CISM Domain: 1-Information Security Governance

Ensure that the information security manager has the knowledge to establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives, information risk is managed appropriately and program resources are managed responsibly.

• 1.1 CISM: Information Security Governance Overview
  • 1.1.1 CISM: Importance of Information Security Governance
  • 1.1.2 CISM: Outcomes of Information Security Governance
• 1.2 CISM: Effective Information Security Governance
  • 1.2.1 CISM: Business Goals and Objectives
  • 1.2.2 Determining Risk Capacity and Acceptable Risk (Risk Appetite)
  • 1.2.3 CISM: Scope and Charter of Information Security Governance
  • 1.2.4 CISM: Governance, Risk Management and Compliance
  • 1.2.5 CISM: Business Model for Information Security
    • Dynamic Interconnections
  • 1.2.6 CISM: Assurance Process Integration—Convergence Convergence
• 1.3 CISM: Roles and Responsibilities
  • Skills
  • Culture
  • 1.3.1 CISM: Board of Directors
  • 1.3.2 CISM: Senior Management
  • 1.3.3 CISM: Business Process Owners
  • 1.3.4 CISM: Steering Committee
  • 1.3.5 CISM: Chief Information Security Officer
• 1.4 CISM: Risk Management Roles and Responsibilities
  • 1.4.1 Key Roles
  • 1.4.2 CISM: Information Security Roles and Responsibilities
    • Obtaining Senior Management Commitment
    • Developing and Presenting the Business Case
    • Establishing Reporting and Communication Channels
• 1.5 CISM: Governance of Third-party Relationships
• 1.6 CISM: Information Security Governance Metrics
  • 1.6.1 CISM: Effective Security Metrics
  • 1.6.2 CISM: Governance Implementation Metrics
  • 1.6.3 CISM: Strategic Alignment Metrics
  • 1.6.4 CISM: Risk Management Metrics
  • 1.6.5 CISM: Value Delivery Metrics
  • 1.6.6 CISM: Resource Management Metrics
  • 1.6.7 CISM: Performance Measurement
  • 1.6.8 CISM: Assurance Process Integration (Convergence)
• 1.7 CISM: Information Security Strategy Overview
  • 1.7.1 CISM: Developing an Information Security Strategy
  • 1.7.2 CISM: Common Pitfalls
• 1.8 CISM: Information Security Strategy Objectives
  • 1.8.1 The Goal
  • 1.8.2 Defining Objectives
    • Business Linkages
  • 1.8.3 CISM: The Desired State
    • CISM: COBIT
    • CISM: COBIT 5 Process Assessment Model
    • CISM: Capability Maturity Model Integration
    • CISM: Balanced Scorecard
    • CISM: Architectural Approaches
    • CISM: ISO/IEC 27000 Series
    • Other Approaches
  • 1.8.4 CISM: Risk Objectives
• 1.9 Determining the Current State of Security
  • 1.9.1 Current Risk
    • CISM: Business Impact Analysis
  • 1.10 Information Security Strategy Development
  • 1.10.1 CISM: Elements of a Strategy
    • CISM: Road Map
  • 1.10.2 CISM: Strategy Resources and Constraints—Overview
    • Resources
    • Constraints
• 1.11 CISM: Strategy Resources
  • 1.11.1 CISM: Policies and Standards
    • Policies
    • Standards
    • Procedures
    • Guidelines
  • 1.11.2 CISM: Enterprise Information Security Architecture(s)
    • Alternative Enterprise Architecture Frameworks
  • 1.11.3 CISM: Controls
    • CISM: IT Controls
    • CISM: Non-IT Controls
    • CISM: Countermeasures
    • CISM: Layered Defenses
  • 1.11.4 CISM: Technologies
  • 1.11.5 CISM: Personnel
  • 1.11.6 CISM: Organizational Structure
    • Centralized and Decentralized Approaches to Coordinating Information Security
  • 1.11.7 CISM: Employee Roles and Responsibilities
  • 1.11.8 Skills
  • 1.11.9 Awareness and Education
  • 1.11.10 CISM: Audits
  • 1.11.11 CISM: Compliance Enforcement
  • 1.11.12 CISM: Threat Assessment
  • 1.11.13 CISM: Vulnerability Assessment
  • 1.11.14 CISM: Risk Assessment and Management
  • 1.11.15 CISM: Insurance
  • 1.11.16 CISM: Business Impact Analysis
  • 1.11.17 CISM: Resource Dependency Analysis
  • 1.11.18 CISM: Outsourced Services
  • 1.11.19 CISM: Other Organizational Support and Assurance Providers
• 1.12 CISM: Strategy Constraints
  • 1.12.1 CISM: Legal and Regulatory Requirements
    • Requirements for Content and Retention of Business Records
    • E-discovery
  • 1.12.2 CISM: Physical
  • 1.12.3 CISM: Ethics
  • 1.12.4 CISM: Culture
  • 1.12.5 CISM: Organizational Structure
  • 1.12.6 CISM: Costs
  • 1.12.7 CISM: Personnel
  • 1.12.8 CISM: Resources
  • 1.12.9 CISM: Capabilities
  • 1.12.10 CISM: Time
  • 1.12.11 CISM: Risk Acceptance and Tolerance
• 1.13 Action Plan to Implement Strategy
  • 1.13.1 Gap Analysis—Basis for an Action Plan
  • 1.13.2 CISM: Policy Development
  • 1.13.3 CISM: Standards Development
  • 1.13.4 CISM: Training and Awareness
  • 1.13.5 CISM: Action Plan Metrics
    • CISM: Key Goal Indicators
    • CISM: Critical Success Factors
    • CISM: Key Performance Indicators
    • CISM: General Metrics Considerations
  • 1.13.6 Action Plan Intermediate Goals
• 1.14 CISM: Information Security Program Objectives

Workbook

Increasingly, the below workbook is not very effective.

• 

  CISM Domain1