ISACA

Certified Information Security Manager (CISM)

(CISM) / ISBN : 978-1-61691-183-6

Lessons

Lab (Add-on)

TestPrep

350 Reviews

Get A Free Trial

This course includes:

Free pre-assessment and first 2 lessons

5+ Interactive Lessons | 529+ Exercises

347+ Videos | 12:57+ Hours

Accessible on mobile and tablet too

Certificate of completion

$130.00

Buy Now

Are you an instructor?

Access detailed information about the course content, learning objectives, activities, and assessments before adding it to your curriculum.

Skills You’ll Get

The ISACA CISM certification exam validates a candidate's expertise in analyzing, implementing, and assessing security management principles. The ISACA CISM certification provides business leaders with the ability to understand complex and challenging security management issues that can impact an enterprise's success. This one-of-a-kind credential helps you become part of the best peer network and create opportunities for your career.

Interactive Lessons

5+ Interactive Lessons | 529+ Exercises | 115+ Quizzes | 107+ Flashcards | 107+ Glossary of terms

Gamified TestPrep

15+ Pre Assessment Questions | 3+ Full Length Tests | 150+ Post Assessment Questions | 450+ Practice Test Questions

Hands-On Labs

39+ LiveLab | 39+ Video tutorials | 52+ Minutes

Video Lessons

347+ Videos | 12:57+ Hours

Download Course Outline

Information Security Governance

Security Strategy
Information Security Governance framework
Integrating security governance into corporate governance
Security Policies: standards, procedures, and guidelines
Business cases to support investments
Internal and external influences on information security strategy
Management and other stakeholder commitment
Roles and Responsibilities
Measuring the effectiveness of the information security strategy

Information Risk Management and Compliance

Information asset classification
Risk management, assessments, vulnerability assessments and threat analyses
Risk treatment options
Manage risk of noncompliance
Information security controls
Current and desired risk levels: Gap analysis
Monitoring risk

Information Security Program Development and Management

Alignment of IS program with information security strategy
Information security manager's role and responsibilities in alignment
Information security frameworks
Information security architectures
Evaluating the effectiveness and efficiency of the IS program
Integrating the IS program with IT processes
Integrating the IS program into contracts and activities of third parties
Controls and countermeasures
Security Program Metrics and Monitoring

Information Security Incident Management

Organizational definition and severity hierarchy for security incidents
Incident response plan
Processes for timely identification
Testing and review
Investigating and documenting information security incidents
Integration of incident response plan, disaster recovery plan and business continuity plan

Video Tutorials

Introduction
Information Security Threats, Management, And Protection
Security Compliance And Strategy
Business Functions And Policies
Security Standards, Activities, And Strategy Development
Information Security Governance Framework
Regulatory Requirements And Liability Management
Business Case, Budgetary Reporting Methods And Planning Strategy
Organizational Drivers And Their Impacts
Commitment To Info Security
Management Roles And Responsibilities
Reporting And Communicating
Risks Assessment
Information: Classification, Ownership, And Resource Valuation
Baseline And BIAs
Risk: Countermeasures, Mitigation Strategies, And Life Cycle
Risk: Management And Reporting
Information Security Strategies And Programs
Security Technologies, Cryptography, And Access Controls
Monitoring Tools, Security Programs And Controls
Business Assurance Function And SLAs
Resources, Services, And Skills
Security Architecture, Model, And Deployment
Info Security: Policies, Awareness And Training Programs
Documentation
Organizational Processes
Contracts, Joint Ventures, Business Partners And Customers
Third Parties, Suppliers, And Subcontractors
Info Security Metrics
Goals And Methods Of Evaluating Info Security Controls
Vulnerability
Assessment Tools And Tracking Info Security Awareness Training And Education Programs
Evaluation And Management Metrics
Data Collection, Reviews, And Measurement
Assurance Providers, Line Management, Budgeting, And Staff Management
Facilities And Program Resources
Security Policy, Administrative Processes, And Procedures
Access Control, Access Security Policy Principles, And Identity Management
Authentication, Remote Access And User Registration
Procurement And Enforcing Policy Standard and Compliance
Third Party Relationships
SLAs, SDLC, And Security Enforcement
Maintenance, Monitoring, And Configuration Management
Maintaining Info Security And Due Diligence Activities
Info Access, Security Advice, Guidance, And Awareness
Stakeholders
Testing Info Security Control
Noncompliance Issues And Security Baselines
Incident Response And Continuity Of Operations
Disaster Recovery And Business Continuity Plan
Incident Management And Response Plan
Processes, Requirements, And Plans
Incident Response, Disaster Recovery And Business Continuity Plans
Forensics Procedures And Incident Review Process
Conclusion

Information Risk Management and Compliance

Demonstrating Network Mapping and Quarantining a Vulnerable System
Conducting Vulnerability Scanning Using Nessus
Performing Vulnerability Scanning Using OpenVAS
Performing Vulnerability Scanning Using OSSIM
Using Social Engineering Techniques to Plan an Attack

Information Security Program Development and Management

Observing an MD5-Generated Hash Value
Observe an SHA-Generated Hash Value
Assigning File or Folder Permissions
Configuring a Linux Firewall Using Iptables
Using the Windows Firewall
Configuring User Access Control Settings
Scanning Ports Using Metasploit
Completing the Chain of Custody
Configuring IPSec
Using OpenSSL to Create a Public/Private Key Pair
Configuring RAID 5
Configuring a VPN
Configuring the Audit Group Policy
Defending against IP Spoofing
Configuring an Extended Access Control List
Configuring VLAN
Configuring Static NAT
Configuring Dynamic NAT
Scanning Using nmap
Configuring Snort
Taking an Incremental Backup
Taking a Full Backup
Restricting Local Accounts
Encrypting Files with EFS
Encrypting the Disk
Enabling Intrusion Prevention and Detection
Exploiting a Website Using SQL Injection
Conducting a Cross-Site Request Forgery Attack
Performing Session Hijacking Using Burp Suite
Performing ARP Spoofing
Attacking a Website Using XSS Injection
Exploiting Windows 7 Using Metasploit
Causing a DarkComet Trojan Infection
Conducting a DoS Attack Using a SYN Flood

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

ISACA Member: USD 575
ISACA Non-Member: USD 760

PSI Testing Centers

The exam consists of multiple choice questions.

ISACA has the following pre-requisites for CISM certification exam:

Attain and report an annual minimum of twenty (20) CPE hours. These hours must be appropriate to the currency or advancement of the CISM s knowledge or ability to perform CISM-related tasks. The use of these hours towards meeting the CPE requirements for multiple ISACA certifications is permissible when the professional activity is applicable to satisfying the job-related knowledge of each certification.
Submit annual CPE maintenance fees to ISACA International Headquarters in full.
Attain and report a minimum of one hundred and twenty (120) CPE hours for a three-year reporting period.
Submit required documentation of CPE activities if selected for the annual audit.
Comply with ISACA's Code of Professional Ethics.

The exam contains 200 questions.

240 minutes

450

If you do not pass the exam, you can retake the exam a maximum of three (3) times in a twelve-month period.

To protect the integrity of ISACA s certificate exams, ISACA has implemented the following retake policy: Individuals have 4 attempts within a rolling twelve-month period to pass the exam. Those that do not pass on their first attempt are allowed to retake the exam a total of 3 more times within 12 months from the date of the first attempt.
- Retake 1 (attempt 2): Customers must wait 30 days from the date of the first attempt
- Retake 2 (attempt 3): Customers must wait 90 days after the date of the second attempt
- Retake 3 (attempt 4): Customers must wait 90 days after the date of the third attempt

CISM certification expires after three years from date of issue, after which the certification holder will need to renew their certification. Click here for more information.

Know more about the CISM