Certified Information Security Manager | CISM Certification

• Overview of Information Technology
• Components of a Computer: Hardware and Software
• Basics of Computer Architecture
• Networking Fundamentals
• Understanding Data and Cybersecurity Basics
• Types of Hackers
• Common Cybersecurity Threats and Best Practices

Module 2: Foundations of Information Security Management

• Defining Information Security, IT Security, and Cybersecurity
• Governance and its Role in Security
• Governance vs. Management
• Organizational Structure and Segregation of Duties
• Conflict of Interest Avoidance and Defense in Depth
• Introduction to Governance, Risk Management, and Compliance (GRC)

• GRC Role in Information Security
• Activities Related to GRC and Information Security
• Cybersecurity vs. Information Security
• RACI Matrix

• What is Security Governance?
• Security Governance Activities
• SWOT and GAP Analysis
• Core Questions in GAP Analysis
• Organizational Finances
• CIA Triad (Confidentiality, Integrity, and Availability) and its Expansion (DAD)

• Understanding Sensitive Data and Its Types
• Stages and Classification of Data
• Steps to Data Classification
• Roles: Owners, Custodians, and Users
• Data Handling Best Practices
• Legal and Regulatory Frameworks: GDPR and Other Law
• Data Breach Management

• Introduction to Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
• Real-Life Examples of BCP and DRP
• Administrative and Personnel Security Controls
• Key Performance Indicators (KPI) and Key Goal Indicators (KGI)
• Governance Frameworks

• Security Threats and the CIA Triad
• Security Vulnerabilities and Staying Updated
• Vulnerability Management Process and Key Points
• Cyber Attacks: DDOS and DOS
• Anti-DDoS Prevention Tools
• Malware Types and Protection Practices

• Types of Hackers and Hacking Techniques
• Script Kiddies vs. Elite Hackers
• Cybercriminals and Insider Threats
• Advanced Persistent Threats (APTs)
• Security Attacks and Preventive Measures
• Zero Trust Model

• Introduction to Cyber Risk Management
• Risk Management Strategies and Processes
• Risk Levels, Assessment, and Analysis
• Risk Evaluation and Registers
• NIST 800-30 Framework
• Risk Response Strategies: Avoid, Transfer, Mitigate, Accept
• COBIT 5

• Risk Monitoring and Key Risk Indicators (KRI)
• Types of Security Controls: Preventive, Deterrent, Corrective
• Information Technology General Controls (ITGC)

• Purpose, Importance, and Outcomes of ISP
• Value Delivery and Resource Management
• Performance Management
• ISP Objectives: Policies, Standards, Procedures

• Importance of Classifying Data and Assets
• Steps to Data Classification
• Enterprise Architecture and Technology Architecture
• EA Frameworks and Models

• Social Engineering Methods and Attack Lifecycle
• Mitigating Social Engineering Attacks
• Importance of Employee Awareness and Training

• Types of Data Security
• Data Storage Security and Compliance
• Policies for Data and Asset Handling
• Overview of DLP and CASB
• Data Maintenance and Asset Lifecycle

• Principles and Tools of Information Security
• Common Threats to InfoSec and Their Mitigation
• Benefits of InfoSec

• Understanding SLAs and OLAs
• Components, Types, and Benefits
• Best Practices for Writing SLAs and OLAs

• IT Asset Management Fundamentals
• Help Desk and Ticketing Systems
• Change, Patch, and Configuration Management

• Stages of SDLC and the Waterfall Model
• Introduction to Software Testing
• Dynamic Application Security Testing (DAST)

• Malvertising and Prevention
• Supply Chain Risk Management (SCRM)
• Physical Access Control and Metrics
• Key Performance Indicators (KPIs) and S.M.A.R.T Goals

• Incident Management and Problem Management Basics
• Security Operations Center (SOC)
• SIEM, FIM, EDR, NDR, XDR, and SOAR
• Vulnerability Scanners and Threat Intelligence

• Understanding Disasters and Recovery Plans
• Business Continuity Plans (BCP) and RTO vs. RPO
• Disaster Recovery Sites and Their Types