Certified Information Security Manager CISM, Part 3 of 4: Security Program Development
with expert Kenneth Mayer
Watch trailer
Course at a glance
Included in these subscriptions:
- Dev & IT Pro Video
- Dev & IT Pro Power Pack
| Release date | 3/12/2018 | |
| Level | Intermediate | |
| Runtime | 4h 5m | |
| Closed captioning | N/A | |
| Transcript | N/A | |
| eBooks / courseware | N/A | |
| Hands-on labs | N/A | |
| Sample code | N/A | |
| Exams | Included |
Course description
This course covers how to plan, design, and implement an Information Security policy and to coordinate a set of activities, project and initiatives to implement the Information Security strategy. This course is part of a series covering the ISACA Certified Information Security Manager (CISM).
Prerequisites
This is part 3 of the series
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Security Manager
Meet the expert
As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.
Course outline
Info Sec Development and Management
Develop Information Security Program (17:25)
- Introduction (00:31)
- The Importance of Security Programs (00:52)
- Security Program Development Outcomes (01:48)
- Effective Security Program Development (04:59)
- Cross-Organizational Responsibilities (01:55)
- Information Security Program Objectives (00:11)
- Program Objectives (02:22)
- Program Objectives Continued (01:18)
- Defining Objectives (02:10)
- Defining Objectives Continued (01:07)
- Summary (00:08)
Technology Resources (11:23)
- Introduction (01:27)
- Technology Resources (05:39)
- Techology Resources Continued (02:44)
- Information Security Manager (01:24)
- Summary (00:08)
Info Sec Management Scope and Charter (22:33)
- Introduction (00:31)
- Assurance Function Integration (01:36)
- Program Development Challenges (01:54)
- Other Pitfalls (02:48)
- Implementation of Strategy (02:07)
- Program Goals (02:52)
- The Steps of the Security Program (01:46)
- Defining the Roadmap (01:38)
- Defining the Roadman Continued (00:58)
- Elements of the Roadmap (01:53)
- Elements of the Roadmap Continued (01:57)
- General Controls (01:36)
- Gap Analysis (00:44)
- Summary (00:08)
Info Sec Management Framework (16:19)
- Introduction (00:31)
- Info Sec Management Framework (00:15)
- Security Management Framework (04:55)
- COBIT 5 (05:59)
- ISO/IEC 27001 (04:29)
- Summary (00:08)
Framework Concepts (12:27)
- Introduction (00:31)
- Info Sec Framework Components (00:13)
- Operational Components (01:56)
- Operational Components Continued (03:11)
- Management Components (01:30)
- Administrative Components (03:29)
- Educational and Informational Components (01:25)
- Summary (00:08)
Program Resources
Program Resources Part 1 (33:41)
- Introduction (01:34)
- Resource Examples (03:27)
- Documentation (00:55)
- Enterprise Architecture (04:29)
- Enterprise Architecture Continued (03:05)
- Controls (06:02)
- Common Control Practices (06:55)
- Common Control Practices Continued (01:41)
- Countermeasures (00:37)
- Technology Constraints (03:06)
- Technologies Continued (01:38)
- Summary (00:08)
Program Resources Part 2 (32:13)
- Introduction (01:32)
- Content Filtering (05:38)
- Personnel Roles and Responsibilities (02:00)
- Personnel Skills (02:56)
- Security Awareness (01:28)
- Awareness Training (05:17)
- Formal Audits (01:17)
- Compliance Enforcement (01:02)
- Project Risk Analysis (03:09)
- Verifying Compliance (02:58)
- Other Sources of Information (01:22)
- Program Budgeting (01:03)
- Program Budgeting Continued (02:17)
- Summary (00:08)
Info Sec Architecture, Metrics, and Activities
Implementing an Info Sec Program (27:06)
- Introduction (00:14)
- Policy Compliance (02:38)
- Standards (02:45)
- Training and Education (01:42)
- ISACA Control Objectives (03:51)
- Third-Party Service Providers (01:10)
- Third-Party Security (04:22)
- Integrating Security into the Lifecyle Process (02:14)
- Monitoring and Communication (03:33)
- Documentation (01:32)
- The Plan of Action (02:52)
- Summary (00:08)
Info Sec Architecture (13:48)
- Introduction (00:54)
- Managing Complexity (04:42)
- Managing Complexity Continued (01:45)
- Objectives of Information Security Architecture (02:45)
- Physical Security (03:32)
- Summary (00:08)
Info Sec Program Metrics (11:51)
- Introduction (00:54)
- Info Sec Program Deployment Metrics (02:27)
- Metrics Considerations (02:03)
- Strategic Alignment (02:34)
- Value Delivery (00:35)
- Resource Management (01:22)
- Assurance Process Integration (00:26)
- Performance Measurement (00:41)
- Security Baseline (00:37)
- Summary (00:08)
Info Sec Activities (46:29)
- Introduction (02:10)
- Security Activities Overview (00:48)
- IS Liason Responsibilities (10:16)
- IS Liason Responsibilities Continued (02:28)
- Cross-Organizational Responsibilities (01:33)
- Security Reviews and Audits (05:06)
- Management of Security Technology (01:25)
- Due Diligence (05:47)
- Compliance Monitoring and Enforcement (03:48)
- Assessment of Risk and Impact (03:44)
- Outsourcing and Service Providers (02:33)
- Cloud Computing (01:36)
- Cloud Computing Continued (04:18)
- Integration with IT Processes (00:41)
- Summary (00:08)