Learn your way! Get started

Certified Information Security Manager CISM, Part 3: Security Program Development

with expert Kenneth Mayer


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/12/2018
Level Intermediate
Runtime 4h 5m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

This course covers how to plan, design, and implement an Information Security policy and to coordinate a set of activities, project and initiatives to implement the Information Security strategy. This course is part of a series covering the ISACA Certified Information Security Manager (CISM).

Prerequisites

This is part 3 of the series

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Information Security Manager

Meet the expert

Kenneth Mayer As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.


Course outline



Info Sec Development and Management

Develop Information Security Program (17:25)
  • Introduction (00:31)
  • The Importance of Security Programs (00:52)
  • Security Program Development Outcomes (01:48)
  • Effective Security Program Development (04:59)
  • Cross-Organizational Responsibilities (01:55)
  • Information Security Program Objectives (00:11)
  • Program Objectives (02:22)
  • Program Objectives Continued (01:18)
  • Defining Objectives (02:10)
  • Defining Objectives Continued (01:07)
  • Summary (00:08)
Technology Resources (11:23)
  • Introduction (01:27)
  • Technology Resources (05:39)
  • Techology Resources Continued (02:44)
  • Information Security Manager (01:24)
  • Summary (00:08)
Info Sec Management Scope and Charter (22:33)
  • Introduction (00:31)
  • Assurance Function Integration (01:36)
  • Program Development Challenges (01:54)
  • Other Pitfalls (02:48)
  • Implementation of Strategy (02:07)
  • Program Goals (02:52)
  • The Steps of the Security Program (01:46)
  • Defining the Roadmap (01:38)
  • Defining the Roadman Continued (00:58)
  • Elements of the Roadmap (01:53)
  • Elements of the Roadmap Continued (01:57)
  • General Controls (01:36)
  • Gap Analysis (00:44)
  • Summary (00:08)
Info Sec Management Framework (16:19)
  • Introduction (00:31)
  • Info Sec Management Framework (00:15)
  • Security Management Framework (04:55)
  • COBIT 5 (05:59)
  • ISO/IEC 27001 (04:29)
  • Summary (00:08)
Framework Concepts (12:27)
  • Introduction (00:31)
  • Info Sec Framework Components (00:13)
  • Operational Components (01:56)
  • Operational Components Continued (03:11)
  • Management Components (01:30)
  • Administrative Components (03:29)
  • Educational and Informational Components (01:25)
  • Summary (00:08)

Program Resources

Program Resources Part 1 (33:41)
  • Introduction (01:34)
  • Resource Examples (03:27)
  • Documentation (00:55)
  • Enterprise Architecture (04:29)
  • Enterprise Architecture Continued (03:05)
  • Controls (06:02)
  • Common Control Practices (06:55)
  • Common Control Practices Continued (01:41)
  • Countermeasures (00:37)
  • Technology Constraints (03:06)
  • Technologies Continued (01:38)
  • Summary (00:08)
Program Resources Part 2 (32:13)
  • Introduction (01:32)
  • Content Filtering (05:38)
  • Personnel Roles and Responsibilities (02:00)
  • Personnel Skills (02:56)
  • Security Awareness (01:28)
  • Awareness Training (05:17)
  • Formal Audits (01:17)
  • Compliance Enforcement (01:02)
  • Project Risk Analysis (03:09)
  • Verifying Compliance (02:58)
  • Other Sources of Information (01:22)
  • Program Budgeting (01:03)
  • Program Budgeting Continued (02:17)
  • Summary (00:08)

Info Sec Architecture, Metrics, and Activities

Implementing an Info Sec Program (27:06)
  • Introduction (00:14)
  • Policy Compliance (02:38)
  • Standards (02:45)
  • Training and Education (01:42)
  • ISACA Control Objectives (03:51)
  • Third-Party Service Providers (01:10)
  • Third-Party Security (04:22)
  • Integrating Security into the Lifecyle Process (02:14)
  • Monitoring and Communication (03:33)
  • Documentation (01:32)
  • The Plan of Action (02:52)
  • Summary (00:08)
Info Sec Architecture (13:48)
  • Introduction (00:54)
  • Managing Complexity (04:42)
  • Managing Complexity Continued (01:45)
  • Objectives of Information Security Architecture (02:45)
  • Physical Security (03:32)
  • Summary (00:08)
Info Sec Program Metrics (11:51)
  • Introduction (00:54)
  • Info Sec Program Deployment Metrics (02:27)
  • Metrics Considerations (02:03)
  • Strategic Alignment (02:34)
  • Value Delivery (00:35)
  • Resource Management (01:22)
  • Assurance Process Integration (00:26)
  • Performance Measurement (00:41)
  • Security Baseline (00:37)
  • Summary (00:08)
Info Sec Activities (46:29)
  • Introduction (02:10)
  • Security Activities Overview (00:48)
  • IS Liason Responsibilities (10:16)
  • IS Liason Responsibilities Continued (02:28)
  • Cross-Organizational Responsibilities (01:33)
  • Security Reviews and Audits (05:06)
  • Management of Security Technology (01:25)
  • Due Diligence (05:47)
  • Compliance Monitoring and Enforcement (03:48)
  • Assessment of Risk and Impact (03:44)
  • Outsourcing and Service Providers (02:33)
  • Cloud Computing (01:36)
  • Cloud Computing Continued (04:18)
  • Integration with IT Processes (00:41)
  • Summary (00:08)