• LOGIN
  • No products in the basket.

Overview             

Skilled information security management professionals are in demand, and well paid, so if you hope to gain employment in this field, now is the time to do it. This course will be your complete guide, and is a uniquely management-focused look at information security management, which will help you get the job you want.

Learning with Study 365 has many advantages. The course material is delivered straight to you and can be adapted to fit in with your lifestyle. It is created by experts within the industry, meaning you are receiving accurate information, which is up-to-date and easy to understand.

This course is comprised of professionally narrated e-Learning modules, interactive quizzes, tests, and exams. All delivered through a system that you will have access to 24 hours a day, 7 days a week for 365 days (12 months).

Course Description:

This online training course is comprehensive and designed to cover the key topics listed under the curriculum.

Course Duration:

You will have 12 Months access to your online study platform from the date you purchased the course. The course is self-paced so you decide how fast or slow the training goes. You can complete the course in stages revisiting the training at any time.

Method of Assessment:

At the end of the course, learners will take an online multiple choice question assessment test (please be aware, this is not the official exam). The online test is marked straight away, so you will know immediately if you have passed the course.

Certification:

Successful candidates will be awarded a certificate for Certified Information Security Manager (CISM).

(This course is not included the official certificate) 

Entry Requirement:

Learners must be age 16 or over and should have a basic understanding of the English Language, numeracy, literacy, and ICT.

Career Path:

This training course will lead you to become a:

  • IT Risk Manager
  • Information Security Manager
  • Network Security Specialist
  • IT Security Officer
  • Cyber Security Manager
  • IT Security Incident Manager

Course Curriculum

Free Introduction
Certified Information Security Manager (CISM) FREE 00:00:00
Course brochure – Certified Information Security Manager (CISM) FREE 00:00:00
1: Information Security Governance
1. CISM Introduction 00:00:00
2. Information Security 00:00:00
3. Business Goals, Objectives, and Functions 00:00:00
4. Business Goals and Information Security 00:00:00
5. Information Security Threats 00:00:00
6. Information Security Management 00:00:00
7. Identity Management 00:00:00
8. Data Protection 00:00:00
9. Network Security 00:00:00
10. Personnel Security 00:00:00
11. Facility Security 00:00:00
12. Security Compliance and Standards 00:00:00
13. Information Security Strategy 00:00:00
14. Inputs and Outputs of the Informtion Security Strategy 00:00:00
15. Processes in an Information Security Strategy 00:00:00
16. People in an Information Security Strategy 00:00:00
17. Technologies in an Indormation Security Strategy 00:00:00
18. Logical and Physical Information Security Strategy Architectures 00:00:00
19. Information Security and Business Functions 00:00:00
20. Information Security Policies and Enterprise Objectives 00:00:00
21. International Standards for the Security Management 00:00:00
22. ISO/IEC 27000 Standards 00:00:00
23. International Info Government Standards 00:00:00
24. Information Security Government Standards in the United States 00:00:00
25. Methods of Coordinating Information Security Activites 00:00:00
26. How to Develop an Information Security Strategy 00:00:00
27. Information Security Governance 00:00:00
28. Role of the Security in Governance 00:00:00
29. Scope of Information Security Governance 00:00:00
30. Charter of Information Security Governance 00:00:00
31. Information Security Governance and Enterprise Governance 00:00:00
32. How to Align Information Security Strategy with Corporate Governance 00:00:00
33. Regulatory Requirements and Information Security 00:00:00
34. Business Impact of Regulatory Requirements 00:00:00
35. Liability Management 00:00:00
36. Liability Management Strategies 00:00:00
37. How to Identify Legal and Regulatory Requirements 00:00:00
38. Business Case Development 00:00:00
39. Budgetary Reporting Methods 00:00:00
39. Budgetary Reporting Methods 00:00:00
40. Budgetary Planning Strategy 00:00:00
41. How to Justify Investment in Info Security 00:00:00
42. Organizational Drivers 00:00:00
43. Impact of Drivers on Info Security 00:00:00
44. Third Party Relationships 00:00:00
45. How to Identify Drivers Affecting the Organization 00:00:00
46. Purpose of Obtaining Commitment to Info Security 00:00:00
47. Methods for Obtaining Commitment 00:00:00
48. ISSG 00:00:00
49. ISSG Roles and Responsibilities 00:00:00
50. ISSG Operation 00:00:00
51. How to Obtain Senior Management’s Commitment to Info Security 00:00:00
52. Info Security Management Roles and Responsibilities 00:00:00
53. How to Define Roles and Responsibilities for Info Securityc 00:00:00
54. The Need for Reporting and Communicating 00:00:00
55. Methods for Reporting in an Organization 00:00:00
56. Methods of Communication in an Organization 00:00:00
57. How to Establish Reporting and Communicating Channels 00:00:00
2: Risk Management
1. Risk 00:00:00
2. Risk Assessment 00:00:00
3. Info Threat Types 00:00:00
4. Info Vulnerabilities 00:00:00
5. Common Points of Exposure 00:00:00
6. Info Security Controls 00:00:00
7. Types of Info Security Controls 00:00:00
8. Common Info Security Countermeasures 00:00:00
9. Overview of the Risk Assessment Process 00:00:00
10. Factors Used in Risk Assessment and Analysis 00:00:00
11. Risk Assessment Methodologies 00:00:00
12. Quantitative Risk Assessment – Part 1-2 00:00:00
13. Qualitative Risk Assessment 00:00:00
14. Hybrid Risk Assessment 00:00:00
15. Best Practices for Info Security Management 00:00:00
16. Gap Analysis 00:00:00
17. How to Implement an Info Risk Assessment Process 00:00:00
18. Info Classification Schemas 00:00:00
19. Components of Info Classification Schemas 00:00:00
20. Info Ownership Schemas 00:00:00
21. Components of Info Ownership Schemas 00:00:00
22. Info Resource Valuation 00:00:00
23. Valuation Methodologies 00:00:00
24. How to Determine Info Asset Classification and Ownership 00:00:00
25. Baseline Modeling 00:00:00
26. Control Requirements 00:00:00
27. Baseline Modeling and Risk Based Assessment of Control Requirements 00:00:00
28. How to Conduct Ongoing Threat and Vulnerability Evaluations 00:00:00
29. BIA’s 00:00:00
30. BIA Methods 00:00:00
31. Factors for Determining Info Resource Sensitivity and Critically 00:00:00
32. Impact of Adverse Events 00:00:00
33. How to Conduct Periodic BIA’s 00:00:00
34. Methods for Measuring Effectiveness of Controls and Countermeasures 00:00:00
35. Risk Mitigation 00:00:00
36. Risk Mitigation Strategies 00:00:00
37. Effect of Implementing Risk Mitigation Strategies 00:00:00
38. Acceptable Levels of Risk 00:00:00
39. Cost Benefit Analysis 00:00:00
40. How to Identify and Evaluate Risk Mitigation Strategies 00:00:00
41. Life Cycle Processes 00:00:00
42. Life Cycle-Based Risk Management 00:00:00
43. Risk Management Life Cycle 00:00:00
44. Business Life Cycle Processes Affected by Risk Management 00:00:00
45. Life Cycled-Based Risk Management Principles and Practices 00:00:00
46. How to Integrate Risk Management Into Business Life Cycle Processes 00:00:00
47. Significant Changes 00:00:00
48. Risk Management Process 00:00:00
49. Risk Reporting Methods 00:00:00
50. Components of Risk Reports 00:00:00
51. How to Report Changes in Info Risk 00:00:00
3: Information Security Program
1. Info Security Strategies 00:00:00
2. Common Info Security Strategies 00:00:00
3. Info Security Implementation Plans 00:00:00
4. Conversation of Strategies Into Implementation Plans 00:00:00
5. Info Security Programs 00:00:00
6. Info Security Program Maintenance 00:00:00
7. Methods for Maintaining an Info Security Program 00:00:00
8. Succession Planning 00:00:00
9. Allocation of Jobs 00:00:00
10. Program Documentation 00:00:00
11. How to Develop Plans to Implement an Info Security Strategy 00:00:00
12. Security Technologies and Controls 00:00:00
13. Cryptographic Techniques 00:00:00
14. Symmetric Cryptography 00:00:00
15. Public Key Cryptography 00:00:00
16. Hashes 00:00:00
17. Access Control 00:00:00
18. Access Control Categories 00:00:00
19. Physical Access Controls 00:00:00
20. Technical Access Controls 00:00:00
21. Administrative Access Controls 00:00:00
22. Monitoring Tools 00:00:00
23. IDS’s 00:00:00
24. Anti-Virus Systems 00:00:00
25. Policy-Compliance Systems 00:00:00
26. Common Activities Required in Info Security Programs 00:00:00
27. Prerequisites for Implementing the Program 00:00:00
28. Implementation Plan Management 00:00:00
29. Types of Security Controls 00:00:00
30. Info Security Controls Development 00:00:00
31. How to Specify info Security Program Activities 00:00:00
32. Business Assurance Function 00:00:00
33. Common Business Assurance Functions 00:00:00
34. Methods for Aligning info Security Programs with Business Assurance Functions 00:00:00
35. How to Coordinate Info Security Programs with Business Assurance Functions 00:00:00
36. SLA’s 00:00:00
37. Internal Resources 00:00:00
38. External Resources 00:00:00
39. Services Provided by External Resources – Part 1-2 00:00:00
40. Skills Commonly Required for Info Security Program Implementation 00:00:00
41. Dentification of Resources and Skills Required for a Particular Implementation 00:00:00
42. Resource Acquisition Methods 00:00:00
43. Skills Acquisition Methods 00:00:00
44. How to Identify Resources Needed for Info Security Program Implementation 00:00:00
45. Info Security Architectures 00:00:00
46. The SABSA Model for Security Architecture 00:00:00
47. Deployment Considerations 00:00:00
48. Deployment of Info Security Architectures 00:00:00
49. How to Develop Info Security Architecture 00:00:00
50. Info Security Policies 00:00:00
51. Components of Info Security Policies 00:00:00
52. Info Security Policies and the Info Security Strategy 00:00:00
53. Info Security Policies and Enterprise Business Objectives 00:00:00
54. Info Security Policy Development Factors 00:00:00
55. Methods for Communicating Info Security Policies 00:00:00
56. Info Security Policy Maintenance 00:00:00
57. How to Develop Info Security Policies 00:00:00
58. Info Security Awareness Program, Training Programs, and Education Programs 00:00:00
59. Security Awareness, Training, and Education Gap Analysis 00:00:00
60. Methods for Closing the Security Awareness, Training, and Education Gaps 00:00:00
61. Security-Based Cultures and Behaviors 00:00:00
62. Methods for Establishing and Maintaining a Security-Based Culture in the Enterprise 00:00:00
63. How to Develop Info Security Awareness, Training, and Education Programs 00:00:00
64. Supporting Documentation for Info Security Policies 00:00:00
65. Standards, Procedures, Guidelines, and Baselines 00:00:00
66. Codes of Conduct 00:00:00
67. NDA’s 00:00:00
68. Methods for Developing Supporting Documentation 00:00:00
69. Methods for Implementing Supporting Documentation and for Communicating Supporting Documentation 00:00:00
70. Methods for Maintaining Supporting Documentation 00:00:00
71. C and A 00:00:00
72. C and A Programs 00:00:00
73. How to Develop Supporting Documentation for Info Security Policies 00:00:00
4: Information Security Program Implementation
1. Enterprise Business Objectives 00:00:00
2. Integrating Enterprise Business Objectives & Info Security Policies 00:00:00
3. Organizational Processes 00:00:00
4. Change Control 00:00:00
5. Merges & Acquisitions 00:00:00
6. Organizational Processes & Info Security Policies 00:00:00
7. Methods for Integrating Info Security Policies & Organizational Processes 00:00:00
8. Life Cycle Methodologies 00:00:00
9. Types of Life Cycle Methodologies 00:00:00
10. How to Integrate Info Security Requirements Into Organizational Processes 00:00:00
11. Types of Contracts Affected by Info Security Programs 00:00:00
12. Joint Ventures 00:00:00
13. Outsourced Provides & Info Security 00:00:00
14. Business Partners & Info Security 00:00:00
15. Customers & Info Security 00:00:00
16. Third Party & Info Security 00:00:00
17. Risk Management 00:00:00
18. Risk Management Methods & Techniques for Third Parties 00:00:00
19. SLA’s & Info Security 00:00:00
20. Contracts & Info Security 00:00:00
21. Due Diligence & Info Security 00:00:00
22. Suppliers & Info Security 00:00:00
23. Subcontractors & Info Security 00:00:00
24. How to Integrate Info Security Controls Into Contracts 00:00:00
25. Info Security Metrics 00:00:00
26. Types of Metrics Commonly Used for Info Security 00:00:00
27. Metric Design, Development & Implementation 00:00:00
28. Goals of Evaluating Info Security Controls 00:00:00
29. Methods of Evaluating Info Security Controls 00:00:00
30. Vulnerability Testing 00:00:00
31. Types of Vulnerability Testing 00:00:00
32. Effects of Vulnerability Assessment & Testing 00:00:00
33. Vulnerability Correction 00:00:00
34. Commercial Assessment Tools 00:00:00
35. Goals of Tracking Info Security Awareness, Training, & Education Programs 00:00:00
36. Methods for Tracking Info Security Awareness, Training, & Education Programs 00:00:00
37. Evaluation of Training Effectiveness & Relevance 00:00:00
38. How to Create Info Security Program Evaluation Metrics 00:00:00
5: Information Security Program Management
1. Management Metrics 00:00:00
2. Types of Management Metrics 00:00:00
3. Data Collection 00:00:00
4. Periodic Reviews 00:00:00
5. Monitoring Approaches 00:00:00
6. KPI’s 00:00:00
7. Types of Measurements 00:00:00
8. Other Measurements 00:00:00
9. Info Security Reviews 00:00:00
10. The Role of Assurance Providers 00:00:00
11. Comparing Internal and External Assurance Providers 00:00:00
12. Line Management Technique 00:00:00
13. Budgeting 00:00:00
14. Staff Management 00:00:00
15. Facilities 00:00:00
16. How to Manage Info Security Program Resources 00:00:00
17. Security Policies 00:00:00
18. Security Policy Components 00:00:00
19. Implementation of Info Security Policies 00:00:00
20. Administrative Processes and Procedures 00:00:00
21. Access Control Types 00:00:00
22. ACM 00:00:00
23. Access Security Policy Principles 00:00:00
24. Identity Management and Compliance 00:00:00
25. Authentication Factors 00:00:00
26. Remote Access 00:00:00
27. User Registration 00:00:00
27. User Registration 00:00:00
28. Procurement 00:00:00
29. How to Enforce Policy and Standards Compliance 00:00:00
30. Types of Third Party Relationships 00:00:00
31. Methods for Managing Info Security Regarding Third Parties 00:00:00
32. Security Service Providers 00:00:00
33. Third Party Contract Provisions 00:00:00
34. Methods to Define Security Requirements in SLA’s, Security Provisions and SLA’s, and Methods to Monitor Security 00:00:00
35. How to Enforce Contractual Info Security Controls 00:00:00
36. SDLC 00:00:00
37. Code Development 00:00:00
38. Common Techniques for Security Enforcement 00:00:00
39. How to Enforce Info Security During Systems Development 00:00:00
40. Maintenance 00:00:00
41. Methods of Monitoring Security Activities 00:00:00
42. Impact of Change and Configuration Management Activities 00:00:00
43. How to Maintain Info Security Within an Organization 00:00:00
44. Due Diligence Activities 00:00:00
45. Types of Due Diligence Activities 00:00:00
46. Reviews of Info Access 00:00:00
47. Standards of Managing and Controlling Info Access 00:00:00
48. How to Provide Info Security Advice and Guidance 00:00:00
49. Info Security Awareness 00:00:00
50. Types of Info Security Stakeholders 00:00:00
51. Methods of Stakeholder Education 00:00:00
52. Security Stakeholder Education Process 00:00:00
53. How to Provide Info Security Awareness and Training 00:00:00
54. Methods of Testing the Effectiveness of Info Security Control 00:00:00
55. The Penetration Testing Process 00:00:00
56. Types of Penetration Testing 00:00:00
57. Password Cracking 00:00:00
58. Social Engineering Attacks 00:00:00
59. Social Engineering Types 00:00:00
60. External Vulnerability Reporting Sources 00:00:00
61. Regulatory Reporting Requirements 00:00:00
62. Internal Reporting Requirements 00:00:00
63. How to Analyze the Effectiveness of Info Security Controls 00:00:00
64. Noncompliance Issues 00:00:00
65. Security Baselines 00:00:00
66. Events Affecting the Security Baseline 00:00:00
67. Info Security Problem Management Process 00:00:00
68. How to Resolve Noncompliance Issues 00:00:00
6: Incident Management and Response
1. Incident Response Capability 00:00:00
2. Components of Incident Response 00:00:00
3. BCP 00:00:00
4. BIA Phase 00:00:00
5. Coop 00:00:00
6. DRP 00:00:00
7. Alternate Sites 00:00:00
8. Develop a BCP 00:00:00
9. Develop a DRP 00:00:00
10. MTD 00:00:00
11. RPO 00:00:00
12. RTO 00:00:00
13. Data Backup Strategies 00:00:00
14. Data Backup Types 00:00:00
15. Data Restoration Strategies 00:00:00
16. Info Incident Management Practices 00:00:00
17. IRP 00:00:00
18. Trigger Events and Types of Trigger Events 00:00:00
19. Methods of Containing Damage 00:00:00
20. How to Develop an IRP 00:00:00
21. Escalation Process 00:00:00
22. Notification Process 00:00:00
23. IRT 00:00:00
24. Crisis Communication 00:00:00
25. How to Establish an Escalation Process 00:00:00
26. Internal Reporting Requirements 00:00:00
27. External Reporting Requirements 00:00:00
28. Communication Process 00:00:00
29. How to Develop a Communication Process 00:00:00
30. IRP and DRP 00:00:00
31. IRP and BCP 00:00:00
32. Methods of Identifying Business Resources Essential to Recovery 00:00:00
33. How to Integrate an IRP 00:00:00
34. Role of Primary IRT Members and Role of Additional IRT Members 00:00:00
35. Response Team Tools and Equipment 00:00:00
36. How to Develop IRT’s 00:00:00
37. BCP testing 00:00:00
38. Disaster Recovery Testing 00:00:00
39. Schedule Disaster Recovery Testing 00:00:00
40. Refine IRP 00:00:00
41. How to Test an IRP 00:00:00
42. Damage Assessment 00:00:00
43. Business Impacts Cause by Security Incidents 00:00:00
44. How to Manage Responses to Info Security Incidents 00:00:00
45. Computer and Digital Forensics 00:00:00
46. Forensic Requirements for Responding to Info Security Incidents 00:00:00
47. Evidence Life Cycle 00:00:00
48. Evidence Collection 00:00:00
49. Evidence Types 00:00:00
50. Five Common Rules of Evidence 00:00:00
51. Chain of Custody 00:00:00
52. How to Investigate an Info Security Incident 00:00:00
53. PIR Methods 00:00:00
54. Security Incident Review Process 00:00:00
55. Investigate Cause of a Security Incident 00:00:00
56. Identify Corrective Actions 00:00:00
57. Reassess Security Risks After a Security Incident 00:00:00
58. How to Conduct a Post-Incident Review 00:00:00
59. Outro – Pre Test/Test Strategy 00:00:00
60. Post Test 00:00:00

Course Reviews

N.A

ratings
  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

419 STUDENTS ENROLLED

CPD Accredited

UKRLP

ACCREDITED CERTIFICATE

certificate

Awarded by iAP

Awarded by iAP

CPD Accredited Partner

CPD Accredited

CPD Membership No: 10582

Study independently accredited and recognised CPD courses. Gain your certification today.

cvAll students enrolled with STUDY365 are entitled to a CV Writing and Interview Skills Pack, which includes CV templates, cover letter guidance, and advice for interviews.
MORE INFO

cvIf you need career support STUDY365 is here for you. We provide excellent career support through our Career Support Service.
MORE INFO

TOTUM Card

Totum Card

Course Reviews





Address: Study365, 406 White Horse Lane, London E1 3FY
Phone: 0203 874 9355​
Email: support@study365.co.uk

Certificate Code

Secure Payment
top