Overview
-
Prepare to pass the Certified Information Security Manager (CISM) exam. Explore the detailed information you need to prepare for the Information Risk Management exam domain.
Syllabus
-
Introduction
- Information risk management
- What you need to know
- Study resources
- Risk assessment
- Quantitative risk assessment
- Information classification
- Risk treatment options
- Security control selection and implementation
- Ongoing risk management
- Risk management frameworks
- Risk visibility and reporting
- Comparing viruses, worms, and trojans
- Comparing adware, spyware, and ransomware
- Understanding backdoors and logic bombs
- Botnets
- Advanced persistent threats
- Cybersecurity adversaries
- Preventing insider threats
- Threat intelligence
- Denial of service attacks
- Eavesdropping attacks
- Network attacks
- Network address spoofing
- Password attacks
- Watering hole attacks
- Social engineering
- Impersonation attacks
- Physical social engineering
- Security assessment tools
- Scanning for vulnerabilities
- Assessing threats
- Threat assessment techniques
- Penetration testing
- Advanced vulnerability scanning
- Security policy training and procedures
- Compliance training
- User habits
- User-based threats
- Measuring compliance and security posture
- Awareness program reviews
- Business continuity planning
- Business continuity controls
- High availability and fault tolerance
- Disaster recovery planning
- Backups
- Validating backups
- Disaster recovery sites
- Testing BC/DR plans
- Managing vendor relationships
- Vendor agreements
- Vendor information management
- Legal and regulatory compliance
- Privacy compliance
- Intellectual property
- Data breaches
- What's next?
