Certified Information Security Manager (CISM) Online Course

About the course

This is a complete online video course which covers all the four domains of CISM.

  • Domain 1 - Information Security Governance (24% of exam)
  • Domain 2 - Information Risk Management (30% of exam)
  • Domain 3 - Information Security Program Development and Management (27% of exam)
  • Domain 4 - Information Security Incident Management (19% of exam) 

To pass the CISM certification exam, you obviously need to have the right knowledge. The CISM exam is 4 hours long and has 150 multiple-choice questions. Most people studying for the CISM certification will use multiple books and video courses, this is the right course which will take you to the path of success.

Course Curriculum

Domain 1 - Information Security Governance (24% of exam)

  • CISM Domain 1 - What we will be covering
  • Governance, Management, standards, and frameworks
  • Values, vision, and mission
  • Policies, procedures, guidelines, and frameworks
  • SWOT Analysis
  • Gap Analysis
  • OPEX, CAPEX, and fiscal years
  • KGIs, KPIs, and KRIs
  • The CIA triad
  • Sensitive information and media security
  • Data Classification
  • Data owners
  • Data security frameworks
  • Ethics
  • Laws and regulations
  • GDPR (General Data Protection Regulation)
  • Intellectual property
  • Warfare, terrorism, sabotage, and ransomware
  • Administrative personnel controls
  • Designing security into our software
  • Programming concepts
  • Software development methodologies part 1
  • Software development methodologies part 2
  • Artificial intelligence (AI)
  • CISM Domain 1 - What we covered

CISM Domain 2 - What we will be covering

  • Risk Identification
  • Risk Assessment
  • Risk response and mitigation & Risk and Control Monitoring and Reporting
  • COBIT5
  • Attackers, Vishing and Phishing
  • Incident Management definitions
  • Incident Management
  • NIST 800-53
  • NIST 800-37
  • ISO 27001 and 27002
  • OWASP part 1
  • OWASP part 2
  • Vulnerability scanners
  • Networking basics
  • SIEM (Security Information and Event Management)
  • The OSI model
  • The TCP/IP model
  • IP addresses and port numbers part 1
  • IP addresses and port numbers part 2
  • IP support protocols
  • Cable types
  • LAN topologies
  • Layer 1 to 3 networking devices
  • Firewalls
  • Intrusion detection and prevention systems
  • 0-day attacks
  • Network authentication protocols
  • WIFI
  • Bluetooth
  • Honeynets and Honeypots
  • Secure communications
  • Mobile device security
  • Application white-listing
  • Virtualization
  • Database security
  • Software vulnerabilities and Attacks
  • System vulnerabilities, threats, and countermeasures
  • Physical security part 1
  • Physical security part 2
  • Physical security part 3
  • Site Selection
  • Fire suppression and hot and cold aisles
  • Electricity
  • Backups
  • RAID (Redundant Array of Independent Disks)
  • Redundancy
  • Media storage
  • IOT (Internet Of Things)
  • CISM Domain 2 - What we covered

CISM Domain 3 - What we will be covering

  • Access control
  • Introduction to Access Control
  • IAAA and subject/object
  • Type 1 authentication
  • Type 2 authentication
  • Type 3 authentication
  • Authorization
  • Accountability
  • Access control systems
  • Identity and access provisioning
  • Introduction to Cryptography
  • The history of Cryptography
  • Symmetric encryption
  • Asymmetric encryption
  • Hashing
  • Attacks on cryptography
  • Digital signatures
  • Implementing cryptography MAC, HMAC, SSL, and TLS
  • Configuration Management
  • Patch Management
  • Change management
  • Security evaluation models
  • Security Assessments
  • Security Audits
  • Security Audit Logs
  • Vulnerability scanners
  • Penetration testing
  • Penetration testing tools
  • Social Engineering attacks
  • Software testing
  • CMM (Capability Maturity Model)
  • Buying software from other companies
  • CISM Domain 3 - What we covered

CISM Domain 4 - What we will be covering

  • Domain 4 Key concepts
  • BCP and DRP (Business Continuity Plan and Disaster Recovery Plan)
  • Personnel
  • DRP (Disaster Recovery Plan) basics
  • Developing our BCP and DRP (Business Continuity Plan and Disaster Recovery Plan)
  • BIA (Business Impact Analysis)
  • Supply and infrastructure redundancy
  • Disaster Recovery sites
  • Other BCP sub plans
  • Employee redundancy
  • Testing, training, and improving the plans
  • After a disruption
  • Digital forensics
  • Spinning disk forensics
  • Memory and data remanence
  • Data remanence and destruction
  • Network and Software forensics
  • CISM Domain 4 - What we covered

Tags: Certified Information Security Manager (CISM) Online Course