plan of Action for Incident Management – Prepare cont.
  • Detailed Plan of Action for Incident Management – Protect
  • Detailed Plan of Action for Incident Management – Detect
  • Detailed Plan of Action for Incident Management – Triage
  • Detailed Plan of Action for Incident Management – Response
  • Elements of an Incident Response Plan
  • Crisis Communications
  • Challenges in Developing an Incident Management Plan
  • Personnel
  • Personnel cont.
  • Personnel cont.
  • Team Member Skills
  • Skills cont.
  • Skills cont.
  • Security Concepts and Technologies
  • Organizing, Training and Equipping the Response Staff
  • Value Delivery
  • Performance Measurement
  • Reviewing the Current State of Incident Response Capability
  • Audits
  • Gap Analysis – Basis for
  • an Incident Response Plan
  • When an Incident Occurs
  • During an Incident
  • During an Incident cont.
  • Containment Strategies
  • The Battle Box
  • Evidence Identification and Preservation
  • Post Event Reviews
  • Disaster Recovery Planning (DRP) and Business Recovery Processes
  • Development of BCP and DRP
  • Plan Development
  • Plan Development cont.
  • Recovery Strategies
  • Recovery Strategies
  • Basis for Recovery Strategy Selections
  • Disaster Recovery Sites
  • Disaster Recovery Sites cont.
  • Recovery of Communications
  • Notification Requirements
  • Notification Requirements cont.
  • Response Teams
  • Insurance
  • Testing Response and Recovery Plans
  • Types of Tests
  • Test Results
  • Test Results cont.
  • Plan Maintenance Activities
  • BCP and DRP Training
  • Practice Question
  • Practice Question
  • Practice Question
  • Practice Question
  • Practice Question

CISSM: Information Systems Security Manager

4 Days

Your Price: $2495

No sessions are scheduled at this time.
Contact us to schedule a session for your organization.

back to top

Customize Sessions

Need a customized session?


Did you know that all of our sessions can be customized?
Let us help create a private session your team will love!

Selected Sessions

No Sessions Selected

Add a session to begin registration.
  • Personalize This Session

    All of our sessions can be customized to meet your team's specific need. Build the perfect program by picking and choosing topics from any of the courses in our catalog. A personalized private session gives you the ultimate flexibility and helps maximize your team's valuable time!

    Let us help customize your next:

    Lunch-n-Learn

    30-90 Minute Webinar

    Half or Full Day Training

    On-Demand Learning

    Team Learning Paths



    Contact us today!



Contact

ETI Performance Improvement
8500 Keystone Crossing Suite 550
Indianapolis, Indiana 46240

p. 317.475.6555
f. 317.475.6556
e. [email protected]

Hours:
8:00 am - 5:00 pm M-F EST

Educate. Equip. Empower.
ETI Performance Improvement

© 2018 ETI Performance Improvement        Illustrations ©2012 Nathaniel Charles