CISM Features

From Glitchdata
Jump to navigation Jump to search


CISM Domain 1—Information Security Governance

  • Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives
  • Establish an information security governance framework
  • Governance roles and responsibilities
  • Security strategy development
  • Information security balanced scorecard
  • Align security strategy with organisational goals
  • Information security governance metrics

CISM Domain 2—Information Risk Management

  • Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives.
  • Information security risk management and compliance
  • Managing information security risk to an acceptable level
  • Determine organisational risk appetite
  • Risk management frameworks and strategies
  • Performing a gap analysis
  • The risk management lifecycle

CISM Domain 3—Information Security Program Development and Management

  • Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives.
  • Information security program development and management
  • Define a comprehensive and beneficial security program
  • Identify and protect organisational assets
  • Third party risk management
  • Security program components

CISM Domain 4—Information Security Incident Management

  • Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact.
  • Information security incident management
  • Establish an incident response plan and recovery process
  • Recover from security incidents in a consistent and timely manner
  • Post incident reviews
  • Business continuity and disaster recovery planning