Certified Information Security Manager (CISM) (CS8529): Detaljan plan obuke
Module 1:Enterprise Governance
- Importance of Information Security Governance
- Desired Outcomes of Good Information Security
- Governance
- Responsibility for Information Security Governance
- Steps for Establishing Governance
- Governance Framework
- Top-Down and Bottom-Up Approaches
- A Note on the Practice Questions
- Organizational Culture
- Acceptable Usage Policy
- Ethics Training
- Legal, Regulatory, and Contractual Requirements
- Retention of Business Records
- Electronic Discovery
- Organizational Structure
- Board of Directors
- Security Steering Committee
- Reporting of Security Functions
- Centralized vis-à-vis Decentralized Security Functioning
- Information Security Roles and Responsibilities
- RACI Chart
- Board of Directors
- Senior Management
- Business Process Owners
- Steering Committee
- Chief Information Security Officer
- Chief Operating Officer
- Data Custodian
- Communication Channel
- Indicators of a Security Culture
- Maturity Model
- Governance of Third-Party Relationships
- Information Security Governance Metrics
- The Objective of Metrics
- Technical Metrics vis-à-vis Governance-Level Metrics
- Characteristics of Effective Metrics
Module 2: Information Security Strategy
- Information Security Strategy and Plan
- Information Security Policies
- Information Governance Frameworks and Standards
- The Objective of Information Security Governance
- Information Security/Cybersecurity Management Frameworks
- The IT Balanced Scorecard
- Information Security Programs
- Enterprise Information Security Architecture
- Challenges in Designing the Security Architecture
- Benefits of Security Architecture
- Awareness and Education
- Increasing the Effectiveness of Security Training
- Governance, Risk Management, and Compliance
- Senior Management Commitment
- Information Security Investment
- Strategic Alignment
- Business Case and Feasibility Study
Module 3: Information Risk Assessment
- Understanding Risk
- Differentiating Risk Identification, Risk Analysis, and Risk
- Evaluation
- Risk Management
- Risk Assessment
- Risk Analysis
- Risk Evaluation
- Differentiating Risk Capacity, Risk Appetite, and Risk Tolerance
- Inherent Risk and Residual Risk
- Inherent Risk
- Residual Risk
- Differentiating between Inherent Risk and Residual Risk
- Phases of Risk Management
- Phases of Risk Management
- The Outcome of a Risk Management Program
- Risk Awareness
- Tailored Awareness Programs
- Training Effectiveness
- Awareness Training for Senior Management
- Risk Assessment
- Phases of Risk Assessment
- Risk Identification
- Risk Identification Process
- Asset Identification
- Asset Valuation
- Aggregated and Cascading Risk
- Risk Analysis
- Quantitative Risk Analysis
- Qualitative Risk Analysis
- Semi-Quantitative Risk Analysis
- The Best Method for Risk Analysis
- Annual Loss Expectancy
- Value at Risk (VaR)
- OCTAVE
- Other Risk Analysis Methods
- Risk Evaluation
- Risk Ranking
- Risk Register
- Emerging Risk and the Threat Landscape
- Emerging Threats
- Advanced Persistent Threats
- Vulnerability and Control Deficiency
- Security Baselines
- Risk Communication
Module 4: Information Risk Response
- Risk Treatment/Risk Response Options
- Risk Mitigation
- Risk Sharing/Transferring
- Risk Avoidance
- Risk Acceptance
- Risk Ownership and Accountability
- Risk Monitoring and Communication
- Risk Reporting
- Key Risk Indicators
- Reporting Significant Changes in Risk
- Implementing Risk Management
- Risk Management Process
- Integrating Risk Management into Business Processes
- Prioritization of Risk Response
- Defining a Risk Management Framework
- Defining the External and Internal Environment
- Determining the Risk Management Context
- Gap Analysis
- Cost-Benefit Analysis
- Other Kinds of Organizational Support
- Change Management
- Objectives of Change Management
- Approval from the System Owner
- Regression Testing
- Involvement of the Security Team
- Preventive Controls
- Patch Management
- Operational Risk Management
- Recovery Time Objective
- Recovery Point Objective
- Difference between RTO and RPO
- Service Delivery Objective
- Maximum Tolerable Outage
- Allowable Interruption Window
- Risk Management Integration with Life Cycle
- System Development Life Cycle
Module 5: Information Security Program Development
- Information Security Program Overview
- Ideal Outcomes of an Information Security Program
- The Starting Point of a Security Program
- Information Security Charter
- Support from Senior Management
- Defense in Depth
- Information Security Program Resources
- Information Asset Identification and Classification
- Benefits of Classification
- Understanding the Steps Involved in Classification
- Success Factors for the Effective Classification of Assets
- Criticality, Sensitivity, and Impact
- Assessment
- Business Dependency Assessment
- Risk Analysis
- Business Interruptions
- Information Asset Valuation
- Determining the Criticality of Assets
- Industry Standards and Frameworks for Information
- Security
- Framework – Success Factors
- Some Industry-Recognized Frameworks
- Information Security Policies, Procedures, and Guidelines
- Reviewing and Updating Documents
- Defining an Information Security Program Roadmap
- Gap Analysis
- The Value of a Security Program
- Integration of the Security Program with Other Departments
- Information Security Program Metrics
- Objective of Metrics
- Monitoring
- Attributes of Effective Metrics
- Information Security Objectives and Metrics
- Useful Metrics for Management
Module 6: Information Security Program Management
- Information Security Control Design and Selection
- Countermeasures
- General Controls and Application-Level Controls
- Control Categories
- Failure Modes – Fail Closed or Fail Open
- Continuous Monitoring
- Security Baseline Controls
- Developing a Security Baseline
- Information Security Awareness and Training
- Management of External Services and Relationships
- Evaluation Criteria for Outsourcing
- Steps for Outsourcing
- Outsourcing – Risk Reduction Options
- Provisions for Outsourcing Contracts
- The Security Manager’s Role in Outsourcing
- Service-Level Agreements
- Right-to-Audit Clause
- Impact of Privacy Laws on Outsourcing
- Subcontracting/Fourth Party
- Compliance Responsibility
- Documentation
- Information Security Program Objectives
- Security Budget
- Security Program Management and Administrative Activities
- Information Security Team
- Acceptable Usage Policy
- Documentation
- Project Management
- Program Budgeting
- Plan – Do – Check – Act
- Security Operations
- Privacy Laws
- Cloud Computing
- Cloud Computing – Deployment Models
- Types of Cloud Services
- Cloud Computing – the Security Manager’s Role
Module 7: Information Security Infrastructure and Architecture
- Information Security Architecture
- Architecture Implementation
- Access Control
- Mandatory Access Control
- Discretionary Access Control
- Role-Based Access Control
- Degaussing (Demagnetizing)
- Virtual Private Networks
- VPNs – Technical Aspects
- Advantages of a VPN
- VPN Security Risks
- Virtual Desktop Environments
- Biometrics
- Biometrics – Accuracy Measure
- Biometric Sensitivity Tuning
- Control over the Biometric Process
- Types of Biometric Attacks
- Factors of Authentication
- Password Management
- Wireless Networks
- Encryption
- Enabling MAC Filtering
- Disabling a Service Set Identifier
- Disabling Dynamic Host Configuration Protocol
- Common Attack Methods and Techniques for Wireless Networks
- Different Attack Methods for Information Security
Module 8: Information Security Monitoring Tools and Techniques
- Firewall Types and Implementations
- Types of Firewalls
- Types of Firewall Implementation
- Placement of Firewalls
- Source Routing
- Firewall Types and Their Corresponding OSI Layers
- Intrusion Detection Systems and Intrusion Prevention Systems
- Intrusion Detection Systems
- Intrusion Prevention Systems
- Difference between IDSs and IPSs
- Honeypots and Honeynets
- Digital Signatures
- Steps for Creating a Digital Signature
- What is a Hash or a Message Digest?
- Public Key Infrastructure
- PKI Terminology
- Processes Involved in PKI
- CA versus RA
- Single Point of Failure
- Functions of an RA
- Cryptography
- Symmetric Encryption vis-à-vis Asymmetric Encryption
- Encryption Keys
- The Use of Keys for Different Objectives
- Penetration Testing
- Aspects to be Covered within the Scope of Penetration Testing
- Types of Penetration Tests
- White Box Testing and Black Box Testing
- Risks Associated with Penetration Testing
Module 9: Incident Management Readiness
- Incident Management and Incident Response Overview
- The Relationship between Incident Management and Incident
Response - The Objectives of Incident Management
- Phases of the Incident Management Life Cycle
- Incident Management, Business Continuity, and Disaster
Recovery - Incident Management and the Service Delivery Objective
- Maximum Tolerable Outage (MTO) and Allowable Interruption
Window (AIW) - Incident Management and Incident Response Plans
- Elements of the IRP
- Gap Analysis
- Business Impact Analysis
- Escalation Process
- Help Desk/Service Desk Process for the Identification of
- Incidents
- Incident Management and Response Teams
- Incident Notification Process
- Challenges in Developing an Incident Management Plan
- Business Continuity and Disaster Recovery Procedures
- Phases of Recovery Planning
- Recovery Sites
- Continuity of Network Services
- Insurance
- Incident Classification/Categorization
- Help/Service Desk Processes for Identifying Security Incidents
- Testing Incident Response, BCP, and DRP
- Types of Tests
- Effectiveness of Tests
- Category of Tests
- Recovery Test Metrics
- Success Criteria for Tests
Module 10: Incident Management Operations
- Incident Management Tools and Technologies
- Incident Management Systems
- Personnel
- Audits
- Outsourced Security Providers
- Executing Response and Recovery Plans
- Incident Containment Methods
- Incident Response Communications
- Incident Eradication
- Recovery
- Post-Incident Activities and Investigations
- Identifying the Root Cause and Taking Corrective Action
- Documenting Events
- Chain of Custody
- Incident Response Procedures
- The Outcome of Incident Management
- The Role of the Information Security Manager
- Security Information and Event Management
- Incident Management Metrics and Indicators
- Key Performance Indicators and Key Goal Indicators
- Metrics for Incident Management
- Reporting to Senior Management
- The Current State of Incident Response Capabilities
- History of Incidents
- Threats and Vulnerabilities
- Threats
- Vulnerabilities
Preporučeno predznanje
Za pohađanje CISM obuke, preporučuje se prethodno profesionalno iskustvo u upravljanju bezbednošću informacija, posebno u oblastima kao što su upravljanje bezbednošću, upravljanje rizicima i odgovor na incidente. Generalno, nekoliko godina iskustva u ovim oblastima je korisno za razumevanje obrađenih koncepata.
Iako sertifikacija ne zahteva druge specifične kvalifikacije pre pohađanja obuke, osnovno znanje praksi u IT bezbednosti i poslovnom upravljanju je snažno preporučeno za maksimizovanje učenja.
Stručno usavršavanje i sertifikacija
Struktura ispita
- Priprema za Certified Information Systems Manager sertifikaciju
- Cena: 760 USD
- Tipovi pitanja: Višestruki izbor
- Trajanje: 4 sata
- Broj pitanja: 150
- Prolazna ocena: 450/800
Teme ispita
- Upravljanje bezbednošću informacija – Razvoj i upravljanje okvirom upravljanja bezbednošću usklađenim sa poslovnim ciljevima.
- Upravljanje rizicima povezanim sa bezbednošću informacija – Identifikacija i upravljanje bezbednosnim rizicima.
- Razvoj i upravljanje programom bezbednosti informacija – Kreiranje i održavanje programa bezbednosti koji podržava preduzeće.
- Upravljanje bezbednosnim incidentima – Planiranje i odgovor na bezbednosne incidente.
CISM obuka za sertifikaciju
Obuka Certified Information Security Manager (CISM) (CS8529) je dizajnirana za IT profesionalce i odgovorne za bezbednost koji žele da steknu naprednu ekspertizu u upravljanju programima bezbednosti informacija u preduzećima. Svetski priznata, ova ISACA sertifikacija potvrđuje vašu sposobnost dizajniranja, implementacije i upravljanja bezbednosnim inicijativama usklađenim sa organizacionim ciljevima. Ova obuka se fokusira na četiri ključna domena: upravljanje, upravljanje rizicima, razvoj programa i upravljanje incidentima.
Učesnici imaju koristi od praktičnih vežbi i studija stvarnih slučajeva za pripremu CISM sertifikacionog ispita. Ova akreditacija demonstrira vašu sposobnost vođenja i usklađivanja bezbednosnih strategija sa potrebama preduzeća.
Zašto odabrati CISM obuku?
U današnjem digitalnom pejzažu, organizacije se suočavaju sa rastućim pretnjama koje zahtevaju kvalifikovane odgovorne za bezbednost. CISM sertifikacija potvrđuje vaše liderske kompetencije za upravljanje i optimizaciju programa bezbednosti informacija na nivou preduzeća, garantujući usklađenost i otpornost u suočavanju sa sajber rizicima.
Ova obuka vas opremava potrebnim veštinama za zauzimanje strateških uloga kao što su odgovorni za IT bezbednost, konsultant za upravljanje rizicima i odgovorni za usklađenost. CISM sertifikacija jača vaš profesionalni kredibilitet i karijerne perspektive u konkurentnoj oblasti bezbednosti informacija.
Veštine koje ćete steći tokom obuke
Duboko razumevanje upravljanja bezbednošću informacija
Ovladajte upravljanjem, upravljanjem rizicima i razvojem bezbednosnih programa usklađenih sa poslovnim ciljevima.Procena i ublažavanje rizika
Naučite da efikasno procenjujete i upravljate rizicima povezanim sa bezbednošću informacija.Dizajniranje i upravljanje bezbednosnim programima
Razvijte veštine za kreiranje robusnih bezbednosnih okvira prilagođenih potrebama organizacije.Upravljanje incidentima i odgovor na krize
Steknite ekspertizu u upravljanju i oporavku nakon bezbednosnih incidenata.Usklađenost i poštovanje propisa
Osigurajte da bezbednosne mere poštuju pravne, regulatorne i organizacione standarde.Priprema za CISM sertifikacioni ispit
Opremite se znanjima i alatima potrebnim za uspešno polaganje CISM ispita sa pouzdanjem.
Interaktivna obuka koju vode sertifikovani instruktori
CISM obuku vode ISACA sertifikovani instruktori sa velikim iskustvom u upravljanju bezbednošću informacija na nivou preduzeća. Učesnici imaju koristi od interaktivnih sesija, praktičnih vežbi i analiza stvarnih izazova koji povezuju teoriju sa konkretnim primenama.
Kome je namenjena ova obuka?
Ova obuka je idealna za:
- IT profesionalce odgovorne za upravljanje programima bezbednosti informacija
- Bezbednosne konsultante specijalizovane za upravljanje rizicima na nivou preduzeća
- IT menadžere odgovorne za usklađivanje bezbednosti sa poslovnim ciljevima
- Pojedince koji se pripremaju za CISM sertifikacioni ispit
Unapredite svoju karijeru sa CISM sertifikacijom
Obuka Certified Information Security Manager (CISM) (CS8529) vas oprema veštinama potrebnim za efikasno vođenje i upravljanje programima bezbednosti informacija na nivou preduzeća. Prijavite se već danas da dobijete globalno priznatu sertifikaciju i unapredite svoju karijeru u upravljanju bezbednošću informacija.
Često postavljana pitanja - obuka za CISM sertifikaciju (FAQ)
Obuka uključuje upravljanje, upravljanje rizicima, razvoj bezbednosnih programa i odgovor na incidente.
Kandidati moraju imati pet godina profesionalnog iskustva u bezbednosti informacija, od čega tri godine u upravljačkim ulogama.
Sertifikacija potvrđuje napredne kompetencije u upravljanju bezbednošću informacija, poboljšavajući vaše karijerne mogućnosti.
Da, sadržaj kursa je potpuno usklađen sa ciljevima ISACA CISM ispita.
CISM sertifikacija je svetski priznata i cenjena od strane organizacija iz različitih sektora.