Overview
-
Prepare to pass the Certified Information Security Manager (CISM) exam. Explore the detailed information you need to prepare for the Information Risk Management exam domain.
Syllabus
-
Introduction
- Information security risk management
- What you need to know
- Study resources
- Risk assessment
- Quantitative risk assessment
- Information classification
- Risk treatment options
- Security control selection and implementation
- Ongoing risk management
- Risk management frameworks
- Risk visibility and reporting
- Comparing viruses, worms, and Trojans
- Malware payloads
- Understanding backdoors and logic bombs
- Botnets
- Advanced persistent threats
- Cybersecurity adversaries
- Preventing insider threats
- Threat intelligence
- Denial of service attacks
- Eavesdropping attacks
- DNS attacks
- Layer 2 attacks
- Network address spoofing
- Password attacks
- Password spraying and credential stuffing
- Watering hole attacks
- Social engineering
- Impersonation attacks
- Physical social engineering
- What is vulnerability management?
- Identify scan targets
- Scan configuration
- Scan perspective
- Security Content Automation Protocol (SCAP)
- Common Vulnerability Scoring System (CVSS)
- Analyzing scan reports
- Correlating scan results
- Security awareness training
- Compliance training
- User habits
- Measuring compliance and security posture
- Awareness program reviews
- Business continuity planning
- Business continuity controls
- High availability and fault tolerance
- Disaster recovery planning
- Backups
- Restoring backups
- Disaster recovery sites
- Testing BC/DR plans
- Managing vendor relationships
- Vendor agreements
- Vendor information management
- Audits and assessments
- Cloud audits
- Legal and compliance risks
- Privacy compliance
- Data breaches
- Intellectual property
- Continuing your studies
