CISM Domain: 3-Information Security Program Development and Management
Jump to navigation
Jump to search
Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives. Focused on Compliance.
- 3.1 CISM: Information Security Program Management Overview
- Information Security Management Trends
- Essential Elements of an Information Security Program
- 3.1.1 CISM: Importance of the Information Security Program
- 3.1.2 CISM: Outcomes of Information Security Program Management
- Strategic Alignment
- Risk Management
- Value Delivery
- Resource Management
- Performance Measurement
- Assurance Process Integration
- 3.2 CISM: Information Security Program Objectives
- 3.2.1 Defining Objectives
- 3.3 CISM: Information Security Program Concepts
- 3.3.1 CISM: Concepts
- 3.3.2 CISM: Technology Resources
- 3.4 CISM: Scope and Charter of an Information Security Program
- 3.5 CISM: The Information Security Management Framework
- 3.5.1 CISM: COBIT 5
- 3.5.2 CISM: ISO/IEC 27001:2013
- 3.6 CISM: Information Security Framework Components
- 3.6.1 Technical Components
- 3.6.2 Operational Components
- 3.6.3 Management Components
- 3.6.4 Administrative Components
- 3.6.5 Educational and Informational Components
- 3.7 CISM: Defining an Information Security Program Road Map
- 3.8 Information Security Infrastructure and Architecture
- 3.8.1 CISM: Enterprise Information Security Architecture
- Enterprise Architecture Domains
- 3.8.2 CISM: Objectives of Information Security Architectures
- Providing a Framework and Road Map
- Simplicity and Clarity Through Layering and Modularization
- Business Focus Beyond the Technical Domain
- Architecture and Control Objectives
- 3.8.1 CISM: Enterprise Information Security Architecture
- 3.9 CISM: Architecture Implementation
- 3.10 CISM: Security Program Management and Administrative Activities
- Program Administration
- 3.10.1 CISM: Personnel, Roles, Skills and Culture
- Roles
- Skills
- Culture
- 3.10.2 CISM: Security Awareness Training and Education
- 3.10.3 CISM: General Rules of Use/Acceptable Use Policy
- 3.10.4 CISM: Ethics
- 3.10.5 CISM: Documentation
- Document Maintenance
- 3.10.6 CISM: Program Development and Project Management
- 3.10.7 CISM: Risk Management
- Risk Management Responsibilities
- 3.10.8 CISM: Business Case Development
- 3.10.9 CISM: Program Budgeting
- Elements of an Information Security Program Budget
- 3.10.10 CISM: Information Security Problem Management Practices
- 3.10.11 CISM: Vendor Management
- 3.10.12 CISM: Program Management Evaluation
- Program Objectives
- Compliance Requirements
- Program Management
- Security Operations Management
- Technical Security Management
- Resource Levels
- 3.10.13 CISM: Plan-Do-Check-Act
- 3.10.14 CISM: Legal and Regulatory Requirements
- 3.10.15 CISM: Physical and Environmental Factors
- 3.10.16 CISM: Culture and Regional Variances
- 3.10.17 CISM: Logistics
- 3.11 CISM: Security Program Services and Operational Activities
- 3.11.1 CISM: Information Security Liaison Responsibilities
- Physical/Corporate Security
- IT Audit
- Information Technology
- Business Unit Managers
- Human Resources
- Legal Department
- Employees
- Procurement
- Compliance
- Privacy
- Training
- Quality Assurance
- Insurance
- Third-party Management
- Project Management Office
- 3.11.2 CISM: Cross-organizational Responsibilities
- 3.11.3 CISM: Incident Response
- 3.11.4 CISM: Security Reviews and Audits
- Audits
- Auditors
- 3.11.5 CISM: Management of Security Technology Technology Competencies
- 3.11.6 CISM: Due Diligence
- Managing and Controlling Access to Information Resources
- Vulnerability Reporting Sources
- 3.11.7 CISM: Compliance Monitoring and Enforcement
- Policy Compliance
- Standards Compliance
- Resolution of Noncompliance Issues
- Compliance Enforcement
- 3.11.8 CISM: Assessment of Risk and Impact
- Vulnerability Assessment
- Threat Assessment
- Risk Assessment and Business Impact Analysis
- Resource Dependency Assessment
- 3.11.9 CISM: Outsourcing and Service Providers
- Outsourcing Contracts
- Third-party Access
- 3.11.10 CISM: Cloud Computing Advantages
- Security Considerations
- Evaluation of Cloud Service Providers
- 3.11.11 CISM: Integration With IT Processes
- 3.12 CISM: Controls and Countermeasures
- 3.12.1 CISM: Control Categories
- 3.12.2 CISM: Control Design Considerations
- Controls as Strategy Implementation Resources
- 3.12.3 CISM: Control Strength
- 3.12.4 CISM: Control Methods
- 3.12.5 CISM: Control Recommendations
- 3.12.6 CISM: Countermeasures
- 3.12.7 CISM: Physical and Environmental Controls
- 3.12.8 CISM: Control Technology Categories
- Native Control Technologies
- Supplemental Control Technologies
- Management Support Technologies
- 3.12.9 Technical Control Components and Architecture
- Analysis of Controls
- 3.12.10 CISM: Control Testing and Modification
- 3.12.11 CISM: Baseline Controls
- 3.13 CISM: Security Program Metrics and Monitoring
- 3.13.1 CISM: Metrics Development
- Strategic Management
- Operational
- 3.13.2 CISM: Monitoring Approaches
- Monitoring Security Activities In Infrastructure and Business Applications
- Determining Success of Information Security Investments
- 3.13.3 CISM: Measuring Information Security Management Performance
- 3.13.4 CISM: Measuring Information Security Risk and Loss
- 3.13.5 CISM: Measuring Support of Organizational Objectives
- 3.13.6 CISM: Measuring Compliance
- 3.13.7 CISM: Measuring Operational Productivity
- 3.13.8 CISM: Measuring Security Cost-effectiveness
- 3.13.9 CISM: Measuring Organizational Awareness
- 3.13.10 CISM: Measuring Effectiveness of Technical Security Architecture
- 3.13.11 CISM: Measuring Effectiveness of Management Framework and Resources
- 3.13.12 CISM: Measuring Operational Performance
- 3.13.13 CISM: Monitoring and Communication
- 3.14 CISM: Common Information Security Program Challenges
- Management Support
- Funding
- Staffing
Workbook
CISM Workbook
